/srv/irclogs.ubuntu.com/2009/01/07/#ubuntu-server.txt

Xperiment62can someone please find me a guide on how to set up automount to a specified directory00:00
Xperiment62i only need read only ability00:00
Kamping_Kaiserno. you find a guide00:01
Xperiment62oh well, i tried00:01
Xperiment62time to load up google00:01
techsupport how can i prevent ubuntu server 8.10 to turn  of monitor after inactivity ?00:01
Xperiment62press a key every few minutes00:02
techsupportis that the only way ?00:03
geniitechsupport: Comment out DPMS line in xorg.conf00:03
Xperiment62techsupport: of course it wasnt the only way... i just felt like being an idiot00:03
techsupportXperiment62, how often do you feel that way ?00:04
Kamping_Kaisergenii, that'll require xorg installed no?00:05
Xperiment62techsupport: quite often... its a bad habbit that ive picked up from linux support channels00:05
geniiKamping_Kaiser: Heh, yes. Sorry, forgot was in -server for a minute :)00:05
techsupportgenii, so should i comment it out or no ?00:06
Kamping_Kaisergenii, :)00:07
geniitechsupport: Do you have some gui installed? (Gnome/KDE/XFCE   etc)   ?00:07
techsupportgenii, nope00:07
geniitechsupport: Then no00:07
techsupportso i cant turn that off ?00:08
geniitechsupport: There's probably still some way00:08
Kamping_KaiserI'd look whereever the ttys are configured.00:10
Kamping_Kaiserit used to be inittab, but 8.10 doesnt have that. perhaps some upstart file?00:11
geniitechsupport: Perhaps -x /etc/acpi/screenblank.sh00:11
genii(chmod)00:11
Kamping_Kaiserthat file looks like it relates to xorg, but give it a go00:12
techsupporti dont get it , what do i do ?00:13
techsupport-x ?00:13
Xperiment62non executable00:14
geniitechsupport: No. Try this:   sudo chmod -x /etc/acpi/screenblank.sh00:14
techsupportgenii, i dont have /etc/acpi/...00:15
geniitechsupport: Hm, OK. No other immediate ideas come to mind then00:15
Kamping_Kaisertechsupport, tried running `apropos blank screen` ? i have a result called "setvesablank (8)     - Turn VESA screen blanking on or off" that may or may not be useful to you00:15
geniiKamping_Kaiser: Nice find00:16
cxowhy does it say "The following packages have been left out" and lists linux-server/image?00:16
Kamping_Kaisergenii, makes sense to see whats already available :)00:17
techsupporthmmm00:17
Xperiment62yays, it installed properly00:18
geniiXperiment62: :)00:20
kirklandnijaba: okay, i've merged screen-profiles00:22
kirklandnijaba: i made a few adjustments00:22
kirklandnijaba: i commented out the welcome screen from the default windows file, for the moment00:23
kirklandnijaba: i hit a few problems with it that i'd like to get resolved first00:23
kirklandnijaba: mainly, it doesn't look/work right on some window geometries00:23
kirklandnijaba: also, i want to work on the keybindings a bit more00:23
kirklandnijaba: i confirmed some of jdstrand's concerns00:24
kirklandnijaba: i think we need to have a policy that a given keybinding must work in both a) gnome-terminal, and b) the console before we put it in keybindings/common00:24
Deepscxo: because those packages require additional new packages to be installed to perform the upgrade. after you've upgraded the rest of your packages, do a dist-upgrade and it'll show you what new packages it's installing to perform the upgrade00:24
kirklandnijaba: i think we can add others to something like keybindings/xterm, keybindings/gnome-terminal, keybindings/konsole, keybindings/console and so forth00:25
kirklandnijaba: if they only work in one place or another00:25
kirklandnijaba: but i think if something lands in keybindings/common, it should be pretty portable00:25
Xperiment62how do i set up automounting easily?00:54
ScottKvorian: I'm sort of here now.  Should be around in an hour or two.00:55
vorianScottK: no problem, i pm'd you a link to look over00:56
jmedinaXperiment62: fstab/autofs/pam_mount00:59
cxohow do you remove old kernels that are still on the system?01:27
jmedinadpkg -r01:27
hadsaptitude remove01:28
lukehasno1apt-get remove01:28
cxohow do i list the pkg names of all the kernels installed?01:31
jtajicxo: dpkg -l | grep linux-image01:34
cxothanks a lot guys01:34
cxoi'm new to this apt/deb business01:35
heath|workI have just installed a sata card in our server and need to hotswap drives with it... I found and installed the package scsiadd, but all of the scsi ID's say 0.01:44
heath|workIs there a way to generate scsi ID01:44
cxoi get a message at boot from the 8139cp module saying that the hardware needs the 8139too driver instead, which after login is already loaded and ready to go, can i just blacklist 8139cp? why does it keep trying to load01:59
hadsJust blacklist it02:00
cxoi put it in /etc/modprobe.d/blacklist but it still loads it at bootup02:02
ballThanks mathiaz02:03
kirklandjdstrand: nijaba: okay, updated screen-profiles uploaded to my ppa, and back onto the queue for universe02:05
kirklandnijaba: we need to talk about the keybindings a bit more tomorrow02:06
cxohow do you get it to save the iptable rules?02:15
techsupportmaybe can anyone recommend me a VPS service provider in U.S. East ?02:23
hadslinode02:24
ballhads: do they offer Ubuntu Server?02:24
hadsYeah02:24
jtajilinode rocks02:25
ballhads: thanks02:27
techsupportdoes anyone know of VPS provider around virginia or in virginia ?03:02
lukehasno1Can I add disks to a RAID5 array?03:52
lukehasno1As in, go from a 4disk raid5 to a 5 disk?03:52
hadsYeah should be able to03:57
hadshttp://linux-raid.osdl.org/index.php/Growing04:00
lukehasno1wow04:07
lukehasno1ZFS can't do that04:07
techsupportok i'm logged in into my new linode ubuntu 8.10 32 bit server, but nothing seems to work i guess all the packages are not installed? is it possible for me to update it with one command for it to be equivalent to an installation i would get from a regular ISO install ?04:09
compengiwhat's the way to restrict user UIDs being exposed to others? 'top' and 'ps' can be restricted on BSD systems by passing '0' to 'security.bsd.see_other_uids' in src/etc/sysctl.conf. what can be done for linux?04:43
ballcompengi: "exposed" ?04:47
ballOh, you don't want user to be able to see another user's uid?04:47
ballWhy's that?04:47
ballto prevent harvesting?04:47
compengito prevent them picking on each other :D04:48
compengieach user likes his privacy04:48
compengii like root's too ;)04:49
ballGive them each a virtual machine ;-)04:49
compenginah..04:49
compengiif this can be done simple as on bsd04:49
ballcompengi: Linux != BSD04:57
techsupportreading forums about changing computer name, they say its in /etc/hostname but i dont have this file04:57
persiatechsupport, Then create it: it ought to exist.04:58
balltechsupport: what happens if you type "hostname pancake" ?04:58
compengiball, i know that for sure, that's why i'm asking around if there is a similar way on linux04:59
ballcompengi: fair enough. It's an unusual requirement though afaik.04:59
blahnanatechsupport, using ubuntu?05:00
blahnanawhat is your hostname currently?05:00
techsupporttechsupport, yes ubuntu05:02
techsupportblahnana, ubuntu05:02
blahnanaand what do you get if you type "hostname"05:02
blahnanaby itself05:02
blahnanait should output the current hostname05:02
blahnanaunless you typed 'hostname pancake' already05:03
ballI like pancakes :-905:04
ball...even American ones05:04
sommermmmmm pancakes05:08
ballsee?!05:08
sommer;)05:10
techsupportwhen i type screen i get error Cannot open your terminal '/dev/pts/0' - please check.05:10
balltechsupport: then don't type "screen"05:10
techsupportwhy not? i need it05:11
ballOh.05:11
blahnanasounds like you might be using su05:15
blahnanaor at least, that's one common cause05:15
techsupportblahnana, thanx, let me try to logout05:16
blahnanaif you use su, make sure you use something like su -05:16
techsupportperfect05:17
techsupportworked05:17
hadsor sudo05:17
persiaOr launch screen, and use su inside the screen session.  Running screen as root can be dangerous.05:17
techsupportanother thing05:19
techsupportpaul@linode:/$ sudo chown orudie /home/orudie05:19
techsupportsudo: unable to resolve host linode05:19
techsupporti recently changed hostname by 'sudo hostname linode'05:20
blahnanathat just changes an environment variable I think05:20
blahnanayou haven't changed your hostname05:20
blahnananot sure if hostname actually does anything else05:20
blahnanalooks like it does, but clearly the change hasn't stuck05:21
techsupportblahnana, but how can i change the hostname?05:21
blahnanayou need to put your hostname in /etc/hostname05:21
blahnanaecho 'linode' > /etc/hostname05:21
blahnanareboot and check it comes up with the correct hostname05:21
blahnanapersia, I'm not sure if either is better than the other actually05:21
techsupport/etc/hostname does not exist05:21
persiatechsupport, The command above will replace it.05:22
ball(or create it if it doesn't exist)05:22
blahnanaif screen is vulnerable, you could get control of root's screen05:22
blahnanaand have a root login05:22
blahnanabut if screen is vulnerable, you could get control of a user's screen, and still have a root login05:23
techsupportjust did echo 'linode' > /etc/hostname , and /etc/hostname still doesnt exist should i create it ?05:23
blahnanaI think the issues with screen tie back to old issues with it05:23
persiablahnana, At a deep level, it matters, because one might not be using "files" to determine the hostname, and there are various ways to tweak things.  /etc/hostname is used at boot to run hostname.  After running hostname, one often needs to reinitialise sessions and services to use the new hostname, as they may only run gethostbyname() at startup.05:23
blahnanatechsupport, did you run it as root?05:23
techsupportblahnana, yes05:23
persiatechsupport, echo linode | sudo tee /etc/hostname05:23
balltechsupport: "sudo echo 'linode'>/etc/hostname"05:23
ball?05:23
ballah, what persia said05:24
persiaball, Won't work, because the redirect doesn't inherit sudo.05:24
ballpersia: thanks, good point. I'm not used to sudo05:24
ballif I use it, it tends to be "sudo su"05:24
balloops05:24
persiaball, It's *much* safer: definitely worth playing about with.05:24
ball"sudo /bin/sh"05:24
blahnanapersia, I meant "I'm not sure if one is better than other... running screen as root or running screen and then opening a root shell"05:24
jtajiball: 'sudo -i' is the nicest way to do that05:25
ballpersia: I usually live somewhere sudo doesn't exist05:25
balljtaji: thanks05:25
techsupportstill dont exist05:25
ScottKsudo -i seems better to me than sudo su05:25
ballI meant "sudo sh", "su" was a typo05:26
blahnanabut, that's still handy to know why there are limitation with changing the hostname on the fly05:26
techsupportso if i create it , what do i put in /etc/hostname ?05:26
persiablahnana, running screen and then running programs as root is safer than running screen as root, because there's no possibility to attach directly to the root process from arbitrary input: it is mitigated by screen (which doesn't have a lot of security, but that's a separate thing).05:26
techsupportroot@linode:/# echo linode | sudo tee /etc/hostname05:27
techsupportsudo: unable to resolve host linode05:27
techsupportlinode05:27
techsupportroot@linode:/#05:27
jtajitechsupport: you need to edit /etc/hosts also05:27
jtajior you break sudo05:27
blahnanapersia, not sure what you mean05:27
persiablahnana, Right.  screen can spawn stuff, so if you're running screen, I can attach to your screen (yes, screen allows sharing), and spawn another shell, and do stuff, and detach, without you seeing it.05:28
persiaIf you're not running screen as root, I can't get root by doing this: only access to your user stuff.  I'd have to switch to control of your root shell, which I hope you only have open when you're actively doing stuff.05:29
techsupportjtaji, sorry i never edited /etc/hosts what should i change there ?05:29
persiaAlso, since screen supports multiple sessions, if one doesn't run screen as root, one can run a mix of root and non-root processes from screen.05:29
blahnanawe were weighing up the merits of one vs the other though05:29
ballwhat modes does /etc/hostname need?05:29
ball644?05:29
ballI suppose there's no need to hide it05:30
techsupportjtaji, http://pastebin.com/m67e848de this is my /etc/hosts05:30
blahnanaso you'll know that there's a root shell05:30
jtajitechsupport: second line should be something like 'xxx.xxx.xxx.xxx foo.domain.tld foo'05:30
jtajiwhere xxx.xxx.... is your external IP05:30
blahnanathere's a great chance that you'll have access to my user screen anyway05:30
blahnanait's more likely I might have used the password in an insecure way05:30
blahnanawhereas my root password will be more protected05:30
blahnanamost likely05:31
techsupportso change 127.0.0.1 localhost to 207.192.72.15 linode ?05:31
jtajino leave that line05:32
jtajialone05:32
persiaRight, and if you're careful, you'll run a user shell, spawn root when you need it, and go back to user before you leave the shell unattended and detach.05:32
blahnanahaha05:32
techsupporti'm a noob05:32
blahnanawell, I feel that we weren't talking about that05:32
jtajitechsupport: http://www.linode.com/wiki/index.php/Configure_Static_IP05:33
blahnanaI agree with your point, but I think we're getting into operating procedure, which I perhaps assumed was beyond the scope of the initial comments05:33
blahnanawhereby I assumed that if you a) must have a root shell and b) must run screen you have already considered the things you're pointing out05:34
persiaOK.  Then sticking strictly to screen, aside from operating procedures, there's also that it's easier to run a mix of root and non-root programs from a screen session if screen itself isn't running as root.05:34
blahnanamaybe, maybe not... if I'm running root screens I'd rather keep them together protected05:35
persiaAnd it's easier to establish operating procedures with redundant logs for mandatory unattended long-running root shells.05:35
blahnanaand not have a user having access to them necessarily05:35
persiaPersonal preference, I suppose.  Wouldn't be my recommendation.05:35
blahnanalessens the chance that I do something stupid with my terminal05:35
blahnanaand I'd use my gui to split up the sets of terminals05:36
blahnanayeah, personal preference05:36
techsupportok fixed05:36
blahnanaI think that if you're running root shells, and you've got them in a screen, I see it as better that you're running the screen as root in the first place05:36
techsupportalso, when i do logout it returns05:37
techsupportpaul@linode:/$ logout05:37
techsupportbash: logout: not login shell: use `exit'05:37
blahnanabut in terms of which is more vulnerable... I wondered if there was a code reason for what you suggested, rather than just best practices type thing05:38
jtajitechsupport: that's correct, use exit or ctrl+D05:38
persiablahnana, Not code, just principle of least-privilege.05:39
blahnanarealistically, I'd think that your normal user account is more likely to be broken through running naughty things, or needed things that have bugs05:39
blahnanaI think that principle doesn't hold true when you're protecting a mechanism for full privileges behind a lower-privelege thing05:40
techsupportblahnana, i archived a directory with tar -cvzf , but how can i extract it now ?05:46
blahnanause x instead of c05:47
blahnanause t instead of x or c if you want to see a list of files in the archive05:47
techsupporttar -xvzf q2server.tar.gz05:48
techsupportreturns no such file or derictory error exit delay from previouse errors05:48
techsupportblahnana, ping05:49
blahnanais there a file called that?05:49
blahnanain the current directory?05:49
techsupportorudie@linode:~$ ls05:49
techsupportq2server.tar.gz05:49
techsupportorudie@linode:~$ tar -xvzf q2server.tar.gz05:49
techsupportyes05:50
blahnanatry gzip -d q2server.tar.gz05:50
blahnanadoes that work?05:50
techsupportneeded permissions05:52
techsupport:)05:52
techsupportls05:52
ballhello Techie, owh05:58
Techie sup dude05:58
ballnot much06:00
ballyourself?06:00
owhHiya06:02
Techienot much here... just downing a bunch of tunez06:03
ballI'm just playing a few that I just downloaded06:09
=== erichammond is now known as ehammond1
Techieeverythime i hear a good song i dont have, i grab a whole lot by the artist06:11
ballI might do that if I had more time.06:12
ball...though I did with Airtone06:12
Techiei have 1041 mp3's06:12
ball...because I really liked their work06:12
ballI don't know how many I have06:12
Techiei gotta chuck all mine onto a removable drive to plug into my server for LAN's06:14
Techiedownside is that combined with video and ausio06:15
Techieaudio06:15
Techiei have over 6 gig of media06:15
Techieand my largest thumb drive is 2 gig06:15
ball6 Gbytes isn't bad at all06:15
=== ehammond1 is now known as erichammond
ballI've had 8 Gbyte stripe across two  4Gbyte flash sticks06:16
Techieits slowly getting larger06:16
balljbod ftw06:16
ballbrb06:16
Techiethats not including dvdrips and screeners06:16
Techiethats just general media06:16
* ball nods06:19
Techieif we count all that stuff in06:19
Techietheres easily over 300gigs06:19
* ball shrugs06:22
ballI don't have any of that stuff06:22
Techieanyway, im gonna restart my computer and check this hard drive06:23
Techieif its not dead06:23
Techiei have 320 gig more internal storage06:23
* ball nods06:23
uvirtbot`New bug: #314620 in logwatch (universe) "Please merge logwatch_7.3.6.cvs20080702-2(main) from Debian unstable (main)." [Undecided,Confirmed] https://launchpad.net/bugs/31462006:40
didrockskirkland, nijaba, jdstrand: termcapinfo xterm* ti@:te@ was working for me, but just a bad workaround (when reattaching the screen again, the "backlog" when dicing is the different tab I used :/). So, I this there is a real issue about that07:00
didrocksok, this seems to be the intended behavior (reading the rest of discussion) :)07:02
=== lukehasno1 is now known as lukehasnoname
krautmoin08:06
uvirtbot`New bug: #314657 in samba (main) "smbd segfault in assert_uid " [Undecided,New] https://launchpad.net/bugs/31465709:11
dholbachhiya10:10
dholbachcan somebody please take a look at bug 181948?10:10
uvirtbot`Launchpad bug 181948 in exim4 "exiqgrep: error on messages w/o size" [Medium,Incomplete] https://launchpad.net/bugs/18194810:10
dholbachit's been sitting in the sponsoring queue for a while10:11
kaushalhi10:27
kaushalI am using Ubuntu 8.04 Server10:27
kaushalI have already installed mysql-server-5.010:27
kaushalI am faced with10:27
kaushalhttp://rafb.net/p/M18ESh55.html10:27
sorenapparmour hates you, apparantly.10:31
sorenWell, not "apparantly", but "probably".10:32
kaushalsoren, ok10:33
kaushalalthough i did not understand10:34
sorenWell, it might be something different. I just remember someone having problems with mysql because they wanted their mysql databases outside /var/lib/mysql10:35
sorenCan you pastebin the output of:10:35
sorenls -ld /mnt/data/mysql/ /mnt/data/ /mnt ?10:35
kaushalsure10:36
sorenWithout the question mark at the end.10:36
kaushalsoren, please give me a moment10:36
sorenSure.10:37
_rubenif its apparmor interfering, that should apparent from the (sys)logs10:37
sorenIndeed.10:37
sorenI don't remember when we added apparmor profiles for mysql.10:37
sorenI think it was hardy, but ICBW.10:38
_rubeni really need an update for my acronym engine .. this one took several seconds to figure out :p10:38
sorenIt was hardy.10:38
soren_ruben: :)10:41
kaushalsoren, http://rafb.net/p/iR8kDY93.html10:42
sorenkaushal: Ok, that looks fine. It's probably an apparmour thing, then.10:42
sorenSorry, that's apparmour.10:42
kaushalok10:42
sorenGah. apparmor.10:43
sorenThat 'u' keeps sneaking in there.10:43
kaushalsoren i fixed10:51
kaushalit10:51
kaushalbut when i start/stop mysql10:52
sorenHow did you fix it?10:53
kaushalsoren, when i stop/start mysql11:08
kaushali get11:08
kaushalhttp://rafb.net/p/rymbHy64.html11:08
sorenWell, yes.11:09
sorenYou discarded all the stuff Ubuntu provides.11:09
kaushali provided http://ubuntuforums.org/archive/index.php/t-27156.html11:10
kaushalbut it still does not work11:10
sorenThat's a completely different issue.11:12
kaushalsoren, i added in usr.sbin.mysqld11:14
kaushalunder /etc/apparmor.d11:15
kaushal /mnt/data/ r,11:15
kaushal  /mnt/data/** rwk,11:15
kaushaland then restarted apparmor11:15
kaushalthat issue got resolved11:15
kaushalbut now i am faced with this issue11:15
kaushalsoren, hurray it worked11:21
kaushali did it on my own11:21
* kaushal patting my back :-)11:21
selinuxiumhi all, I am looking to install a DLT drive on LTS. Guide i am looking at show to use mt-st... is this correct?11:49
=== Shoopuf1 is now known as Shoopuf
=== Brimstar1 is now known as Brimstar
heath|workI installed a HighPoint 4 port sata card in our server last night, is there a way to make the drives hot swappable?12:55
ivoksi doubt hpt is capable of hot swap12:57
ivoksthat's a 10$ raid controller, right?12:57
heath|workIt was like $20012:59
heath|workI found the scsiadd program and it works to remove sda, but that's it13:00
ivoks200$ for hpt?13:00
ivokslast time i buyed hpt, it was very cheap :)13:00
heath|workdoing scsiadd -p  to see the list; the list states all scsi drives are ID: 0013:01
heath|workthere are like 10 diff models13:01
ivokshot swap should be supported by controler13:01
ivoksi don't think you could do anything with controller that doesn't support that13:01
ivokshot swap = OS isn't aware of missing disks13:02
ivoksso it doesn't know when it is out and back in again13:02
ivoksbut i could be wrong :)13:02
heath|workivoks, scsiadd -s  rescans for scsi devices and adds them13:03
heath|workscsiadd -r 0  will remove the 1st device13:03
heath|workscsiadd -r 1 should remove the second, but all the ID's are 0, so I do not know how to, or if I can, assign ID's to the scsi drives13:04
ivokswell, if you are using raid controller, you should see only one drive, right?13:05
ivoksscsiadd is for adding/removing scsi devices13:05
ivokslogical raid disk should be one device13:05
ivoksso, if you have non-raid scsi controller that supports hot swap, you would use this tool13:06
ivoksi'm not sure this should (or is designed to) work with raid controllers13:06
heath|workThe card has 4 ports with drives in each.  The goal is to run 2 mirrored with mdadm, and 2 as singles for removable backup13:06
ivoksah... mdadm raid, not hardware raid13:07
heath|workyes, I like the idea of being able to move the raid drives to another machine in case of problems13:07
heath|workno controller required... The only reason for the card is to use the sata ports13:07
ivokswell, still, controller should support hot swap13:08
ivoks(i never used scsiadd)13:09
ivoksi'm just reading this:13:09
ivoksThis is *NOT* a substitute for powering down to connect or disconnect hardware unless it's specifically designed to be hot swappable.13:09
eolo999hi, i have a problem in choosing a virtualization technology. I'd like to go with kvm as i think it is the choice for the future, but in the few time i had for testing I noticed a consistent performance difference with xen. Probably it is only because of my configs, but i have too choose and have no more time for investigating. Can i have your points?13:10
ivoksi always use kvm, when i'm not using vmware13:10
ivoksrecently, i droped vmware for kvm13:10
heath|workivoks, from HighPoint description: Hot swap and hot spare13:11
eolo999ivoks: what about vm process cpu usage?13:11
ivokseolo999: vm uses cpu depending on what you are doing in vm :)13:11
ivoksheath|work: then, hot swap should work :)13:12
eolo999ivoks: when idle still my kvm machine was using ~= 20 % of Host CPU!13:12
ivokseolo999: mine uses 0-1 when idle13:14
eolo999****!13:14
eolo999so it seems it's MY problem.13:14
nomingzidoes anybody has ebook/PDF file with book title "Ubuntu 8 Server Administration and Reference" http://books.google.com.my/books?id=LhMFril7EBgC&dq=Ubuntu+8+Server+Administration+and+Reference+torrent&source=gbs_summary_s&cad=013:14
ivoksa ovaj vostro ti se nije svidio?13:16
ivokshttp://www.kodeks.hr/Dell/vostro-a860,PID-3,P-1665,G-370.aspx13:17
ivokssorry13:18
ivoks:)13:18
ivokswrong channel :D13:19
heath|workhow can I view the size of a dir?13:30
ivoksdu -hs13:30
ivoksdu -hs /bin13:30
heath|workthanks13:31
ivoksreplace h with k or m or leave it out, depending on what you want13:31
selinuxiumhi all, I am looking to install a DLT drive on LTS. Guide i am looking at show to use mt-st... is this correct?13:41
ivoksyou can use gnu mt too13:44
ivoks(provided by cpio package)13:45
selinuxiumivoks: cheers13:48
selinuxiumivoks: i can see that the tape drive is available on /dev/st0 I have made no change to the system, is there anything else I need do?13:52
ivoksselinuxium: nope, you can use it13:53
ivoksselinuxium: there's also /dev/nst0 ;)13:53
selinuxiumivoks: I am trying to run a VM and connect the DLT to it... In VMware passthrough SCSI device all the physical SCSI devices start /dev/sgX... Any ideas?13:55
selinuxiumivoks: the host is Ubuntu13:55
selinuxiumClients, sadly Suse... but I am not at the Suse point...13:56
ivoksselinuxium: i never did that, so i don't know anything about it13:56
selinuxiumivoks: m]13:56
selinuxium???13:56
selinuxiumnp!13:56
ivoksexporting /dev/sg won't be enought though13:57
ivoksyann2: ping13:58
yann2pong14:00
yann2hello ivoks :)14:00
ivokshi :)14:00
selinuxiumivoks: what is /dev/sgX connect to? how is it used?14:12
ivoksselinuxium: that's generic scsi device14:22
ivoksselinuxium: you can't use it as a tape device14:22
selinuxiumivoks: oh... And I cannot link sym link one to another then either...14:23
ScottKvorian: Progress - Bug 31266114:24
uvirtbot`Launchpad bug 312661 in db4.3 "Please remove db4.3 from Jaunty" [Wishlist,Fix released] https://launchpad.net/bugs/31266114:24
a_okwhat do i need to do to upgrade from 7.10 to 8.04 lts?14:25
ivoksinstall update-manager-core14:25
ivoksand start do-release-upgrade14:25
a_okis it like upgading in one huge step or does it go trough every version?14:26
a_okow14:26
ivoksthere's only one step from 7.10 to 8.0414:26
vorianScottK: I uploaded partimage last night, so db4.3 is clear for removal14:26
a_okivoks, lol yeah that helps14:26
ScottKvorian: Good, because StevenK just removed it.14:26
ScottK;-)14:27
ScottKOne down.14:27
vorian\o/14:27
a_okivoks, i really need to get better at this ubuntu bussines14:27
ivoksa_ok: before the dot is the year 200*7* and 200*8*14:28
ivoksa_ok: after the dot is the month...14:28
ivoksso, 7.10 is 2007, november14:28
ivoks8.04 is 2008, april14:28
a_okivoks, now that is goed to know. is there a steady release schedule?14:28
ivoksevery six months for regular version, and every two years for LTS14:29
a_okthanks14:29
ivoksScottK: so, what's the plan for mail stack?14:29
ivoks:)14:30
ivoksselinuxium: try modprobing 'st' module in guest14:31
ivoksselinuxium: maybe it will discover tape, if it can see generic device14:31
selinuxiumivoks: Sadly it doesn't work that way. you have to define it first in the host then the guests can use it...14:32
vorianScottK: it looks like db4.4 can also be removed14:33
ScottKvorian: File a removal request then ....14:34
vorianokie14:34
ScottKvorian: I think that during the Jaunty sync period from Debian a lot of stuff got move, so it's no so much left.14:36
ScottKivoks: First someone approves the spec and then maybe I find some time to guilt you into working on it.14:36
ivoks:D14:36
ivoksi don't mind working on that14:37
ScottKOK.  Glad to have you do it ....14:37
vorianScottK: on the packages that depend on db4.6, should I bump them to 4.7?14:49
uvirtbot`New bug: #314623 in likewise-open (main) "likewise-open: allows lockout while disconnected" [Undecided,New] https://launchpad.net/bugs/31462314:55
vorianthat bot is not identified to services btw14:57
ScottKvorian: I'd say let's wait until Jaunty +1 for that.15:09
vorianalrighty15:09
vorianScottK: same for 4.2 then?15:09
ScottKIf we can clear out the older ones for Jaunty, that'll be a clear win.15:09
vorianalrighty15:09
ScottK4.2 is a bit special.15:09
ScottKopenldap (sladp) has severe performance problems with later versions of libdb.15:10
vorianok then, i filed requests for 4.4 and 4.5.  That will leave only 4.2 and 4.615:10
ScottKSo as long as openldap is stuck on 4.2, we can't get rid of it.15:10
voriannoted, I would be happy to talk to upstream about changing that :)15:11
ScottKWorking on porting the other stuff to 4.6/4.7 would be useful so that it can be removed once slapd is fixed.15:11
ScottKvorian: It's a libdb problem, IIRC.  Slangasek (who is also active in openldap maintenance in Debian) has been working on it.15:11
ScottKI pinged him on #ubuntu-devel a bit ago to ask.15:12
voriani see15:12
vorianhow about cyrus nvi and kolab?15:12
ScottKI think cyrus and kolab have to be done toghether.15:14
ScottKI'd say look into it and do it if it works.15:14
* vorian is on it15:15
heath|workis it possible to have a usb drive in /etc/fstab mount only when available?15:27
espacioushi i'm having problems when pinging from my ubuntu i got !DUP - duplicates. happens only from that machine and it was not happening before. can somebody be so cind to help me out.15:30
espaciouskind*15:30
heath|workespacious, did you try booting from the live cd and trying like I suggested yesterday?15:36
espacioushi heath|work no not yet, but i excluded the switch.and looking now on my ubuntu setup15:37
espaciousim also getting the live cd to test...15:37
espaciouswhat else is possible to be?15:40
espacioushowly!15:41
espaciousheath|work ! found out where the problem is!15:41
heath|work?15:41
espaciousi disabled our VPN (win 2008 server) and no duplicates more.15:41
espaciousubuntu resides on that server.15:42
espaciousis a vmware.15:42
heath|worknat or host networking?15:42
espaciousgoing to #win-server :D15:42
espacioushost.15:42
espaciousmust be sth wrong in ruting and remote access on win server.15:43
espacioushave an idea what?15:43
heath|workespacious, what does route print have?15:52
heath|workin windows15:52
espaciousjust a sec.15:56
kirklandnijaba: hi, around?16:03
nijabakirkland: yepper16:04
kirklandnijaba: hey, okay, i merged your tree16:04
kirklandnijaba: and released16:04
nijaba\o/16:04
kirklandnijaba: there's a couple of things i wanted to run by you16:04
kirklandnijaba: for one thing, i juggled the keybindings a little bit16:04
nijabagood16:04
kirklandnijaba: can you pull the latest lp:screen-profiles?16:05
nijabadoing it16:05
kirklandnijaba: i think we need to establish a minimum criterion for keybindings to land in keybindings/common16:05
kirklandnijaba: i would suggest that those requirements are works identically in a) gnome-terminal, and b) tty console16:06
kirklandnijaba: but i'm open to ideas on that one, and perhaps adding KDE's konsole to the list16:06
nijabasounds faire16:06
nijaba(without an e)16:06
kirklandnijaba: additional keybinding sets should be added to other files in that dir, which indicate *where* they're known to work16:06
kirkland:-)16:06
nijabacoolset_gnome for example16:07
kirklandnijaba: something like that, yeah16:07
kirklandnijaba: and we'd work into your framework helper a way for users to turn those on/off at their discretion16:07
nijabaright16:08
=== jjesse_ is now known as jjesse
espaciousheath|work what do u mean?16:08
kirklandnijaba: so, i found the F-keys to be the ones that seemed to work best across gnome and console16:08
heath|workwhat do you mean?16:08
kirklandnijaba: open keybindings/common16:09
kirklandnijaba: moving from left to right ....16:09
kirklandnijaba: F1 was already taken (help in gnome)16:09
SmokeyDhey people. I am running hardy server edition in a xen virtual machine (fresh install of the virtual machine). When I try to update my packages, I get a segmentation fault when apt tries to setup module-init-tools16:09
kirklandnijaba: F2 was open, so I made that "create new window" ... probably the most frequently used?16:09
kirklandnijaba: F3/F4 were also unused, so I mad those PrevWindow and NextWindow16:10
kirklandnijaba: that makes F2/F3/F4 all very tightly associated16:10
kirklandnijaba: oh, and F5 being "kill window"16:10
nijabasounds good16:10
SmokeyDapt output on http://pastebin.com/m4992b7c616:10
kirklandnijaba: i know F5 is usually 'refresh'....16:10
nijabayes, that's why I chose it that way16:11
kirklandnijaba: unfortunate, but i think we just go with education on that one16:11
kirklandnijaba: yup, i understand16:11
kirklandnijaba: F6/F7/F8 are still available for our mapping16:11
kirklandnijaba: and F12 is open16:11
kirklandnijaba: i thought we'd try to see what else is *most commonly used*16:12
kirklandnijaba: i was thinking about scrollback, but i'm undecided16:12
kirklandnijaba: F8 is advanced help16:12
kirklandnijaba: F9 is your welcome screen16:12
kirklandnijaba: i was thinking F12 might be your welcome screen16:12
kirklandnijaba: in that it's on the end, and easy to find16:12
kirklandnijaba: but i couldn't get that to work immediately16:13
nijabamy keyboard goes up to f1916:13
kirklandnijaba: whoa16:13
nijabaI think apple did not know what to do with the extra space on their slim kb ;)16:13
kirklandnijaba: :-D16:14
kirklandnijaba: okay, cool, i need to update the help.txt accordingly16:14
nijabawhich is, btw, one of the best kb I have ever used16:14
kirklandnijaba: i missed that last night, oops ...16:14
nijabaeh, np16:14
* kirkland likes his loud, clicky IBM keyboard16:14
kirklandnijaba: i was actually thinking we might throw the detach onto one of the F-keys16:15
kirklandnijaba: anyway, with only 3 more available to work with, i thought we'd be conservative with those16:15
nijabayes, might be simpler than my 3 key thing16:15
kirklandnijaba: yeah, perhaps16:15
kirklandnijaba: i think 2 and 3 key things are fine ...  we should just put them in another file, outside of common16:16
kirklandnijaba: and make them easy to enable/disable as a lot16:16
nijababut C-shift-del is still close to something people tend to know16:16
kirklandnijaba: it's *really* close to ctrl-alt-del for my liking :-)16:16
nijabaright, that's part of my plan for the next few nights16:16
kirklandnijaba: okay, next thing ....16:17
kirklandnijaba: windows/common16:17
kirklandnijaba: i renamed that from default -> common16:17
nijabasure16:17
kirklandnijaba: i commented out the welcome screen for this release16:17
nijaba:/16:17
kirklandnijaba: i'd like to get it back in16:17
kirklandnijaba: i had some issues with resized windows16:18
kirklandnijaba: it didn't display properly16:18
nijabatalk with newt...16:18
nijaba;)16:18
espaciousheath|work http://pastebin.com/ma79126216:19
kirklandnijaba: yeah, i saw your math in there :-)16:20
kirklandnijaba: well, it's still easy to get to, while we test/fix it, by hitting F916:21
nijabaright16:21
kirklandnijaba: and i'd like to get the functionality working where you can tell it "don't show me this again"16:21
nijabain my list as well16:22
kirklandnijaba: then i think we're cool to turn it back on by default16:22
kirklandnijaba: excellent16:22
nijabakirkland: still unsure what/where you changed about $profile16:23
kirklandnijaba: oh, right16:23
kirklandnijaba: i made a few changes there16:23
kirklandnijaba: okay, looking at select-screen-profile16:24
kirklandnijaba: i created a assert_symlink() function16:24
kirklandnijaba: which, i'm fixing a bug in right now ...16:24
kirklandnijaba: the -L test should be against $116:25
nijabaahasenack, right, I was wondering16:25
kirklandnijaba: and i dropped the .screenrc-windows code, as it wasn't working correctly16:25
nijabaahasenack: sorry, autocomplete on ah!16:25
kirkland;)16:25
ahasenackNicke: ok :)16:25
ahasenackoooops :D16:25
kirklandnijaba: the listprofiles() function itself gathers the available profiles16:26
kirklandnijaba: and that's called in prompt() and setprofile()16:26
kirklandnijaba: we're still, unfortunately, using a global $SELECTED variable16:26
kirklandnijaba: i want to get away from that16:26
kirklandnijaba: but i couldn't do that easily in this iteration16:26
nijabaok16:27
kirklandnijaba: however, at the very least, it's ALL_CAPS, which indicates global16:27
kirklandnijaba: i also replaced all indentation with tabs16:27
kirklandnijaba: and I added your copyright statement to the top of those other two helper files16:27
nijabakirkland: that part is a pain, as I configured my vi for python16:27
kirklandnijaba: sure16:28
kirklandnijaba: i'm not going to touch your python indentation16:28
kirklandnijaba: i'll follow your standard there16:28
nijabakirkland: for python, tab is to be banned16:28
* kirkland grumbles about python16:28
nijabakirkland: I need to tweak my vimrc some more to change this based on the code type16:29
kirklandnijaba: yeah, have it exclude shell for that16:29
SmokeyDubuntu-minimal wanted to isntall it and that made it crash. Now removed it and installed libc6-xen. Problems gone16:30
SmokeyDfound the culprit: libc6-i686 causes apt to crash when installing module-init-tools16:30
SmokeyDwhen running in a xen virtual machine16:30
kirklandnijaba: what do you think about F6 as a simple detach?16:43
nijabakirkland: good for me16:44
heath|workI have removed a scsi device with scsiadd -r 3 0 0 016:50
heath|workthis was successful, however I can not get it back on line16:51
heath|workscsiadd -a 3 0 0 0 is not working and rescan-scsi-bus.sh does not grab it16:51
geniiheath|work: These are actual scsi drives?16:54
SmokeyDhey people. should I run my iptables script pre-up or post-up in network/inerfaces16:54
heath|workgenii, sata16:55
DeepsI have 2 disks that contained 2 partitions each, both part of an mdadm raid0 array16:58
Deepsthe disks were orgiinally in a NAS, there was a bodged firmware upgrade and the software tool to repair attempted to format the disks fresh16:59
Deepsit was stopped promptly before it got to the data partition (tool was still formatting system partitoin)16:59
Deepsmdadm --assemble now doesn't work on the data partitions, complaining about missing superblocks17:00
Deepsgoogle suggests that mdadm's smart enough to recognise an underlying filesystem on a disk and reallow access to it17:00
Deepsie, mdadm --create wont trash all the data on the disks17:00
geniiheath|work: They are attached to a a SCSI host adapter by way of some adapter like so: http://www.addonics.com/products/io/adsalvd160.asp  or just on their own sata controllers, etc?17:06
heath|workDeeps, what does cat /proc/mdstat have?17:06
heath|workgenii, just sata drives connected to the MB17:07
ivoksgood news17:08
ivokstar upstream is seriously considering including proposed acl/selinux/xattrs patches17:08
geniiheath|work: Did you do: scsiadd -p            after you added the drive back in?17:09
heath|workgenii, yes... even with scsitools   rescan-scsi-bus.sh  I get nothing17:10
heath|workit's very weird17:10
geniiheath|work: Does the computer see the drive on ahardware level? (bios scan etc)17:11
Deepsheath|work: was empty17:11
heath|workgenii, thanks for you help with this... I have not rebooted yet, Iwas actually trying to avoid a reboot17:12
Deepsheath|work: looks like mdadm is clever though, i did the create, it detected the e2fs and warned me, i told it to carry on creating anyway, and now an e2fsck hasn't complained *yet* on the newly created md1 device17:12
heath|workDeeps, after creates you should have something in /etc/mdstat17:13
Deepshttp://paste.ubuntu.com/101755/17:13
Deepsnow yeah17:13
Deepsit's a raid0 though, so it wont have much of interest17:14
Deepsand infact, doesn't17:14
geniiheath|work: OK. Does tail dmesg have anything like: scsi 3:0:0:0: rejecting I/O to dead device         or so after physical insertion of drive?17:14
Deepsanyway now just to wait for e2fsck to finish it's thing. 1.5tb array, so it wont be speedy hehe17:15
heath|workgenii, http://paste.ubuntu.com/101757/  after doing scsiadd -a 3 0 0 017:17
heath|workbut nothing shows in fdisk -l17:18
ivoksthere's no disk17:18
ivoksthat's sata channel17:18
heath|workahhh... I wounder if the drive is not powering up then17:19
heath|workwhere is the cache of uuid's to dev17:25
heath|workif there is one17:25
ivokscache?17:25
ivoks /dev/disks/by-uuid/17:25
ivoksthere are links17:25
SmokeyDhey people. Is it recommended to run apparmor on a LAMP server (running inside a xen virtual machine) running hardy?17:25
ivoksSmokeyD: apparmor runs by default17:26
SmokeyDivoks: yeah I know17:26
ivoksSmokeyD: there's only mysql profile17:26
ivokswhich is ok, if you don't do non-standard setup17:26
SmokeyDivoks: I am wondering more whether it is usefull to keep it running17:27
heath|worki would17:27
ivoksSmokeyD: it is usefull17:27
SmokeyDok, then I'll dig into the docs17:27
ivoksSmokeyD: but it can also be problematic, depending on your knowledge :)17:27
geniiheath|work: "ata4" suggests it would be responding as scsi device 5 ... have you tried to scsiadd that designation in?17:27
SmokeyDivoks: I am reading http://developer.novell.com/wiki/index.php/Apparmor_FAQ now, but in the mean time, are problems caused by too restrictive apparmor settings easily recognized?17:33
ivoksSmokeyD: since only mysql is apparmored, non working mysql would be only possible problem17:34
SmokeyDok17:34
SmokeyDother programs are not apparmored? SO the use is still quite limited? If I wanted apache for instance apparmored, I need to do it myself?17:35
ScottKThere are others that are apparmored too.17:36
ScottKIIRC there's a list on the Ubuntu wiki.17:36
SmokeyDok, I'll just read the docs and stop being lazy :)17:37
SmokeyDthanks17:37
ivoksScottK: we are talking about LAMP :)17:41
ivoksoh... he asked :D17:41
ivokssorry17:42
ivoksSmokeyD: yes, armoring apache is up to you17:42
SmokeyDok17:42
ivoksSmokeyD: since there are so many ways to use and set up apache, providing sane profile for it is quite hard17:42
SmokeyDyeah I can imagine17:43
SmokeyDvirtual hosts, location of files, etc17:43
ballI'm trying Wireshark on Ubuntu Server... and flailing :-)18:15
ScottKball: Wireshark is a GUI app.18:32
ScottKNo GUI on Ubuntu Server.18:32
ScottKball: Use tcpdump instead.18:32
fevelhello everyone18:32
fevelI am getting used to the tool that comes with ubuntu server for firewalling18:33
fevelufw18:33
ballScottK: ah, I installed VNCserver18:33
ball...so I can run GUI tools if I have to18:33
fevelbut how do I enable prerouting rules?18:33
fevelIcouldnt find any info on the docs18:33
ballbmon seems to be showing me the traffic through an interface.18:34
ballcome to think of it, that'll work provided I run it on a box that all the traffic is going through18:35
ball...what I was really hoping for was something like xload, but showing me LAN traffic rather than cpu load18:35
nick58bball: nload?18:36
ballnick58b: that's showing me the traffic on one interface.  Presumably that won't show me traffic between two other nodes.18:38
ball(general volume of traffic on the LAN)18:38
balloops18:39
nick58bball: oh, yeah, i have switches with snmp and use cacti for that19:00
ballI have a hub :-)19:01
aurigusntop?19:01
ballaurigus: I'll try that, thanks19:01
aurigushub, eek :)19:03
ball:-)19:03
ballaurigus: don't make me break out the coax ;-)19:04
aurigusif you do that i'll have to break out my pigeons19:05
* ball gets out the cw key19:06
fevelCan anyone help me add prerouting rules on ufw?19:24
fevelI am having a real hard time making a certain rule work19:24
fevel-A PREROUTING -p tcp -d 201.70.77.6 --dport 2222 -j DNAT --to-destination 192.168.10.8:2219:24
feveldo I have to enable PREROUTING like I need to enable POSTROUTING?19:27
heath|workif I set up and alias of eth0:0 192.168.2.31, can I route have traffic going to an ip of 192.168.2.200 look as if it is coming from the alias not the regular ip?19:36
ballWhy would you do that?19:37
geniiheath|work: Yes19:37
heath|workball, we have a cisco router that only listens to 1 ip19:38
heath|workgenii, what do I need to look into to do that19:38
ballheath|work: odd.19:39
geniiheath|work: Just use a netmask for the alias which excludes the IP of the non-aliased eth0 (or other aliases).19:40
heath|workball, it's a security thing19:40
geniiheath|work: Then 192.168.2.31 for example becomes the ony route to 192.168.2.200 because it's only one on the segment for that adapter19:41
Deepsheath|work: ip route add 192.168.2.200/32 src 192.168.2.3119:41
Deepsheath|work: might do what you need19:41
Deepsheath|work: oh, and the use of eth0:0 and the like is deprecated, in favour of ip address add19:42
heath|workhmmm... thanks... I will look into that!19:43
heath|workDeeps, I cannot find any tutorials or info on how to setup aliases with the ip command.  Would you happen to have any references?19:56
henkjansudo ip addr add eth0 192.168.1.1020:01
Deepsheath|work: ip addr add 192.168.2.31/32 dev eth020:04
heath|workwow that's easy... thanks!20:07
Deeps`ip` is the tool of the future!20:11
aurigusdoes it save that on reboot?20:12
Deepsnope20:13
Deepsunfortunately, due to the nature of how the interfaces file works, there's no 'clean' way to add multiple IPs to an interface20:13
Deepsoutside of lots of up or post-up lines20:14
Deepsbut you can use loops in (post-)up lines20:16
Deepse.g. up for i in `seq 2 10`; do ip addr add x.x.x.$i/32 dev eth0; done20:16
RainCTHi20:23
RainCTDoes the server version of Intrepid still respect /etc/network/interfaces or does it also have some nm weirdness?20:24
sommerRainCT: by default there shouldn't be any nm weirdness... at least that I've noticed20:25
Deeps"nm weirdness"?20:25
RainCTOK, thanks20:25
RainCTDeeps: network manager20:26
sommerdid nm get installed as a dependency of something maybe?20:26
Deepsoh20:26
RainCTsommer: I have no problems (using Hardy here), just asking :)20:26
heath|workDeeps, using your above command for adding an alias, I can now ping the alias, but I cannot view it with ifconfig or route.  Is this normal?20:48
Deepsindeed, you can see it in ip addr20:49
Deepsifconfig is also deprecatedin favour of ip, as is route20:49
Deeps(ip addr, ip route)20:49
heath|workso what you are telling me is to drop ifconfig20:50
heath|worknow that I have run  ip addr add 192.168.2.37/32 dev eth0     how can I make a route through that ip to 192.168.2.120:52
Deepsto that particular ip20:52
Deepsor to use 192.168.2.37/32 as your src ip for all outbound connections?20:52
heath|workI need to use 192.168.2.37  to 192.168.2.1   everything else stay the same20:54
Deepsip route add 192.168.2.1/32 src 192.168.2.3720:54
Deepsmight do what you need20:54
heath|workyeah... that's what I tried I got "No such device"20:55
SmokeyDhey people. If I want my server to stay synchronized with the time, should I use ntp or ntpdate?20:56
Deepsip route add 192.168.2.1/32 dev eth0 src 192.168.2.3720:56
heath|workwell... no error that time. Let me see if I can connect!!20:56
heath|workDeeps, you are the man!!  Thanks20:58
Deepssource based routing20:58
Deepssomeithng you cant do using the old tools like 'route'20:58
heath|workthat explain all the problems I was running into.  Damn google21:00
maw_SmokeyD: use ntpd21:08
maw_SmokeyD: ntpdate is a one off time sync. To run it the ntpd service needs to be stopped21:08
maw_SmokeyD: see /etc/ntp.conf21:08
SmokeyDmaw_: ok, thanks21:09
maw_I usually first run ntpdate against my time server, then I start the ntp service21:09
gladkI usually run ntpdate once a day using cron, for this I stop ntpd first, update time and then start ntpd again21:14
Deepsif you need to do that you're doing it wrong21:15
SmokeyDanother question: would you for a server recommend the binary snort 2.7.0 from ubuntu hardy or a manually compiled snort 2.8.3 (latest stable)?21:22
Deepsdepends on whether you'll keep up to date with snort developments21:23
Deepsincase of any security vulns and the like21:24
Deepsand remember to keep your snort patched up21:24
Deepsi'd never recommend using anything outside of the packaging system simply as it's more effort to maintain21:24
SmokeyDDeeps: but the ubuntu binary version is quite a lot behind the stable snort21:25
SmokeyDand that would post a security risk right?21:25
Deepsindeed, because latest and greatest != stable21:25
Deepsnot necessarily21:25
Deepssecurity fixes are often backported21:25
Deepsnew features, however, are not21:25
Deepslook at debian stable, packages in there are even older!21:25
SmokeyDDeeps: so it is possible that although snort in repos is version 2.7.0, the vulns which were solved in later versions were patched back in 2.7.0 by ubuntu maintainers?21:26
Deepsindeed21:26
Deepsyou can confirm that by looking at the package's changelog21:26
SmokeyDok21:27
SmokeyDcool21:27
SmokeyDso you would only recommend hand compilation if you really need a new feature from a later version, but not for security issues?21:27
nyarlasnort is special : you need the oinkmaster to keep up with rules updates, and it may break an older version of snort from worling. It happened to me once.21:28
nyarlaso i'd recommend to compile the latest, which is easy to do.21:29
Deepsi'd recommend either creating your own package from the source, or grabbing the latest package from the testing repos (in this case, jaunty)21:30
SmokeyDI think I will go with the latest source (stable of course) and indeed create a deb package21:30
kirklandnijaba: around?21:32
kirklandnijaba: https://wiki.ubuntu.com/ScreenProfiles21:32
nijabakirkland: yep21:32
nijabalooking21:32
nijabakirkland: that's a serious reverse spec :)21:34
kirklandnijaba: ;-)21:36
kirklandnijaba: well, this should be more information that others can use, if we get some more assistance21:36
nijabakirkland: missing a todo table?21:36
* kirkland hands nijaba the todo to make a todo table :-)21:37
kirklandnijaba: good idea ;-)21:37
kirklandnijaba: well, actually, i think those would be better tracked in Launchpad, right?21:37
kirklandnijaba: as wishlist bugs?21:37
kirklandnijaba: maybe highlevel items in the wiki page21:38
kirklandnijaba: specific implementation items as bugs21:38
kirklandnijaba: and then people can bite off bits and pieces, bug by bug21:38
nijabakirkland: yes, high level one in the wiki page is better21:38
nijabas/one/ones21:38
kirklandnijaba: cool21:38
kirklandnijaba: okay, one more thing, then i need to shift my focus away from screen-profiles for a bit ...21:39
kirklandnijaba: in that wiki page, i called your python utility "screen-configurator"21:39
nijabaok21:39
kirklandnijaba: i think that's a more accurate term, than "welcome screen"21:39
kirklandnijaba: what do you think of that overarching direction?21:39
kirklandnijaba: your utility becomes the central place for configuring screen21:40
nijabakirkland: I had called it screen-profiles-helper, but that's fine too21:40
kirklandnijaba: initially, that means choosing your profile21:40
kirklandnijaba: eventually it means defining what windows to open at startup21:40
kirklandnijaba: whether to run screen automatically on login (or not)21:40
kirklandnijaba: perhaps eventually mangling the keybindings21:40
nijabayes, that sounds nice21:40
kirklandnijaba: and configuring the applets in the status bar21:40
kirklandnijaba: those last two are "hard", i think21:41
kirklandnijaba: perhaps not a jaunty item, unless we got some help21:41
kirklandnijaba: but good for the "to do" list, i suppose21:41
nijabaapplets sound much harder than keybindings21:41
kirklandnijaba: yeah, probably so21:41
kirklandnijaba: okay, i just released version 1.321:45
kirklandnijaba: pushing to my ppa, and to universe21:45
nijabawooohooo!!!21:45
nyarlaSince Hardy (Ibex too) nautilus cannot access my password protected samba shared folders, hosted on a Dapper server. I'd like to figure out why. Gutsy and older had no problems to do that. Is it because samba/dapper is outdated?21:46
nyarlanon protected folders mount just fine, btw21:49
nyarlathe samba server version is  3.0.22-1ubuntu3.821:52
fduplessishi all22:02
fduplessisplease take a look at this issue22:02
fduplessishttp://ubuntuforums.org/showthread.php?t=103344222:02
fduplessisneed help22:02
fduplessistearing my hair out here22:02
Deepsdisable apparmour, if the problems are resolved, you need to edit your configs to play with files in the correct places, or alter the apparmour profile for bind to allow read/write in your custom locations22:04
fduplessisthanks for that22:05
nijabaDeeps: why do you recommend disabling? Putting in complain mode is MUCH better22:05
Deepsor that22:05
Deepscomplain mode would be better, yes22:05
nijabahttps://help.ubuntu.com/community/AppArmor#Put%20all%20profiles%20into%20complain%20mode22:05
fduplessisah thanks22:05
Deepsnijaba: ignorance, rather than malice, i'm afraid22:06
nijabaDeeps: np, it is just that it makes you progress a bit quicker in your troubleshooting and avoids leaving a security hole afterward...22:07
Deepsyepp22:07
Deepscompletely agree22:07
fduplessisit made no difference22:09
fduplessisdo you see anything obviously wrong with my config?22:09
nijabafduplessis: then put it back in enforce before looking somewher else ;)22:09
fduplessisyep it's running again22:10
fduplessislogging for bind9 works fine though22:10
fduplessiswhen i try to ping my domain i get:22:10
fduplessisclient 127.0.0.1#57929: query: mydomain.com.mydomain.com IN A +22:11
nijabafduplessis: can you try with dig?22:13
fduplessisvndadmin@alpha:/etc/bind$ dig mydomain.com22:15
fduplessis; <<>> DiG 9.5.0-P2 <<>> mydomain.com22:15
fduplessis;; global options:  printcmd22:15
fduplessis;; Got answer:22:15
fduplessis;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 5660722:15
fduplessis;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 022:15
fduplessis;; QUESTION SECTION:22:15
fduplessis;mydomain.INA22:15
fduplessis;; Query time: 3 msec22:15
fduplessis;; SERVER: 127.0.0.1#53(127.0.0.1)22:15
fduplessis;; WHEN: Wed Jan  7 16:14:47 200922:15
fduplessis;; MSG SIZE  rcvd: 3022:15
Deepspaste.ubuntu.com22:15
fduplessiswhat?22:16
Deepsin future, please use a pastebin for anything more than 2-3 lines22:16
jpdsfduplessis: Please use the pastebin next time for large texts.22:16
fduplessisok22:16
fduplessissorry22:16
nijabafduplessis: SERVFAIL looks bad.  Any backup of your previous config to do a diff?22:17
fduplessisyeah i can go back.22:17
fduplessisbrb22:17
nijabafduplessis: seems like the shortest path to find the issue22:18
Deepsblog IN CNAME example.wordpress.com22:18
Deepsand the line22:18
Deepslike22:18
Deepsare all missing full stops at the end of the domains22:18
Deepsin example.com zone file22:18
fduplessisi tried with full stops, didn't work either. but thanks now at least i know what NOT to do...22:19
DeepsFQDNs always need to be terminated with a period22:19
Deepsblah.domain.tld. IN CNAME blah.domain2.tld.22:19
Deepsblah IN CNAME blah.domain2.tld.22:20
Deepsboth are legal (i think)22:20
fduplessisah thanks22:20
Deepsi also dont think you can CNAME to a non-FQDN22:20
fduplessisthat helps22:20
Deepsso: fileserver IN CNAME vasvr01 isnt legal22:20
fduplessisbut fileserver IN CNAME vasvr01.mydomain.com is?22:21
fduplessisfileserver IN CNAME vasvr01.mydomain.com.22:21
Deepscorrect22:21
fduplessisgotcha22:21
fduplessisrolling back now22:21
Deepswhen you start bind9, if you look in /var/log/syslog it'll announce any errors in loading zone files too22:22
fduplessisok will lok, thanks22:22
Deepsso you know straight away if you've got errors in your zone files22:22
Deepswhich would lead to SERVFAIL like you're seeing above22:22
Deepsof course, in your forum post, you're using example.com and not mydomain.com22:22
Deepsi'm assuming you're just hiding your real domain or whatever and keeping consistent at your end22:23
fduplessisyep, i am confusing to myself and other, i know22:23
fduplessisok, rolled back, it's working 100% now22:25
fduplessisi must have madde some mistake when adding those records22:25
fduplessisi am gettin this tho: Jan  7 16:24:39 alpha console-kit-daemon[4156]: CRITICAL: cannot initialize libpolkit22:27
fduplessisDeeps, could you take another look at my forum post?22:32
kirklandjdstrand: hi, you around?22:33
Deepslink?22:33
kirklandjdstrand: i published updated screen-profiles packages to https://edge.launchpad.net/~kirkland/+archive22:34
kirklandjdstrand: i'm wondering if you might test, and give some more feedback22:34
kirklandjdstrand: i juggled the keybindings a bit, to use some that work in both tty consoles and gnome-terminal22:34
greenflykirkland: you gave me the screen tweaking bug now22:35
kirklandif there's anyone out there that can test in Konsole, i'd be appreciative ;-)22:35
greenflyI've been tweaking my own custom thing now22:35
kirklandgreenfly: ?22:35
* ScottK looks at vorian22:35
ScottK... for konsole testing.22:35
* kirkland was looking at ScottK :-)22:35
fduplessishttp://ubuntuforums.org/showthread.php?p=6513073#post651307322:35
* ScottK needs to go make dinner.22:35
kirklandgreenfly: cool, let me know if you find any gems you'd like to share22:36
greenflykirkland: just I never had thought about it much, and now I can't stop22:36
ScottKkirkland: vorian has expressed a desire to get more inolved with Server Team, so here's s chance ....22:36
greenflykirkland: I like the %l for system load22:36
kirklandgreenfly: k22:36
kirklandScottK: sounds good ;-)22:36
* vorian waves22:36
greenflykirkland: and I wrote a little thing that parsed fetchmail -c output to show many how many unread messages I have22:36
jdstrandkirkland: I'd be happy to test it-- is it in your ppa?22:37
kirklandjdstrand: yup22:37
jdstrandkirkland: is help supposed to be F1 still?22:41
vorianScottK, kirkland, i'll be able to test it later this evening22:41
kirklandjdstrand: no22:41
kirklandjdstrand: F1 is help in gnome22:41
kirklandvorian: cool, thanks.22:41
owhkirkland: 'morning Dustin :)22:42
kirklandjdstrand: f10 is the toolbar in gnome, and f11 is fullscreen ... i avoided all of those22:42
kirklandowh: howdy22:42
vorianno problemo22:42
jdstrandkirkland: help.txt isn't shown to me on startup so I have no idea what is what ;)22:42
kirklandjdstrand: yeah ... that's commented out at the moment22:42
jdstrandkirkland: where is help?22:42
kirklandjdstrand: we're going to add it back in, as soon as we have a way to disable it, permanently, by choice22:42
kirklandF922:43
owhkirkland: Just out of curiosity, are my emails getting to the server list? I've asked some questions over the past few months with zero replies and I was wondering if I was unloved, or just not getting to the list :)22:43
jdstrandkirkland: TBH, I like it-- it is not unlike what you would get in normal screen-- though I agree having a way to disable would be nice22:43
kirklandowh: i see a question from you at 1:48am this morning, regarding vmbuilder under intrepid22:43
* owh notes that gmail's mail servers don't send copies of list postings back - RFC's, must be something new:)22:44
kirklandowh: it has been a slow few weeks, xmas and all22:44
owhkirkland: So, just unloved then :)22:44
kirklandjdstrand: yeah, the intention is to put it back in, as soon as we get a couple of issues solved22:44
jdstrandnewt is pretty22:45
kirklandjdstrand: nijaba did a great job with that22:45
kirklandprops to nijaba !22:45
jdstrand\o/22:45
* nijaba blushes22:45
owhkirkland: BTW, did you see the patch submitted for bug #23844422:45
uvirtbot`Launchpad bug 238444 in kdebase-runtime "Index building for initial launch is overly complex" [Undecided,Invalid] https://launchpad.net/bugs/23844422:45
jdstrand 522:45
jdstrando/22:45
kirklandjdstrand: that's going to become our all-around "screen-configurator"22:45
owhkirkland: Whoops wrong bug.22:45
owhkirkland: Bug #20316922:46
uvirtbot`Launchpad bug 203169 in samba ""status" function for init scripts" [Wishlist,In progress] https://launchpad.net/bugs/20316922:46
owhCrap22:46
owhNot that one either, let me hunt :(22:47
owhkirkland: Uh, it was the last one: https://bugs.launchpad.net/ubuntu/+source/lsb/+bug/203169/comments/46 - <- nis patch22:49
uvirtbot`Launchpad bug 203169 in samba ""status" function for init scripts" [Wishlist,In progress]22:49
kirklandowh: hmm, someone marked the nis task invalid ...22:50
owhkirkland: The person submitting the patch did that.22:51
kirklandoh, i see22:51
owhI'm not sure what he was doing.22:51
owhThe patch itself is mostly right, but I'm not sure that it's all correct.22:51
kirklandowh: thanks, i'll chase it down22:51
kirklandowh: and test it22:52
kirklandgosh, i haven't run nis in *years*22:52
owhkirkland: I think the -p in the first pid of proc is borked22:52
owhs/proc/proc-call/22:52
fduplessisDeeps?22:53
owhkirkland: Uh status_of_proc, rather :)22:53
owhkirkland: Doesn't supplying the pid defeat the purpose?22:54
kirklandowh: no, it's a good thing ... it ensures that we're checking the status of the daemon started by the init process22:55
kirklandowh: and not just some other one that the admin might have started22:55
owhkirkland: Uhm, not really. The file is one stored in the /var/run tree, that could have been put there by anything.22:56
kirklandowh: well, you'd have to look at the rest of the init script22:57
kirklandowh: specifically, the start action22:57
owhkirkland: I understand how it stores the file, but if the admin for some reason starts it twice with the init script, then the file will be overwritten. So we might be looking for a pid that is no longer there if the stuff gets out of sync. Wasn't that the whole point of not using the pid in the first place/22:58
owhkirkland: And is the definition of nis running not that a process is running, not if the process with the pid that was stored is running? For example, perhaps the nis process fails, detects itself failing and starts a new instance of itself.23:00
kirklandowh: we were specifically asked to add pid support to status_of_proc()23:00
owhkirkland: I don't recall, but I trust your statement.23:00
owhkirkland: In that case, looks good to me :)23:01
kirklandowh: if i were less busy, i'd dig out the mail archives23:01
jcastromathiaz: thanks for the rabbitmq revu23:01
kirklandowh: it's in the debian bug tracker though23:01
owhkirkland: I'll have a squiz. I don't doubt your statement though.23:01
owhkirkland: There was a debate about the pid stuff using kill -0 which would only work for the process owner and root. I did not see anything else.23:04
owhkirkland: Don't spend any time on this, I was just drawing your attention to the patch. The debate can last for another time.23:07
kirklandowh: thanks for that, i'll chase down the patch for commit23:07
owhCool23:07
mathiazjcastro: np - I've made some comments23:17
mathiazjcastro: once they've been addressed I'll take another look at it23:17
jcastronod23:17
didrocksjdstrand: there?23:21
didrocksjdstrand: btw, I will have some time tomorrow evening to take some tests against ufw trunk. Do you want me to try to run it against jaunty or hardy?23:23
lukehasnonameI think I asked yesterday, but I didn't bookmark it: Can you add disks to a RAID? Like adding 2 disks to an existing RAID5 or 623:24
Koprolythello. can anyone tell me how to make automatic file backups to an external usb hdd on my ubuntu-fileserver?23:30
jmarsden|workKoprolyt: Use any command-line backup tool of your choice and schedule the backups using cron.23:31
Koprolytcan u please give me a name of any cmdline backup-tool pls23:31
kirklandnijaba: tab mangling fixed!23:32
jmarsden|workrsync, rdiff-backup ... use Google for this kind of question, it is more comprehensive!23:33
jmedinaKoprolyt: you can use tar+cron23:33
jmedinardiff-backup, rsync, or something more advanced as bacula23:33
jmarsden|workunison ... there are so many...23:33
Koprolytthx! what is the most popular? so i can google help. my server is running now for 1 day. it was my first contact with linux.23:35
uvirtbot`New bug: #293233 in smbnetfs (universe) "crashing with SIGABRT while scanning network or reading some files" [Undecided,New] https://launchpad.net/bugs/29323323:36
uvirtbot`New bug: #314899 in openssh (main) "User is prompted for password for irrelevant public key" [Undecided,New] https://launchpad.net/bugs/31489923:36
Kamping_Kaiserrsnapshots neat.23:43
Kamping_Kaiseraiui, similar to rdiff-backup23:44
uvirtbot`New bug: #314776 in bind9 (main) "OpenSSL signature verification API misuses" [High,In progress] https://launchpad.net/bugs/31477623:45
techsupportto install LAMP which command do i run? sudo apt-get install lamp ?23:54
=== liberfiasco is now known as libervisco
Kamping_Kaiseri think theres a tasksel task for lamp under ubuntu23:56
Kamping_Kaiserotherwise, install the components manually23:56
geniiKamping_Kaiser: Yes, it's a tasksel23:58
geniitechsupport: sudo apt-get update && sudo apt-get install tasksel && sudo tasksel               ...then choose LAMP install23:58

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!