/srv/irclogs.ubuntu.com/2009/01/30/#ubuntu-server.txt

Rafael	error 25 anybody know what it is?	00:17
maxb	without more context, no, no way at all	00:19
orudie	hi, how can i change timezone ?	01:00
rdw200169	/etc/timezone	01:00
rdw200169	run the command tzselect	01:01
Bangers1	I have a cron job that puts all output into a file .. how can I then after that cron job runs, email that file to myself?	01:03
Bangers1	* * * * /foo/script.log > /tmp/file.log 2>&1	01:03
Bangers1	can I do: * * * * /foo/script.log > /tmp/file.log 2>&1 ; cat /tmp/file.log \| mailx -s "email" email@email.com ?	01:04
rdw200169	Bangers1, some metioned here the other day that there's a way to do it with postfix, but i can't remember what he said	01:05
rdw200169	Bangers1, i've always done it with the program sendemail though	01:05
Bangers1	i dont care what program I use, mailx or whatever...	01:06
Bangers1	My question might be cron syntax related?	01:06
jmedina	Bangers1: well that cat is extra	01:07
jmedina	pipe the output from script.log directrly to email :D	01:08
maxb	Bangers1: Doesn't cron email all output from jobs to the invoking user anyway?	01:08
Bangers1	That's true, but I still want that file written to the system for keeping in the future (output file is /tmp/file.log.$(date)	01:10
jmedina	then use tee	01:10
maxb	Well, how about foo 2>&1 \| tee -a mylog.log	01:10
Kamping_Kaiser	why not set the MAIL= flag in your crontab ?	01:11
Kamping_Kaiser	ah, we've established that finishes reading up	01:11
Bangers1	if I foo 2>&1 \| tee -a mylog.log -- wont i be in the same position I was before? cron wont have any output to email me...	01:13
Bangers1	Oh, ignore me. tee copied output to the FD, and to stdout still	01:14
Bangers1	ok last question, why does this work? But adding the $(date) stops it from working?	01:27
Bangers1	WORKS 25 1 * * 5 /usr/bin/ssh user@server "ls -l" 2>&1 \| tee /tmp/file.log \| mailx -s "test" email@email.com	01:27
Bangers1	DOESNT WORK 25 1 * * 5 /usr/bin/ssh user@server "ls -l" 2>&1 \| tee /tmp/file.log.$(date +'%F') \| mailx -s "test" email@email.com	01:27
thehook	Bangers1: shot in the dark here, but are you 199% sure the syntax is correct?	01:29
Bangers1	Yep. it works in bash, but as a cron job it doesnt work	01:30
Deeeps	use the absolute path to date	01:30
Bangers1	hrm, the problem is cron uses 'sh' not bash for the input command, and my command isnt valid for sh	01:31
Deeeps	ah, yes, that too, heh	01:32
orudie	how can i check free desk space ?	01:48
orudie	disk	01:48
Deeeps	df	01:51
Nat_RH	df -h is a little easier to read	01:51
orudie	ok, when i do rm -r dir/ , does the space free up ? i just deleted like 3 gb directory	01:53
orudie	and i think the disk space didnt change	01:53
jmarsden\|work	orudie: Yes, it frees up, unless some other process has the files open.	01:53
jmarsden\|work	In that case it will free up once that process closes the files concerned.	01:54
pirroh	hi, are you able to set parameters with setenv.sh for tomcat6? (8.10 server obviously)	01:59
=== chmac7 is now known as chmac
pirroh	no one around with tomcat6 and 8.10?	03:23
StuckMojo	hi	04:07
StuckMojo	anyone know the trick to getting the dual LSI Logic / Symbios Logic SAS1068 PCI-X Fusion-MPT SAS controllers to work with the MD3000 in 8.04 ?	04:11
Wicked	hmm...just updated...trying to reboot to the new kernel.....shutdown -r now is doing nothing....says its going down to reboot..but 5 mins later and im still in the same session and it never rebooted	05:04
Wicked	reboot and halt do the same thing....says its going down..but never does	05:06
StuckMojo	nevermind, got it. it was multipath IO, needed to install and configure multipath-tools	05:11
uvirtbot`	New bug: #313249 in samba4 (universe) "samba problems (dup-of: 278864)" [Undecided,New] https://launchpad.net/bugs/313249	05:15
genii	Flannel: My thinking is an Ubuntu-based software port forward howto would be more apt than one for hardware routers. But maybe that's just me :)	05:31
genii	Sorry, wrong channel :)	05:35
ivoks	did anyone notice that unix time 1234567890 is on friday, 13. of february? :)	08:17
Kamping_Kaiser	rofl. no i didnt	08:42
domas	ivoks: nice	08:44
_ruben	sweet :p	08:46
Koon	ivoks: let's call it "Happy 1234567890" day	08:48
_ruben	;)	08:49
Kamping_Kaiser	wonder if unix time will end early ;)	08:50
henkjan	in 2038 we'll have a problem	08:51
Koon	Yeah, about around by 65 years birthday.	08:52
Koon	my 65-year birthday I mean	08:52
Kamping_Kaiser	mmm. near my 53rd iirc	08:53
Koon	Jan 19, 2038, and I'm born Jan 18 ;)	08:54
Koon	Just about the right time to retire.	08:54
ivoks	:)	09:11
dayo__	i don't have the directory /root/bin. can i just create it manually, or would this usually be autocreated by something else?	10:11
cjwatson	nothing would autocreate that	10:11
cjwatson	you can create it manually if you want	10:11
domas	you can create a package that autocreates it	10:12
domas	\o/	10:12
dayo__	thanks, guys.	10:12
* MenZa creates domas.		10:13
ariphone2G3G	hi	10:13
domas	I'm already here/there/somewhere!	10:13
ariphone2G3G	someone could help me plz with pptp server ; ?	10:13
domas	shiiiit, /me kicks forcedeth multiple times, more and more and more	10:27
ariphone2G3G	domas ...	10:27
domas	what	10:27
domas	pptp server? just run it!	10:27
ariphone2G3G	after connecting to it i get disconnected after exactly one min ;...	10:28
Kartagis	hello	12:25
Kartagis	i've read and applied https://help.ubuntu.com/8.04/serverguide/C/postfix.html and yet i get the error Jan 30 14:20:59 ozses postfix/smtpd[29010]: warning: cannot get private key from file /etc/ssl/private/smtpd.key / Jan 30 14:20:59 ozses postfix/smtpd[29010]: warning: TLS library problem: 29010:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:399: / Jan 30 14:20:59 ozses postfix/smtpd[29010]: can	12:27
Kartagis	not load RSA certificate and key data. how come?	12:27
uvirtbot`	New bug: #323158 in dhcp3 (main) "alt installer looping, dhcp request every second" [Undecided,New] https://launchpad.net/bugs/323158	13:31
refnumzx	I have been trying for a bit now to get kvm 83 from jaunty into intrepid. Someone here suggested prevu to try and build an intrepid deb from jaunty. I read the documentation and followed the instructions. I am getting a problem satisfying deps. . Selecting previously deselected package pbuilder-satisfydepends-dummy.	14:17
refnumzx	pbuilder-satisfydepends-dummy depends on debhelper (>= 7.0.17ubuntu2);	14:17
refnumzx	I have tried prevu debhelper. Then prevu-update as directed in the docs. The error does not change. Any suggestions?	14:17
PecisDarbs	refnumzx: usually you have to modify control file or rules file in debian/ subdirectory of the source	14:22
PecisDarbs	refnumzx: they contain depencies and intrepid and jaunty depencies of course will be different...a little bit, but still	14:22
domas	meh, more forcedeth crashes	14:22
PecisDarbs	domas: it still crashes? :)	14:22
* PecisDarbs remebers when it was introduced first....crashed as hell		14:23
domas	PecisDarbs: "soft lockup"	14:23
PecisDarbs	domas: oohhh dear	14:23
domas	meh, will just use vanilla 2.6.28.2 kernels	14:23
domas	though... I did all workarounds mentioned in server manual	14:23
domas	server was both receiving and pushing out a gigabit of traffic + 100MB/s i/o activity	14:24
domas	and it locked up	14:24
refnumzx	PecisDarbs: i thought that is whatprevuwas ment to handle? i do not know how do modify those files as you describe	14:26
PecisDarbs	refnumzx: it is very important to have packages today or you can wait for a day or two?	14:27
soren	refnumzx: It's really rather simple..	14:27
PecisDarbs	refnumzx: I could try to build them, because I will play with KVM next few months anyway	14:27
soren	refnumzx: Add a deb-src line to your sources.list for Jaunty	14:27
soren	And run:	14:27
soren	sudo apt-get build-dep kvm	14:28
soren	apt-get source kvm	14:28
soren	cd kvm-83+dfsg	14:28
soren	sudo apt-get install fakeroot	14:28
soren	dpkg-buildpackage -rfakeroot -b -uc -us	14:28
soren	Done.	14:28
refnumzx	soren: there are a number of deb-src lines in the sources.list file. which do i need to add from the jaunty archive?	14:36
soren	One with main in it	14:37
soren	Something like	14:37
soren	deb-src http://se.archive.ubuntu.com/ubuntu jaunty main	14:38
refnumzx	thanks.	14:38
Doonz	hey guys. i was using screen in my shell i was brosing the net using elinks. it crashed on me so i killed the window it was in. now when i lauch screen it starts up and then when it asks you to hit enter and returns you to the shell it gives me a whole bunch of errors and doesnt work. any ideas?	14:47
Kartagis	i've read and applied https://help.ubuntu.com/8.04/serverguide/C/postfix.html and yet i get the error Jan 30 14:20:59 ozses postfix/smtpd[29010]: warning: cannot get private key from file /etc/ssl/private/smtpd.key / Jan 30 14:20:59 ozses postfix/smtpd[29010]: warning: TLS library problem: 29010:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:399: / Jan 30 14:20:59 ozses postfix/smtpd[29010]: can	14:58
Kartagis	not load RSA certificate and key data. how come?	14:58
ScottK	Kartagis: Is it you who is posting to the postfix-users list about this same question.	15:00
Kartagis	ScottK, yes	15:01
ScottK	Kartagis: Did you get your question answered then?	15:01
Kartagis	ScottK, I posted a reply to Wietse's post	15:02
eolo999	hi, is it allowed to log apache errors to multiple locations?	15:02
ScottK	If you gave a password when you made the cert, that's definitely a problem.	15:03
cjwatson	if somebody could look into bug 323158, I'd appreciate it; I'm very unfamiliar with the internals of dhclient	15:03
uvirtbot`	Launchpad bug 323158 in dhcp3 "alt installer looping, dhcp request every second" [Undecided,New] https://launchpad.net/bugs/323158	15:03
eolo999	in other words to have two ErrorLog directives	15:03
domas	oooooh, I have a question! what are pros/cons of irqbalance?	15:03
domas	as in, why would anyone not run it?	15:04
domas	(or why it wouldn't be on by default on ubuntu server)	15:04
Kartagis	ScottK, it asked me a password, so i gave one	15:06
ScottK	that's your problem.	15:07
ScottK	Redo the cert and just leave it blank.	15:07
Kartagis	okay thanks	15:07
ScottK	Kartagis: Please take a look at those docs and see what they lack that led you astray. Then file a bug against ubuntu-doc explaining what went wrong and what it needs to say that it didnt'	15:08
ScottK	Kartagis: That way the next person to come along doesn't have the same problem.	15:08
ScottK	sommer: ^^^	15:08
Kartagis	ScottK, it gave me You must type in 4 to 8191 characters when i left the password blank	15:13
ScottK	Odd.	15:13
ScottK	Then there's something else about what you are asking it.	15:13
ScottK	Did you see the posted link in that thread to the community docs page?	15:13
ScottK	See if that invokes openssl any different.	15:13
ScottK	I'm in a meeting right now, so I can't focus on it.	15:14
Kartagis	https://help.ubuntu.com/community/Postfix?action=recall&rev=43 ?	15:14
ScottK	In about an hour I can probably help you get it sorted.	15:14
ScottK	I think so.	15:14
Kartagis	i'll be back on Monday	15:14
Kartagis	or maybe this weekend	15:14
Kartagis	bbl ScottK, thanks	15:28
MadChopr	so, i'm trying to configure Amanda Backup client on Ubuntu 8.10... should I install xinetd? or should I be doing something else?	15:30
MadChopr	(well amanda server and client on the same machine)	15:30
barduck	how can I make ubuntu server automount my external USB drive like ubuntu desktop does? I tried usbmount but it doesn't automount the disk (its NTFS)	15:30
jmedina	barduck: I think there is not the same support for ntfs as in the desktop	15:34
jmedina	Im not sure, in the desktop is supported by fuse, never tried to mount ntfs in a desktop :D	15:34
barduck	jmedina: I can mount it manually without a problem. but I want it to automount it each time I plug the USB drive	15:35
jmedina	probably with autofs	15:35
jmedina	like in the old times :D	15:35
Deeeps	or using a udev script	15:36
barduck	hmmm...never used autofs, I will go google it. I read that usbmount is a light and easy sctipt that can do this	15:36
barduck	but I am not sure if it is supposed to work for ntfs	15:36
barduck	usbmount uses udev	15:36
Deeeps	i'd recommend that approach personally	15:37
barduck	I am not sure what to put in the usbmount.conf, fdisk says the filesystem is HPFS/NTFS but when I mount it df -T says is is fuseblk	15:37
jmedina	Deeeps: yeap, udev is the new way	15:37
barduck	so if usbmount uses udev, it is supposed to work somehow ?	15:37
Deeeps	indeed, it's mounted using ntfs-3g, which is built around fuse	15:38
jmedina	then you have fuse support :D much better	15:38
Deeeps	so fileststem would be ntfs or ntfs-3g	15:38
Deeeps	filesystem*	15:38
barduck	should try to put ntfs or ntfs-3g in usbmount.conf ?	15:38
Deeeps	yep	15:38
barduck	ok, will try. If that doesn't work, next thing is to write udev script for that particular drive ?	15:39
Deeeps	that would be my approach, yep	15:39
barduck	ok, I will try. gona be tough battle for me but I will give it a shot	15:39
barduck	thanks	15:40
barduck	udev just calls whatever in /etc/udev/rules.d/ for each change, right ?	15:42
Deeeps	i believe so	15:42
=== _AshTray- is now known as AshTray-
dou213	hey guys, how can i fetch my external ip from shell?	15:49
Deeeps	if ifconfig doesn't display it, `wget -q -O - http://whatismyip.org` should	15:49
dou213	ifconfig only displays my internal ip	15:50
dou213	i'm behind a router	15:50
Deeeps	same way you do on windows then, query a page for your ip, or query your router	15:50
Deeeps	i gave an example above	15:50
Deeeps	one way to store the IP somewhere for a script to use, would be:	15:51
dou213	Deeeps, y thx it worked ;) which would be the cmd to query the router?	15:51
Deeeps	MYIP=`wget -q -O - http://whatismyip.org`	15:51
Deeeps	dunno, depends on your router, read your router's manual to see if it provides any interfaces, otherwise you'd have to write a script to scrape the information out of it from http/telnet	15:52
MadChopr	anyone have experience running Amanda server and client on Ubuntu 8.10? I'm, wondering if I should install xinetd like this tutorial for Ubuntu 6.06 says: http://ubuntuforums.org/showthread.php?p=2470030 (it's the closest thing I can find to a tutorial on how to configure Amanda on Ubuntu.	16:21
ivoks	i use bacula for backup	16:28
mathiaz	hi ivoks !	16:30
ivoks	mathiaz: hi	16:31
ivoks	mathiaz: have you played with python-ldap in intrepid?	16:31
ivoks	i think that's really broken	16:33
MadChopr	ivoks: yea, that's what i noticed was the native backup in Ubuntu... for some reason i'd rather wrestle with amanda.. maybe because i'm an idiot	16:33
mathiaz	MadChopr: FYI bacula is the supported backup solution in Ubuntu (it's in main) while amanda is in universe.	16:34
mathiaz	ivoks: I haven't.	16:34
MadChopr	mathiaz: thank for stating that... again, i don't know why i'm trying to use amanda, maybe because i'm an idiot :P	16:34
ivoks	i get really strane errors with it	16:35
ivoks	strange	16:35
MadChopr	mathiaz: i'm afraid that bacula isn't as scalable as amanda for one thing.	16:35
ivoks	simple import ldap, sys	16:35
ivoks	and 'for arg in sys.argv: print arg'	16:35
ivoks	spits out total nonsene	16:35
ivoks	nonsense	16:35
ivoks	but it doesn't if i start python shell	16:36
mathiaz	MadChopr: how come it's not scalable? where would be the shortcomings?	16:36
ivoks	MadChopr: that's really strange conclusion	16:36
ivoks	MadChopr: bacula is far more flexibile :)	16:36
MadChopr	mathiaz, ivoks: from reading about the comparisons people have made between the two packages.	16:37
MadChopr	one of the arguments was that bacula uses mysql, and amanda uses postgres;	16:37
ivoks	lol	16:37
ivoks	bacula uses sqlite\|sqlite3\|mysql\|postgre	16:37
ivoks	whatever you want	16:37
MadChopr	ah didn't realize	16:37
ivoks	amanda doesn't do backups over two tapes	16:38
ivoks	it can't continue backup on another tape, when one is finished	16:38
ivoks	only that makes it pale comparing to bacula	16:38
MadChopr	can bacula do many backups to one tape?	16:39
ivoks	yes	16:39
mathiaz	ivoks: your python script example works well here	16:39
ivoks	mathiaz: which version is that?	16:39
MadChopr	thanks ivoks, maybe i'm convinced...	16:39
mathiaz	ivoks: http://paste.ubuntu.com/111760/	16:40
mathiaz	ivoks: on intrepid	16:40
ivoks	odd	16:40
MadChopr	does bacula support windows98?	16:40
MadChopr	as a client?	16:40
MadChopr	i should join #bacula	16:40
* jmedina uses bacula with a tape library with 16 tapes		16:41
ivoks	mathiaz: http://paste.ubuntu.com/111761/	16:41
ivoks	mathiaz: :)	16:41
ivoks	MadChopr: it suppports windows	16:41
MadChopr	ivoks, thank you	16:42
mathiaz	ivoks: /home/ivoks/ldap.py <- ??	16:42
mathiaz	ivoks: File "/home/ivoks/ldap.py", line 8, in <module>	16:42
MadChopr	ivoks: is there a irc channel (looked on efnet and freenode and find nothing)	16:42
MadChopr	atleast in #bacula	16:42
ivoks	mathiaz: right... and there's no 8 lines in the file :)	16:42
mathiaz	MadChopr: http://bacula.org/en/	16:43
MadChopr	nevermind, i'm an idiot	16:43
jmedina	:)	16:43
jmedina	is there anything similar to redhats chkconfig?	16:43
mathiaz	ivoks: what's the content of /home/ivoks/ldap.py ?	16:43
jmedina	I like to use chkconfig --list servicename to get a list about runleves this services is configured	16:44
ivoks	aaaaaaaaaaaarrrrrrrrrrrr /me stupid	16:44
ivoks	mathiaz: right.. it imported ldap from current directory :)	16:44
ivoks	instead from library :)	16:44
mathiaz	jmedina: there is a chkconfig package in intrepid	16:45
MadChopr	do you guys have bacula configured with MySQL or Postgre ?	16:46
ivoks	i have with mysql and sqlite	16:46
ivoks	but i've tested with postgre	16:47
MadChopr	okay	16:47
jmedina	I always used with mysql under slackware, gentoo, centos but in ubuntu I use sqlite	16:47
MadChopr	thanks ivoks and jmedina	16:48
jmedina	I have a howto (in spanish) about bacula, it is the implementation for a customer	16:49
jmedina	but there is no better documentation than the official	16:49
MadChopr	nice, i'll read through the ubuntu docs and the official... apt-get remove amanda'ing right now	16:50
ivoks	bacula in ubuntu is works-out-of-the-box :)	16:52
jmedina	ivoks: yeap I like that, and with dvd support integrated :D	16:52
ivoks	jmedina: you use bacula in ubuntu?	16:52
jmedina	ivoks: yeap, in dapper and hardy	16:52
ivoks	so, how do you like it in hardy?	16:52
ivoks	there was an update recently	16:53
jmedina	ivoks: ti works fine, here is backing up only 4 servers, but with a customer is backing up 1 centos, 1 gentoo, 1 ubuntu, 2 windows (sap dbs) and about 50 linux desktops	16:53
jmedina	I only remember a bug about the catalog	16:54
jmedina	with another customer backing up 30 xen vm machines	16:54
ivoks	which bug?	16:54
jmedina	there was a but about the script that generates the catalog, I think it was something about permisions to the database	16:55
ivoks	oh, right	16:55
jmedina	im not sure, it was probably a year about	16:55
jmedina	ago	16:55
ivoks	that was fixed	16:55
ivoks	path was wrong	16:55
ivoks	but that was only with our new catalog-backup script	16:56
jmedina	I only use hardy as server	16:56
jmedina	yeap, that one	16:56
ivoks	which catalog backup script do you use? ubuntu's awk or bacula's default?	16:56
jmedina	ivoks: you are ubuntu developer?	16:56
ivoks	we ship ubuntu script by default	16:56
jmedina	ivoks: afaik awk	16:56
ivoks	jmedina: i'm watching over bacula in ubuntu	16:56
jmedina	good I still remember a but that created a 644 file in / in edgy or something	16:57
ivoks	so, i'm interested in how people use it or do they use it at all	16:57
jmedina	s/but/bug/	16:57
ivoks	since we don't get lots of feedback	16:57
ivoks	644?	16:58
ivoks	i think edgy didn't have bacula supported	16:58
jmedina	a file or dir named 644 or 755 in /	16:58
ivoks	iirc, we support bacula since 7.10 or something like that?	16:58
jmedina	well not sure if was edgy, I was backporting bacula from edgy or feisty to dapper	16:59
jmedina	I think 1.39 was introduced in edgy	16:59
jmedina	not sure	17:00
ivoks	right... real bacula clean up was in 8.04	17:00
ivoks	that was first release with supported bacula, iirc	17:00
jmedina	ivoks: what you mean with "supported" in main?	17:00
ivoks	yes	17:01
jmedina	ok	17:01
jmedina	ivoks: I hope you can help me with this doubt	17:01
jmedina	can I get a list of the packages I have installed from universe repository?	17:02
ivoks	with some scripting, yes	17:02
jmedina	:S	17:02
ivoks	i'm not aware of any program that can do that for you	17:03
jmedina	I want to get a list because I need to know which packages are not "supported" and probably work with them to introduce it to main or something	17:03
dayo__	MadChopr: u should also look at BackupPC: http://www.howtoforge.com/linux_backuppc	17:04
MadChopr	dayo__: thanks will look into it... why did you mention it?	17:08
dayo__	MacChopr: u thought u were talking about bacula for creating backups?	17:24
jmedina	ivoks: where can I suscribe to see bacula changes?	17:32
ivoks	in ubuntu?	17:32
ivoks	there's /usr/share/doc/bacula-*/changelog.gz :)	17:32
jmedina	:D, mm I was thinking about pending bugs, new proposed changes and like that	17:34
maxb	jmedina: grep-status -sPackage -FSection universe	17:35
ivoks	on launchpad	17:35
jmedina	maxb: ?	17:36
ivoks	https://edge.launchpad.net/ubuntu/+source/bacula	17:36
maxb	17:02 < jmedina> can I get a list of the packages I have installed from universe repository?	17:36
jmedina	but what you mean with that sentence?	17:37
dou213	hey guys, i want to restrict on my ssh-server the connection-attempts to 3... how can i do it? in /etc/ssh/sshd_config maybe "MaxAuthTries 3" ?	17:37
dou213	i know about fail2ban, just wandering if it is possible this way too	17:38
jmedina	dou213: that wont stop attackers	17:38
jmedina	or robots	17:38
jmedina	they can retry auth	17:38
dou213	jmedina, u mean "MaxAuthTries 3"?	17:38
dou213	or fail2ban?	17:39
jmedina	maxaut..	17:39
dou213	hmm... damn, so fail2ban is better yes?	17:39
jmedina	well I better change the port and only allow key based auth	17:40
jmedina	with that I forget about brute force attacks	17:40
ScottK	dou213: You can do it in iptables.	17:40
dou213	ScottK, how?	17:41
jmedina	that is another option with the LIMIT target	17:41
dou213	thx jmedina	17:41
jmedina	match	17:41
ScottK	yeah. that	17:41
dou213	dunno what u guys are talking, maybe some insight? :)	17:41
dou213	or preferable documentation links	17:42
jmedina	dou213: http://www.cyberciti.biz/tips/howto-limit-linux-syn-attacks.html	17:45
jmedina	that is using iptables using recent match and limit	17:46
jmedina	and here another http://www.debian-administration.org/articles/187	17:46
jmedina	there is also the port knocking option using iptables :D	17:46
jmedina	I implement it using shorewall	17:47
dou213	jmedina, thx for ur trouble	17:48
* dou213 is reading..		17:48
jmedina	maxb: where do I have to grep for those fields?	17:59
maxb	I gave you an exact command line to run	18:00
dou213	if i may ask, a good tutorial (one which you already checked out) to install a web server (apache) and database server (mysql) ? but pls make sure u checked it (followed it urself)	18:19
_ruben	dou213: sudo apt-get install lamp-server^ ... done .. apache2+mysql+php all ready to go	18:20
dou213	_ruben, nice tutorial :D:D	18:20
dou213	ok thx	18:21
jmedina	taskselect and select LAMP	18:21
_ruben	which is the same	18:21
dou213	thx, i was kinda looking for something like this: http://www.howtoforge.com/perfect-server-ubuntu-8.10	18:23
dou213	was interested if anyone has followed such a tutorial and can recommend one	18:23
domas	perfect ubuntu server runs just mysql!!!!	18:24
* ScottK is fairly certain anything perfect doesn't have mysql in it.		18:24
dou213	i've unleashed pandora's box :P	18:25
domas	:(	18:25
domas	usually people who have never properly used mysql say so! :)	18:26
domas	\o/ found some fedora box, deadlocked immediately: http://p.defau.lt/?N82mJbAJ31bLoJBb5lbNmA	18:28
Deeeps	jmedina: tasksel*	18:28
jmedina	maxb: thanks, I thought grep-status was mispelled	18:31
ScottK	domas: I am not a SQL/RDBMS heavy weight, but I've work on projects with people that were. Pretty universally they prefer Postgresql.	18:38
dou213	guys, would it be safe to remove apparmor?	18:40
domas	dou213: yes. no.	18:40
dou213	in the tutorial i sent u, they advice to do that	18:40
domas	ScottK: :) my major field is web database heavyweights	18:40
domas	ScottK: there PG is nonexisting, and MySQL is everywhere	18:40
jmedina	one of my customers have a 800GB DB and they use postgresql	18:40
dou213	domas, so it depends...	18:40
domas	dou213: nothing will break, though security will become a bit worse :)	18:41
jmedina	they said they tested everthing even running psql under aix, but it performed better under linux	18:41
ScottK	dou213: Why do you want to do that?	18:41
domas	well, some our customers have thousands of mysql servers :)	18:41
dou213	ScottK, it's an advice i've read on this tutorial : they say if not removed, ISPconfig won't work	18:41
domas	dou213: doesn't make sense...	18:42
domas	dou213: by default there're nearly no apparmor profiles	18:42
domas	only few packages come with those	18:42
dou213	kinda thought that too ... that's why i asked	18:42
domas	damn, I was forced to deploy vanilla kernels, now don't have apparmor :(	18:43
domas	on database boxes	18:43
domas	no need, of course %)	18:43
dou213	http://www.howtoforge.com/perfect-server-ubuntu-8.10-p3 ---> at the end	18:45
domas	dou213: I can certify that guide author is an idiot!	18:46
* domas ducks		18:46
domas	a) it is very easy to find out when apparmor blocks anything, because thats what audit logs are for	18:46
dou213	shit :(	18:47
domas	b) apparmor is one of best security practices out there for net-facing systems	18:47
dou213	hmm... domas, if i wanna reinstall apparmor as it was before: sudo apt-get install apparmor apparmor-utils ?	18:48
domas	I understand managing selinux is way more complicated	18:48
* kees loves apparmor		18:48
domas	kees: you're security engineer, you have to.	18:48
kees	domas: hah, no, plenty of people hate AA. :)	18:48
domas	kees: I'm working now on a project to wrap whole codebase into proper AA profiles, with proper hats, etc	18:49
jdstrand	not me!	18:49
maxb	Urgh. The guide author is doubly silly for recommending manual use of update-rc.d	18:49
kees	domas: nice!	18:49
jdstrand	I <3 AA	18:49
domas	kees: well, 'our codebase' in my hobby project	18:49
kees	dou213: your apt-get will re-install the AA tools, yes, but you need the kernel support compiledin	18:49
domas	but it is huge codebase	18:49
dou213	kees, that means?	18:50
dou213	i already did : "/etc/init.d/apparmor stop	18:50
dou213	update-rc.d -f apparmor remove"	18:50
domas	anyway, apparmor makes sense when you use it	18:52
domas	it will not do anything by itself	18:52
domas	(except for few packages that put in profiles)	18:52
dou213	oh so i get it i can remove it, since i won't use it	18:53
domas	shrug	18:54
dou213	without making the webserver and ssh-server insecure	18:54
dou213	?	18:54
domas	let me show you an example of an apparmor profile	18:54
domas	I'm not entirely happy with it yet, but..	18:54
domas	http://p.defau.lt/?xovyedW457Rpz94srZHShg	18:57
domas	you can see that for quite complex codebase I can narrow execution a lot	18:57
domas	there're few other projects in mind to make this way more secure (like not use sh for PHP sub-process invocation, etc)	18:57
kees	dou213: why did you disable it?	18:58
dou213	to be honest, i don't understand very much about it, but it was interesting to see what u're working on... :)	18:58
dou213	want to install that ispconfig	18:59
dou213	kees, maybe i can reverse it?	18:59
kees	dou213: I highly recommend reinstalling it and leave it on. if a profile gets in the way, you can turn off that profile with aa-complain	18:59
kees	dou213: sudo apt-get install apparmor apparmor-utils; sudo /etc/init.d/apparmor start (if it hasn't already)	18:59
dou213	kees, that's it?	18:59
kees	dou213: then "sudo aa-status" will show you want it's up to	19:00
kees	dou213: yeah, if you have a normal Ubuntu kernel	19:00
dou213	"update-rc.d -f apparmor remove" what did this cmd do and how can i reverse it?	19:00
kees	dou213: though, since you did a "stop" you'll either need to restart the services it protects or reboot.	19:00
maxb	dou213: It wiped out the initscript symlinks	19:00
kees	dou213: that ripped apparmor's init logic out	19:00
kees	dou213: "sudo update-rc.d apparmor defaults"	19:01
* domas hugs 'px'		19:01
dou213	ok very many 10x kees	19:01
domas	kees: may I ask few private distro sec engineering questions ?	19:02
domas	kees: how app vendors should do communication, etc	19:02
dou213	sudo /etc/init.d/apparmor start ---> "Loading aa profiles - aa already loaded with profiles.: skipped." guess already loaded	19:02
maxb	kees: Is defaults appropriate here? Don't you need to look up the actual params used from the postinst?	19:03
dou213	kees, "sudo update-rc.d apparmor defaults" ---> System startup links for /etc/init.d/apparmor already exist.	19:03
kees	dou213: use "sudo aa-status" to check on AA	19:03
kees	domas: I'm not sure what you mean	19:04
kees	maxb: hm, good point.	19:04
kees	dou213: "sudo update-rc.d -f apparmor start 37 S ."	19:04
kees	er, no "-f", sorry	19:05
dou213	"sudo update-rc.d apparmor start 37 S ."?	19:05
maxb	But re-run "sudo update-rc.d -f apparmor remove" first, then run the command to put them back	19:05
dou213	so ... first "sudo update-rc.d -f apparmor remove", then "sudo update-rc.d apparmor start 37 S ." ... syntax correct?	19:06
domas	kees: I'm 'paying users' security officer at mysql, so it isn't entirely in my domain, but... what is the best way to approach all linux vendors with security problems, apart from logging into each of their bugs systems?	19:06
maxb	dou213: yes	19:06
dou213	thx u guys	19:06
domas	kees: I'm sure distribution maintainers read our changelogs, but sometimes 'security improvement' may mean 'remote code execution avoided'	19:07
kees	dou213: don't do the remove	19:07
kees	dou213: ah!	19:07
maxb	kees: But without the remove first, the second command will decide you have an existing config that it should not modify	19:07
kees	dou213: if you have a security vulnerability issue, report it to vendor-sec@lst.de. That's a private list of most (if not all) the distros	19:08
dou213	kees, already did sry, what did i do wrong?	19:08
domas	kees: ah, oki, writing down	19:08
kees	maxb: true. I'm not clear what problem is being solved :P	19:08
dou213	ok thx	19:08
dou213	i'm clear now	19:08
dou213	:)	19:08
kees	dou213: does "sudo aa-status" report that apparmor is loaded?	19:09
kees	dou213: cool	19:09
dou213	'sudo aa-status' ---> aa is loaded	19:09
dou213	u really helped me out ;)	19:10
domas	kees: oh, I guess I'm even eligible for membership on the list :)	19:14
dou213	which repositories i gotta activate to install lamp-server?	19:18
ScottK	No extra ones	19:18
dou213	E: couldn't find package lamp-server	19:19
ScottK	It's not a package, it's a task. Run tasksel	19:19
MadChopr	gah.. i'm having a hard time with bacula nonetheless	19:24
MadChopr	i need a break	19:24
yann2	bacula is really tough to setup :/	19:27
MadChopr	thanks for the support :)	19:28
yann2	well ask your question ;)	19:29
yann2	I'm at the "i got my home backed up to the same pc" with bacula so not that far :)	19:29
uvirtbot`	New bug: #323324 in mysql-dfsg-5.1 (universe) "package mysql-server-5.1 5.1.30-2ubuntu5 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/323324	19:40
MadChopr	yann2: i have no clue really what's going on right now... but... i poked holes in ufw on 9101, 9102, and 9103... when i type 'bconsole' to 'label' my tape... it tries to connect to the 'storage daemon' on 9103, and fails... i've restarted both /etc/init.d/bacula-sd and bacula-dir and still no solution.	19:43
yann2	check the passwords?	19:44
MadChopr	i didn't really check the passwords, lemme check that out.. i just figured ubuntu automatically filled all that stuff in during the config	19:44
yann2	my tests with bacula on hardy show that the packages are a mess, that the documentation is missing and that it is generally very complex	19:44
yann2	yes ok	19:44
yann2	if I get it to work I'll write something down I promise ;)	19:45
MadChopr	yann2: good :)	19:45
axisys	failed to install the ubuntu server on t1000 .. this is how far I came .. http://pastebin.com/d6718eeb4	19:49
MadChopr	yann2: well, it looks like the passwords are in the right spots	19:51
MadChopr	yann2: i just opened up the postgresql port (5432) still no movement forward.	20:07
davertron	hi, anyone here can help out with a postfix install on intrepid?	20:38
Bryan	is there a way I can get the original sources.list? I was an idiot and replaced my personal computer's sources.	20:44
jmedina	Bryan: which version?	20:45
Bryan	server 8.04 I do believe	20:45
Bryan	eah	20:46
Bryan	yeah*	20:46
Bryan	8.04	20:46
Bryan	kernel 2.6.24-19-server	20:46
jmedina	http://verde.e-compugraf.com/jm-confs/apt/hardy-server/	20:46
jmedina	there is mine	20:46
Bryan	Thanks :D	20:47
Bryan	Okay, I have one more question. Is there an easy way to change the server in the sources (other than doing a replace in the file)?	20:48
Bryan	Because there is a mirror here on campus, and I wanted to change it to that	20:49
lamont	davertron: having said that, what is the issue?	20:51
lamont	ScottK: doncha love content-free questions?	20:54
lamont	hrm... was that my out-loud voice?	20:54
davertron	i seem to be having issues setting up postfix	21:02
davertron	i apt-get installed postfix, but then when i execute "netcat localhost 25", i see that i'm running Sendmail; if i then type "apt-get remove sendmail", it says it isn't installed	21:03
davertron	i'm a bit confused :)	21:03
lamont	it probably isn't configured	21:05
lamont	dpkg-reconfigure -pmedium postfix	21:05
lamont	wait.	21:06
lamont	what tells you you're running sendmail?	21:06
lamont	and what does 'ps aux \| grep sendmail' say?	21:06
ivoks	apt-get purge sendmail.*	21:08
redvamp128	I was asked a question that I didn't know the answer-- Can ubuntu-server run putty?	21:09
lamont	redvamp128: normally, we just run openssh-{server,client} rather than trying to run the windows implementation of the same....	21:10
ivoks	putty is a client for ssh servers	21:11
lamont	so if you're trying to use putty to get into an ubuntu-server install, you need to apt-get install openssh-server	21:11
redvamp128	ahh ok	21:11
ivoks	redvamp128: and, on questions starting with 'Can Ubuntu...', the answer is always 'Yes'.	21:12
ivoks	:)	21:12
redvamp128	What they want to do is get a system up cheap-- to replace what is in the motel	21:12
ogra	Can Ubuntu send me ivoks to do my dishes ?	21:12
lamont	ivoks: although sometimes a not-insignificant amount of coding is yet to be done...	21:13
ivoks	Yes, it can	21:13
ogra	lol	21:13
ivoks	:D	21:13
lamont	ogra: that's part of the fee-based program	21:13
redvamp128	All it needs to do is the following-- Assign Ip addresses - over wireless- to dish out a web page a "E-host" page	21:13
ivoks	ogra: for a small amount of $$$$$, you can get even ivoks doing your dishes	21:13
redvamp128	I knew that ubuntu-server could do it-	21:13
lamont	dhcp3-server	21:13
ogra	lol	21:13
ogra	ivoks, my GF loves you she says	21:14
redvamp128	just when they asked -- will it have putty? I didn't know the answer	21:14
ivoks	ogra: i wonder what would my gf respond to that...	21:14
ogra	giggle	21:14
lamont	and no, it won't have putty. it'll have mother-of-putty :-D	21:14
redvamp128	I had actually never heard of putty-- last server for dhcp I set up years ago-- running slackware	21:14
ivoks	it's like asking if it would have volkswagen, while it's running porsche	21:15
redvamp128	It is still running today-- for a network with 10 computers and 3 servers-	21:15
ivoks	dhcp is quite stupid protocol	21:16
ivoks	there isn't much to brake	21:16
ivoks	that could be the reason why it's still running :)	21:16
redvamp128	To laugh though it runs great on a PII slot	21:16
redvamp128	300mhz cpu and 128mb of memory and a 10 gig hard drive	21:17
redvamp128	The current server has just had a bad memory lapse of what IP addresses it can assing and it is windows based.	21:17
redvamp128	and also forgets it needs to give out the "e-host" page-	21:18
redvamp128	Though I think on monday I will just tell them to go with the 3,000$ package which comes with a years worth of support. (instead of dealing with it myself) I am a maintenance man- at a Holiday Inn Express.	21:20
redvamp128	I don't make enough to deal with all the hassles	21:21
redvamp128	Thanks for the answers though..	21:21
ivoks	i'll sell you support for 2000$ :)	21:26
ivoks	oh, he left, darn...	21:27
dou213	can somebody help me with mysqld ?? Error: http://pastebin.com/d2c1b4524	21:27
ivoks	what did you do with mysql?	21:27
ivoks	any special custom config?	21:27
dou213	trying to install lamp	21:28
dou213	so that everything works smooth	21:28
ivoks	so, this is default install?	21:28
dou213	*smoothly	21:28
dou213	ivoks, yes	21:28
dou213	http://www.zeroathome.de/wordpress/lamp-linux-apache-mysql-php/	21:28
dou213	something like that	21:28
dou213	tried it with lamp-server from taskel first, same error	21:29
ivoks	so, you are on the first step for mysql?	21:29
dou213	y	21:29
ivoks	try this:	21:30
ivoks	debconf_DEBUG=developer dpkg --configure -a	21:30
ivoks	bah	21:30
ivoks	DEBCONF_DEBUG=developer dpkg --configure -a	21:30
ivoks	and paste output on pastebin	21:30
dou213	http://pastebin.com/dd06ce46	21:31
dou213	ivoks, or maybe if u have a working lamp tutorial (already tested by urself) i would really appreciate it	21:32
ivoks	i just install apache2 and mysql-server	21:33
ivoks	and that works	21:33
ivoks	so, this tutorial isn't wrong	21:33
ivoks	and it should work	21:33
ivoks	check /var/log/syslog	21:33
rene-	hello	21:34
ivoks	it should have some info why it didn't start	21:34
dou213	ivoks, can i send u in prv msg?	21:34
rene-	i am using the asterisk provided package and i am seeing some issues with it, first, it tries to record to /usr/share/.... and there seems no way to change where is it record except with absolute paths, second, it wont play lots of gsm audios that other asterisk systems play just fine	21:35
ivoks	ok	21:35
rene-	appreciate all the help i can get on this one, i have ubuntu server 8.10	21:35
ivoks	rene-: asterisk isn't quite supported yet, but you are welcome to report bugs	21:36
ivoks	rene-: that would help us make it better	21:36
ivoks	dou213: ps ax \| grep mysql	21:36
ivoks	dou213: and ls -dl /var/run/mysqld/*	21:37
rene-	sure	21:37
dou213	ls: cannot access /var/run/mysqld/*: No such file or directory	21:38
hads	Use FreeSWITCH :)	21:38
ivoks	dou213: how about ls -dl /var/run/mysql*	21:38
dou213	ok returned something	21:39
ivoks	what? :)	21:39
dou213	* 2 mysql * 40 Sep 19 15:23 /var/run/mysqld	21:40
dou213	the '*' are added by myself as substitution for sensitive data	21:41
ivoks	disclose first ***	21:41
ivoks	it should be drwxr-xr-x	21:42
dou213	drwxr-xr-x	21:42
ivoks	and the second is root	21:42
dou213	lol :) yes	21:42
ivoks	those aren't sensitive data	21:42
ivoks	hm	21:42
ivoks	open a terminal	21:43
ivoks	run in it 'tail -f /var/log/syslog'	21:43
ivoks	hit enter couple of time, so you would know when you started tracking logs	21:43
ivoks	in other terminal run 'dpkg --configure -a'	21:43
ivoks	and then paste all the logs somewhere	21:43
ivoks	and, if you worry about sensitive data, send me a link over PM	21:44
dou213	if u tell me there is no sensitive data, then i trust u	21:44
ivoks	well, i can't tell that	21:45
ivoks	just give me the link over PM :)	21:45
dou213	paste it in pastebin y?	21:46
ivoks	y	21:46
dou213	could it be that some kind of socket is not existing?	21:47
ivoks	socket is generated on start	21:48
dou213	sent it 2 u	21:50
ivoks	i asked if you have custom configuration	21:52
ivoks	like, changed mysql variables	21:52
ivoks	you changed mysql config and this isn't default install	21:53
ivoks	then you should know that ubuntu comes with apparmor security framework	21:53
dou213	oh ... sry, thought u mean something else with custom configuration	21:53
ivoks	which doesn't allow mysql to write outside of designated places	21:53
ivoks	easiest fix would be to put apparmor to complain mode	21:53
ivoks	aa-complain /etc/apparmor.d/usr.sbin.mysqld	21:54
ivoks	after that dpkg --configure -a will work	21:54
dou213	aham, so either i keep the custom config or put aa to complain mode ?	21:54
ivoks	or modify apparmor profile	21:54
ivoks	it's easy to do it	21:54
dou213	can u teach me how?	21:54
ivoks	open /etc/apparmor.d/usr.sbin.mysqld in your favourite editor and dig in	21:54
dou213	ok ivoks, thx v. much	22:00
ivoks	dou213: once you put apparmor profile in complain, it stays that way untill you enforce it again	22:03
ivoks	so, on reboots, everything is like you want it to be	22:03
ivoks	good night	22:04
dou213	ok it worked now, if i want to put apparmor profile in normal again (as it was before), will it interfere with mysqldaemon?	22:05
dou213	oh	22:05
dou213	ok	22:05
dou213	thx very much	22:05
ivoks	yes, it will	22:05
ivoks	it will kill it	22:05
dou213	:( hate it when it does that	22:05
dou213	:D	22:05
dou213	good night	22:05
ivoks	then fix config for your custom settings	22:05
ivoks	i told you how	22:05
ivoks	and even where and what in private	22:05
dou213	yeap	22:06
ivoks	i don't know what else one can expect	22:06
dou213	nothing more, my expectations were were surmatched	22:07
ivoks	take care, bye	22:07
dou213	u2 mate	22:08
Omar87	How do I activate Mod_Python?	22:36
jmedina	a2enmod?	22:45
kansan	anyone know how to adjust /etc/ssh/sshd_config so that when a SSH connection is made on port 5000 (assuming you're already listening on port 5000), it gets forwarded to port 4000?	23:02
jmedina	kansan: I think you need to create a ssh tunnel, which has noting to do with sshd_config	23:11
rdw200169	kansan, yah, i think you	23:18
rdw200169	kansan, are thinking of 'reverse tunneling'	23:19
rdw200169	kansan, here's what i got first on a google search: http://lericson.se/docs/reverse-port-forwarding-openssh/	23:20
kansan	ah	23:31

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!