Rafaelerror 25 anybody know what it is?00:17
maxbwithout more context, no, no way at all00:19
orudiehi, how can i change timezone ?01:00
rdw200169run the command tzselect01:01
Bangers1I have a cron job that puts all output into a file .. how can I then after that cron job runs, email that file to myself?01:03
Bangers1* * * *  /foo/script.log > /tmp/file.log 2>&101:03
Bangers1can I do:   * * * *  /foo/script.log > /tmp/file.log 2>&1 ; cat /tmp/file.log | mailx -s "email" email@email.com ?01:04
rdw200169Bangers1, some metioned here the other day that there's a way to do it with postfix, but i can't remember what he said01:05
rdw200169Bangers1, i've always done it with the program sendemail though01:05
Bangers1i dont care what program I use, mailx or whatever...01:06
Bangers1My question might be cron syntax related?01:06
jmedinaBangers1: well that cat is extra01:07
jmedinapipe the output from script.log directrly to email :D01:08
maxbBangers1: Doesn't cron email all output from jobs to the invoking user anyway?01:08
Bangers1That's true, but I still want that file written to the system for keeping in the future (output file is /tmp/file.log.$(date)01:10
jmedinathen use tee01:10
maxbWell, how about foo 2>&1 | tee -a mylog.log01:10
Kamping_Kaiserwhy not set the MAIL= flag in your crontab ?01:11
Kamping_Kaiserah, we've established that *finishes reading up*01:11
Bangers1if I foo 2>&1 | tee -a mylog.log -- wont i be in the same position I was before?  cron wont have any output to email me...01:13
Bangers1Oh, ignore me.  tee copied output to the FD, and to stdout still01:14
Bangers1ok last question, why does this work?  But adding the $(date) stops it from working?01:27
Bangers1WORKS 25 1 * * 5 /usr/bin/ssh user@server "ls -l" 2>&1 | tee /tmp/file.log | mailx -s "test" email@email.com01:27
Bangers1DOESNT WORK 25 1 * * 5 /usr/bin/ssh user@server "ls -l" 2>&1 | tee /tmp/file.log.$(date +'%F') | mailx -s "test" email@email.com01:27
thehookBangers1: shot in the dark here, but are you 199% sure the syntax is correct?01:29
Bangers1Yep.  it works in bash, but as a cron job it doesnt work01:30
Deeepsuse the absolute path to date01:30
Bangers1hrm, the problem is cron uses 'sh' not bash for the input command, and my command isnt valid for sh01:31
Deeepsah, yes, that too, heh01:32
orudiehow can i check free desk space ?01:48
Nat_RHdf -h is a little easier to read01:51
orudieok, when i do rm -r dir/ , does the space free up ? i just deleted like 3 gb directory01:53
orudieand i think the disk space didnt change01:53
jmarsden|workorudie: Yes, it frees up, unless some other process has the files open.01:53
jmarsden|workIn that case it will free up once that process closes the files concerned.01:54
pirrohhi, are you able to set parameters with setenv.sh for tomcat6? (8.10 server obviously)01:59
=== chmac7 is now known as chmac
pirrohno one around with tomcat6 and 8.10?03:23
StuckMojoanyone know the trick to getting the dual LSI Logic / Symbios Logic SAS1068 PCI-X Fusion-MPT SAS controllers to work with the MD3000 in 8.04 ?04:11
Wickedhmm...just updated...trying to reboot to the new kernel.....shutdown -r now is doing nothing....says its going down to reboot..but 5 mins later and im still in the same session and it never rebooted05:04
Wickedreboot and halt do the same thing....says its going down..but never does05:06
StuckMojonevermind, got it. it was multipath IO, needed to install and configure multipath-tools05:11
uvirtbot`New bug: #313249 in samba4 (universe) "samba problems (dup-of: 278864)" [Undecided,New] https://launchpad.net/bugs/31324905:15
geniiFlannel: My thinking is an Ubuntu-based software port forward howto would be more apt than one for hardware routers. But maybe that's just me :)05:31
geniiSorry, wrong channel :)05:35
ivoksdid anyone notice that unix time 1234567890 is on friday, 13. of february? :)08:17
Kamping_Kaiserrofl. no i didnt08:42
domasivoks: nice08:44
_rubensweet :p08:46
Koonivoks: let's call it "Happy 1234567890" day08:48
Kamping_Kaiserwonder if unix time will end early ;)08:50
henkjanin 2038 we'll have a problem08:51
KoonYeah, about around by 65 years birthday.08:52
Koonmy 65-year birthday I mean08:52
Kamping_Kaisermmm. near my 53rd iirc08:53
KoonJan 19, 2038, and I'm born Jan 18 ;)08:54
KoonJust about the right time to retire.08:54
dayo__i don't have the directory /root/bin. can i just create it manually, or would this usually be autocreated by something else?10:11
cjwatsonnothing would autocreate that10:11
cjwatsonyou can create it manually if you want10:11
domasyou can create a package that autocreates it10:12
dayo__thanks, guys.10:12
* MenZa creates domas.10:13
domasI'm already here/there/somewhere!10:13
ariphone2G3Gsomeone could help me plz with pptp server ; ?10:13
domasshiiiit, /me kicks forcedeth multiple times, more and more and more10:27
ariphone2G3Gdomas ...10:27
domaspptp server? just run it!10:27
ariphone2G3Gafter connecting to it i get disconnected after exactly one min ;...10:28
Kartagisi've read and applied https://help.ubuntu.com/8.04/serverguide/C/postfix.html and yet i get the error Jan 30 14:20:59 ozses postfix/smtpd[29010]: warning: cannot get private key from file /etc/ssl/private/smtpd.key / Jan 30 14:20:59 ozses postfix/smtpd[29010]: warning: TLS library problem: 29010:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:399: / Jan 30 14:20:59 ozses postfix/smtpd[29010]: can12:27
Kartagisnot load RSA certificate and key data. how come?12:27
uvirtbot`New bug: #323158 in dhcp3 (main) "alt installer looping, dhcp request every second" [Undecided,New] https://launchpad.net/bugs/32315813:31
refnumzxI have been trying for a bit now to get kvm 83 from jaunty into intrepid.  Someone here suggested prevu to try and build an intrepid deb from jaunty.  I read the documentation and followed the instructions.  I am getting a problem satisfying deps.  . Selecting previously deselected package pbuilder-satisfydepends-dummy.14:17
refnumzxpbuilder-satisfydepends-dummy depends on debhelper (>= 7.0.17ubuntu2);14:17
refnumzxI have tried prevu debhelper.  Then prevu-update as directed in the docs.  The error does not change.  Any suggestions?14:17
PecisDarbsrefnumzx: usually you have to modify control file or rules file in debian/ subdirectory of the source14:22
PecisDarbsrefnumzx: they contain depencies and intrepid and jaunty depencies of course will be different...a little bit, but still14:22
domasmeh, more forcedeth crashes14:22
PecisDarbsdomas: it still crashes? :)14:22
* PecisDarbs remebers when it was introduced first....crashed as hell14:23
domasPecisDarbs: "soft lockup"14:23
PecisDarbsdomas: oohhh dear14:23
domasmeh, will just use vanilla kernels14:23
domasthough... I did all workarounds mentioned in server manual14:23
domasserver was both receiving and pushing out a gigabit of traffic + 100MB/s i/o activity14:24
domasand it locked up14:24
refnumzxPecisDarbs: i thought that is whatprevuwas ment to handle? i do not know how do modify those files as you describe14:26
PecisDarbsrefnumzx: it is very important to have packages today or you can wait for a day or two?14:27
sorenrefnumzx: It's really rather simple..14:27
PecisDarbsrefnumzx: I could try to build them, because I will play with KVM next few months anyway14:27
sorenrefnumzx: Add a deb-src line to your sources.list for Jaunty14:27
sorenAnd run:14:27
sorensudo apt-get build-dep kvm14:28
sorenapt-get source kvm14:28
sorencd kvm-83+dfsg14:28
sorensudo apt-get install fakeroot14:28
sorendpkg-buildpackage -rfakeroot -b -uc -us14:28
refnumzxsoren: there are a number of deb-src lines in the sources.list file. which do i need to add from the jaunty archive?14:36
sorenOne with main in it14:37
sorenSomething like14:37
sorendeb-src http://se.archive.ubuntu.com/ubuntu jaunty main14:38
Doonzhey guys. i was using screen in my shell i was brosing the net using elinks. it crashed on me so i killed the window it was in. now when i lauch screen it starts up and then when it asks you to hit enter and returns you to the shell it gives me a whole bunch of errors and doesnt work. any ideas?14:47
Kartagisi've read and applied https://help.ubuntu.com/8.04/serverguide/C/postfix.html and yet i get the error Jan 30 14:20:59 ozses postfix/smtpd[29010]: warning: cannot get private key from file /etc/ssl/private/smtpd.key / Jan 30 14:20:59 ozses postfix/smtpd[29010]: warning: TLS library problem: 29010:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:399: / Jan 30 14:20:59 ozses postfix/smtpd[29010]: can14:58
Kartagisnot load RSA certificate and key data. how come?14:58
ScottKKartagis: Is it you who is posting to the postfix-users list about this same question.15:00
KartagisScottK, yes15:01
ScottKKartagis: Did you get your question answered then?15:01
KartagisScottK, I posted a reply to Wietse's post15:02
eolo999hi, is it allowed to log apache errors to multiple locations?15:02
ScottKIf you gave a password when you made the cert, that's definitely a problem.15:03
cjwatsonif somebody could look into bug 323158, I'd appreciate it; I'm very unfamiliar with the internals of dhclient15:03
uvirtbot`Launchpad bug 323158 in dhcp3 "alt installer looping, dhcp request every second" [Undecided,New] https://launchpad.net/bugs/32315815:03
eolo999in other words to have two ErrorLog directives15:03
domasoooooh, I have a question! what are pros/cons of irqbalance?15:03
domasas in, why would anyone not run it?15:04
domas(or why it wouldn't be on by default on ubuntu server)15:04
KartagisScottK, it asked me a password, so i gave one15:06
ScottKthat's your problem.15:07
ScottKRedo the cert and just leave it blank.15:07
Kartagisokay thanks15:07
ScottKKartagis: Please take a look at those docs and see what they lack that led you astray.  Then file a bug against ubuntu-doc explaining what went wrong and what it needs to say that it didnt'15:08
ScottKKartagis: That way the next person to come along doesn't have the same problem.15:08
ScottKsommer: ^^^15:08
KartagisScottK, it gave me You must type in 4 to 8191 characters when i left the password blank15:13
ScottKThen there's something else about what you are asking it.15:13
ScottKDid you see the posted link in that thread to the community docs page?15:13
ScottKSee if that invokes openssl any different.15:13
ScottKI'm in a meeting right now, so I can't focus on it.15:14
Kartagishttps://help.ubuntu.com/community/Postfix?action=recall&rev=43 ?15:14
ScottKIn about an hour I can probably help you get it sorted.15:14
ScottKI think so.15:14
Kartagisi'll be back  on Monday15:14
Kartagisor maybe this weekend15:14
Kartagisbbl ScottK, thanks15:28
MadChoprso, i'm trying to configure Amanda Backup client on Ubuntu 8.10... should I install xinetd?  or should I be doing something else?15:30
MadChopr(well amanda server and client on the same machine)15:30
barduckhow can I make ubuntu server automount my external USB drive like ubuntu desktop does? I tried usbmount but it doesn't automount the disk (its NTFS)15:30
jmedinabarduck: I think there is not the same support for ntfs as in the desktop15:34
jmedinaIm not sure, in the desktop is supported by fuse, never tried to mount ntfs in a desktop :D15:34
barduckjmedina: I can mount it manually without a problem. but I want it to automount it each time I plug the USB drive15:35
jmedinaprobably with autofs15:35
jmedinalike in the old times :D15:35
Deeepsor using a udev script15:36
barduckhmmm...never used autofs, I will go google it. I read that usbmount is a light and easy sctipt that can do this15:36
barduckbut I am not sure if it is supposed to work for ntfs15:36
barduckusbmount uses udev15:36
Deeepsi'd recommend that approach personally15:37
barduckI am not sure what to put in the usbmount.conf, fdisk says the filesystem is HPFS/NTFS but when I mount it df -T says is is fuseblk15:37
jmedinaDeeeps: yeap, udev is the new way15:37
barduckso if usbmount uses udev, it is supposed to work somehow ?15:37
Deeepsindeed, it's mounted using ntfs-3g, which is built around fuse15:38
jmedinathen you have fuse support :D much better15:38
Deeepsso fileststem would be ntfs or ntfs-3g15:38
barduckshould try to put ntfs or ntfs-3g in usbmount.conf ?15:38
barduckok, will try. If that doesn't work, next thing is to write udev script for that particular drive ?15:39
Deeepsthat would be my approach, yep15:39
barduckok, I will try. gona be tough battle for me but I will give it a shot15:39
barduckudev just calls whatever in /etc/udev/rules.d/ for each change, right ?15:42
Deeepsi believe so15:42
=== _AshTray- is now known as AshTray-
dou213hey guys, how can i fetch my external ip from shell?15:49
Deeepsif ifconfig doesn't display it, `wget -q -O - http://whatismyip.org` should15:49
dou213ifconfig only displays my internal ip15:50
dou213i'm behind a router15:50
Deeepssame way you do on windows then, query a page for your ip, or query your router15:50
Deeepsi gave an example above15:50
Deeepsone way to store the IP somewhere for a script to use, would be:15:51
dou213Deeeps, y thx it worked ;) which would be the cmd to query the router?15:51
DeeepsMYIP=`wget -q -O - http://whatismyip.org`15:51
Deeepsdunno, depends on your router, read your router's manual to see if it provides any interfaces, otherwise you'd have to write a script to scrape the information out of it from http/telnet15:52
MadChopranyone have experience running Amanda server and client on Ubuntu 8.10?  I'm, wondering if I should install xinetd like this tutorial for Ubuntu 6.06 says: http://ubuntuforums.org/showthread.php?p=2470030  (it's the closest thing I can find to a tutorial on how to configure Amanda on Ubuntu.16:21
ivoksi use bacula for backup16:28
mathiazhi ivoks !16:30
ivoksmathiaz: hi16:31
ivoksmathiaz: have you played with python-ldap in intrepid?16:31
ivoksi think that's really broken16:33
MadChoprivoks: yea, that's what i noticed was the native backup in Ubuntu... for some reason i'd rather wrestle with amanda.. maybe because i'm an idiot16:33
mathiazMadChopr: FYI bacula is the supported backup solution in Ubuntu (it's in main) while amanda is in universe.16:34
mathiazivoks: I haven't.16:34
MadChoprmathiaz: thank for stating that... again, i don't know why i'm trying to use amanda, maybe because i'm an idiot :P16:34
ivoksi get really strane errors with it16:35
MadChoprmathiaz: i'm afraid that bacula isn't as scalable as amanda for one thing.16:35
ivokssimple import ldap, sys16:35
ivoksand 'for arg in sys.argv: print arg'16:35
ivoksspits out total nonsene16:35
ivoksbut it doesn't if i start python shell16:36
mathiazMadChopr: how come it's not scalable? where would be the shortcomings?16:36
ivoksMadChopr: that's really strange conclusion16:36
ivoksMadChopr: bacula is far more flexibile :)16:36
MadChoprmathiaz, ivoks: from reading about the comparisons people have made between the two packages.16:37
MadChoprone of the arguments was that bacula uses mysql, and amanda uses postgres;16:37
ivoksbacula uses sqlite|sqlite3|mysql|postgre16:37
ivokswhatever you want16:37
MadChoprah didn't realize16:37
ivoksamanda doesn't do backups over two tapes16:38
ivoksit can't continue backup on another tape, when one is finished16:38
ivoksonly that makes it pale comparing to bacula16:38
MadChoprcan bacula do many backups to one tape?16:39
mathiazivoks: your python script example works well here16:39
ivoksmathiaz: which version is that?16:39
MadChoprthanks ivoks, maybe i'm convinced...16:39
mathiazivoks: http://paste.ubuntu.com/111760/16:40
mathiazivoks: on intrepid16:40
MadChoprdoes bacula support windows98?16:40
MadChopras a client?16:40
MadChopri should join #bacula16:40
* jmedina uses bacula with a tape library with 16 tapes16:41
ivoksmathiaz: http://paste.ubuntu.com/111761/16:41
ivoksmathiaz: :)16:41
ivoksMadChopr: it suppports windows16:41
MadChoprivoks, thank you16:42
mathiazivoks: /home/ivoks/ldap.py <- ??16:42
mathiazivoks: File "/home/ivoks/ldap.py", line 8, in <module>16:42
MadChoprivoks: is there a irc channel (looked on efnet and freenode and find nothing)16:42
MadChopratleast in #bacula16:42
ivoksmathiaz: right... and there's no 8 lines in the file :)16:42
mathiazMadChopr: http://bacula.org/en/16:43
MadChoprnevermind, i'm an idiot16:43
jmedinais there anything similar to redhats chkconfig?16:43
mathiazivoks: what's the content of /home/ivoks/ldap.py ?16:43
jmedinaI like to use chkconfig --list servicename to get a list about runleves this services is configured16:44
ivoksaaaaaaaaaaaarrrrrrrrrrrr /me stupid16:44
ivoksmathiaz: right.. it imported ldap from current directory :)16:44
ivoksinstead from library :)16:44
mathiazjmedina: there is a chkconfig package in intrepid16:45
MadChoprdo you guys have bacula configured with MySQL or Postgre ?16:46
ivoksi have with mysql and sqlite16:46
ivoksbut i've tested with postgre16:47
jmedinaI always used with mysql  under slackware, gentoo, centos but in ubuntu I use sqlite16:47
MadChoprthanks ivoks and jmedina16:48
jmedinaI have a howto (in spanish) about bacula, it is the implementation for a customer16:49
jmedinabut there is no better documentation than the official16:49
MadChoprnice, i'll read through the ubuntu docs and the official... apt-get remove amanda'ing right now16:50
ivoksbacula in ubuntu is works-out-of-the-box :)16:52
jmedinaivoks: yeap I like that, and with dvd support integrated :D16:52
ivoksjmedina: you use bacula in ubuntu?16:52
jmedinaivoks: yeap, in dapper and hardy16:52
ivoksso, how do you like it in hardy?16:52
ivoksthere was an update recently16:53
jmedinaivoks: ti works fine, here is backing up only 4 servers, but with a customer is backing up 1 centos, 1 gentoo, 1 ubuntu, 2 windows (sap dbs) and about 50 linux desktops16:53
jmedinaI only remember a bug about the catalog16:54
jmedinawith another customer backing up 30 xen vm machines16:54
ivokswhich bug?16:54
jmedinathere was a but about the script that generates the catalog, I think it was something about permisions to the database16:55
ivoksoh, right16:55
jmedinaim not sure, it was probably a year about16:55
ivoksthat was fixed16:55
ivokspath was wrong16:55
ivoksbut that was only with our new catalog-backup script16:56
jmedinaI only use hardy as server16:56
jmedinayeap, that one16:56
ivokswhich catalog backup script do you use? ubuntu's awk or bacula's default?16:56
jmedinaivoks: you are ubuntu developer?16:56
ivokswe ship ubuntu script by default16:56
jmedinaivoks: afaik awk16:56
ivoksjmedina: i'm watching over bacula in ubuntu16:56
jmedinagood I still remember a but that created a 644 file in / in edgy or something16:57
ivoksso, i'm interested in how people use it or do they use it at all16:57
ivokssince we don't get lots of feedback16:57
ivoksi think edgy didn't have bacula supported16:58
jmedinaa file or dir named 644 or 755 in /16:58
ivoksiirc, we support bacula since 7.10 or something like that?16:58
jmedinawell not sure if was edgy, I was backporting bacula from edgy or feisty to dapper16:59
jmedinaI think 1.39 was introduced in edgy16:59
jmedinanot sure17:00
ivoksright... real bacula clean up was in 8.0417:00
ivoksthat was first release with supported bacula, iirc17:00
jmedinaivoks: what you mean with "supported" in main?17:00
jmedinaivoks: I hope you can help me with this doubt17:01
jmedinacan I get a list of the packages I have installed from universe repository?17:02
ivokswith some scripting, yes17:02
ivoksi'm not aware of any program that can do that for you17:03
jmedinaI want to get a list because I need to know which packages are not "supported" and probably work with them to introduce it to main or something17:03
dayo__MadChopr: u should also look at BackupPC: http://www.howtoforge.com/linux_backuppc17:04
MadChoprdayo__: thanks will look into it... why did you mention it?17:08
dayo__MacChopr: u thought u were talking about bacula for creating backups?17:24
jmedinaivoks: where can I suscribe to see bacula changes?17:32
ivoksin ubuntu?17:32
ivoksthere's /usr/share/doc/bacula-*/changelog.gz :)17:32
jmedina:D, mm I was thinking about pending bugs, new proposed changes and like that17:34
maxbjmedina: grep-status -sPackage -FSection universe17:35
ivokson launchpad17:35
jmedinamaxb: ?17:36
maxb17:02 < jmedina> can I get a list of the packages I have installed from universe repository?17:36
jmedinabut what you mean with that sentence?17:37
dou213hey guys, i want to restrict on my ssh-server the connection-attempts to 3... how can i do it? in /etc/ssh/sshd_config maybe "MaxAuthTries 3" ?17:37
dou213i know about fail2ban, just wandering if it is possible this way too17:38
jmedinadou213: that wont stop attackers17:38
jmedinaor robots17:38
jmedinathey can retry auth17:38
dou213jmedina, u mean "MaxAuthTries 3"?17:38
dou213or fail2ban?17:39
dou213hmm... damn, so fail2ban is better yes?17:39
jmedinawell I better change the port and only allow key based auth17:40
jmedinawith that I forget about brute force attacks17:40
ScottKdou213: You can do it in iptables.17:40
dou213ScottK, how?17:41
jmedinathat is another option with the LIMIT target17:41
dou213thx jmedina17:41
ScottKyeah.  that17:41
dou213dunno what u guys are talking, maybe some insight? :)17:41
dou213or preferable documentation links17:42
jmedinadou213: http://www.cyberciti.biz/tips/howto-limit-linux-syn-attacks.html17:45
jmedinathat is using iptables using recent match and limit17:46
jmedinaand here another http://www.debian-administration.org/articles/18717:46
jmedinathere is also the port knocking option using iptables :D17:46
jmedinaI implement it using shorewall17:47
dou213jmedina, thx for ur trouble17:48
* dou213 is reading..17:48
jmedinamaxb: where do I have to grep for those fields?17:59
maxbI gave you an exact command line to run18:00
dou213if i may ask, a good tutorial (one which you already checked out) to install a web server (apache) and database server (mysql) ? but pls make sure u checked it (followed it urself)18:19
_rubendou213: sudo apt-get install lamp-server^ ... done .. apache2+mysql+php all ready to go18:20
dou213_ruben, nice tutorial :D:D18:20
dou213ok thx18:21
jmedinataskselect and select LAMP18:21
_rubenwhich is the same18:21
dou213thx, i was kinda looking for something like this: http://www.howtoforge.com/perfect-server-ubuntu-8.1018:23
dou213was interested if anyone has followed such a tutorial and can recommend one18:23
domasperfect ubuntu server runs just mysql!!!!18:24
* ScottK is fairly certain anything perfect doesn't have mysql in it.18:24
dou213i've unleashed pandora's box :P18:25
domasusually people who have never properly used mysql say so! :)18:26
domas\o/ found some fedora box, deadlocked immediately: http://p.defau.lt/?N82mJbAJ31bLoJBb5lbNmA18:28
Deeepsjmedina: tasksel*18:28
jmedinamaxb: thanks, I thought grep-status was mispelled18:31
ScottKdomas: I am not a SQL/RDBMS heavy weight, but I've work on projects with people that were.  Pretty universally they prefer Postgresql.18:38
dou213guys, would it be safe to remove apparmor?18:40
domasdou213: yes. no.18:40
dou213in the tutorial i sent u, they advice to do that18:40
domasScottK: :) my major field is web database heavyweights18:40
domasScottK: there PG is nonexisting, and MySQL is everywhere18:40
jmedinaone of my customers have a 800GB DB and they use postgresql18:40
dou213domas, so it depends...18:40
domasdou213: nothing will break, though security will become a bit worse :)18:41
jmedinathey said they tested everthing even running psql under aix, but it performed better under linux18:41
ScottKdou213: Why do you want to do that?18:41
domaswell, some our customers have thousands of mysql servers :)18:41
dou213ScottK, it's an advice i've read on this tutorial : they say if not removed, ISPconfig won't work18:41
domasdou213: doesn't make sense...18:42
domasdou213: by default there're nearly no apparmor profiles18:42
domasonly few packages come with those18:42
dou213kinda thought that too ... that's why i asked18:42
domasdamn, I was forced to deploy vanilla kernels, now don't have apparmor :(18:43
domason database boxes18:43
domasno need, of course %)18:43
dou213http://www.howtoforge.com/perfect-server-ubuntu-8.10-p3 ---> at the end18:45
domasdou213: I can certify that guide author is an idiot!18:46
* domas ducks18:46
domasa) it is very easy to find out when apparmor blocks anything, because thats what audit logs are for18:46
dou213shit :(18:47
domasb) apparmor is one of best security practices out there for net-facing systems18:47
dou213hmm... domas, if i wanna reinstall apparmor as it was before: sudo apt-get install apparmor apparmor-utils ?18:48
domasI understand managing selinux is way more complicated18:48
* kees loves apparmor18:48
domaskees: you're security engineer, you have to.18:48
keesdomas: hah, no, plenty of people hate AA.  :)18:48
domaskees: I'm working now on a project to wrap whole codebase into proper AA profiles, with proper hats, etc18:49
jdstrandnot me!18:49
maxbUrgh. The guide author is doubly silly for recommending manual use of update-rc.d18:49
keesdomas: nice!18:49
jdstrandI <3 AA18:49
domaskees: well, 'our codebase' in my hobby project18:49
keesdou213: your apt-get will re-install the AA tools, yes, but you need the kernel support compiledin18:49
domasbut it is huge codebase18:49
dou213kees, that means?18:50
dou213i already did : "/etc/init.d/apparmor stop18:50
dou213update-rc.d -f apparmor remove"18:50
domasanyway, apparmor makes sense when you use it18:52
domasit will not do anything by itself18:52
domas(except for few packages that put in profiles)18:52
dou213oh so i get it i can remove it, since i won't use it18:53
dou213without making the webserver and ssh-server insecure18:54
domaslet me show you an example of an apparmor profile18:54
domasI'm not entirely happy with it yet, but..18:54
domasyou can see that for quite complex codebase I can narrow execution a lot18:57
domasthere're few other projects in mind to make this way more secure (like not use sh for PHP sub-process invocation, etc)18:57
keesdou213: why did you disable it?18:58
dou213to be honest, i don't understand very much about it, but it was interesting to see what u're working on...  :)18:58
dou213want to install that ispconfig18:59
dou213kees, maybe i can reverse it?18:59
keesdou213: I highly recommend reinstalling it and leave it on.  if a profile gets in the way, you can turn off that profile with aa-complain18:59
keesdou213: sudo apt-get install apparmor apparmor-utils; sudo /etc/init.d/apparmor start   (if it hasn't already)18:59
dou213kees, that's it?18:59
keesdou213: then "sudo aa-status" will show you want it's up to19:00
keesdou213: yeah, if you have a normal Ubuntu kernel19:00
dou213"update-rc.d -f apparmor remove" what did this cmd do and how can i reverse it?19:00
keesdou213: though, since you did a "stop" you'll either need to restart the services it protects or reboot.19:00
maxbdou213: It wiped out the initscript symlinks19:00
keesdou213: that ripped apparmor's init logic out19:00
keesdou213: "sudo update-rc.d apparmor defaults"19:01
* domas hugs 'px'19:01
dou213ok very many 10x kees19:01
domaskees: may I ask few private distro sec engineering questions ?19:02
domaskees: how app vendors should do communication, etc19:02
dou213sudo /etc/init.d/apparmor start ---> "Loading aa profiles - aa already loaded with profiles.: skipped." guess already loaded19:02
maxbkees: Is defaults appropriate here? Don't you need to look up the actual params used from the postinst?19:03
dou213kees, "sudo update-rc.d apparmor defaults" ---> System startup links for /etc/init.d/apparmor already exist.19:03
keesdou213: use "sudo aa-status" to check on AA19:03
keesdomas: I'm not sure what you  mean19:04
keesmaxb: hm, good point.19:04
keesdou213: "sudo update-rc.d -f apparmor start 37 S ."19:04
keeser, no "-f", sorry19:05
dou213"sudo update-rc.d apparmor start 37 S ."?19:05
maxbBut re-run "sudo update-rc.d -f apparmor remove" first, then run the command to put them back19:05
dou213so ... first "sudo update-rc.d -f apparmor remove", then "sudo update-rc.d apparmor start 37 S ." ... syntax correct?19:06
domaskees: I'm 'paying users' security officer at mysql, so it isn't entirely in my domain, but... what is the best way to approach all linux vendors with security problems, apart from logging into each of their bugs systems?19:06
maxbdou213: yes19:06
dou213thx u guys19:06
domaskees: I'm sure distribution maintainers read our changelogs, but sometimes 'security improvement' may mean 'remote code execution avoided'19:07
keesdou213: don't do the remove19:07
keesdou213: ah!19:07
maxbkees: But without the remove first, the second command will decide you have an existing config that it should not modify19:07
keesdou213: if you have a security vulnerability issue, report it to vendor-sec@lst.de.  That's a private list of most (if not all) the distros19:08
dou213kees, already did sry, what did i do wrong?19:08
domaskees: ah, oki, writing down19:08
keesmaxb: true.  I'm not clear what problem is being solved :P19:08
dou213ok thx19:08
dou213i'm clear now19:08
keesdou213: does "sudo aa-status" report that apparmor is loaded?19:09
keesdou213: cool19:09
dou213'sudo aa-status' ---> aa is loaded19:09
dou213u really helped me out ;)19:10
domaskees: oh, I guess I'm even eligible for membership on the list :)19:14
dou213which repositories i gotta activate to install lamp-server?19:18
ScottKNo extra ones19:18
dou213E: couldn't find package lamp-server19:19
ScottKIt's not a package, it's a task.  Run tasksel19:19
MadChoprgah.. i'm having a hard time with bacula  nonetheless19:24
MadChopri need a break19:24
yann2bacula is really tough to setup :/19:27
MadChoprthanks for the support :)19:28
yann2well ask your question ;)19:29
yann2I'm at the "i got my home backed up to the same pc" with bacula so not that far :)19:29
uvirtbot`New bug: #323324 in mysql-dfsg-5.1 (universe) "package mysql-server-5.1 5.1.30-2ubuntu5 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/32332419:40
MadChopryann2: i have no clue really what's going on right now... but... i poked holes in ufw on 9101, 9102, and 9103... when i type 'bconsole' to 'label' my tape... it tries to connect to the 'storage daemon' on 9103, and fails... i've restarted both /etc/init.d/bacula-sd and bacula-dir and still no solution.19:43
yann2check the passwords?19:44
MadChopri didn't really check the passwords, lemme check that out.. i just figured ubuntu automatically filled all that stuff in during the config19:44
yann2my tests with bacula on hardy show that the packages are a mess, that the documentation is missing and that it is generally very complex19:44
yann2yes ok19:44
yann2if I get it to work I'll write something down I promise ;)19:45
MadChopryann2: good :)19:45
axisysfailed to install the ubuntu server on t1000 .. this is how far I came .. http://pastebin.com/d6718eeb419:49
MadChopryann2: well, it looks like the passwords are in the right spots19:51
MadChopryann2: i just opened up the postgresql port (5432) still no movement forward.20:07
davertronhi, anyone here can help out with a postfix install on intrepid?20:38
Bryanis there a way I can get the original sources.list? I was an idiot and replaced my personal computer's sources.20:44
jmedinaBryan: which version?20:45
Bryanserver 8.04 I do believe20:45
Bryankernel 2.6.24-19-server20:46
jmedinathere is mine20:46
BryanThanks :D20:47
BryanOkay, I have one more question. Is there an easy way to change the server in the sources (other than doing a replace in the file)?20:48
BryanBecause there is a mirror here on campus, and I wanted to change it to that20:49
lamontdavertron: having said that, what is the issue?20:51
lamontScottK: doncha love content-free questions?20:54
lamonthrm... was that my out-loud voice?20:54
davertroni seem to be having issues setting up postfix21:02
davertroni apt-get installed postfix, but then when i execute "netcat localhost 25", i see that i'm running Sendmail; if i then type "apt-get remove sendmail", it says it isn't installed21:03
davertroni'm a bit confused :)21:03
lamontit probably isn't configured21:05
lamontdpkg-reconfigure -pmedium postfix21:05
lamontwhat tells you you're running sendmail?21:06
lamontand what does 'ps aux | grep sendmail' say?21:06
ivoksapt-get purge sendmail.*21:08
redvamp128I was asked a question that I didn't know the answer-- Can ubuntu-server run putty?21:09
lamontredvamp128: normally, we just run openssh-{server,client} rather than trying to run the windows implementation of the same....21:10
ivoksputty is a client for ssh servers21:11
lamontso if you're trying to use putty to get into an ubuntu-server install, you need to apt-get install openssh-server21:11
redvamp128ahh ok21:11
ivoksredvamp128: and, on questions starting with 'Can Ubuntu...', the answer is always 'Yes'.21:12
redvamp128What they want to do is get a system up cheap-- to replace what is in the motel21:12
ograCan Ubuntu send me ivoks to do my dishes ?21:12
lamontivoks: although sometimes a not-insignificant amount of coding is yet to be done...21:13
ivoksYes, it can21:13
lamontogra: that's part of the fee-based program21:13
redvamp128All it needs to do is the following-- Assign Ip addresses - over wireless- to dish out a web page a "E-host" page21:13
ivoksogra: for a small amount of $$$$$, you can get even ivoks doing your dishes21:13
redvamp128I knew that ubuntu-server could do it-21:13
ograivoks, my GF loves you she says21:14
redvamp128just when they asked -- will it have putty? I didn't know the answer21:14
ivoksogra: i wonder what would my gf respond to that...21:14
lamontand no, it won't have putty.  it'll have mother-of-putty :-D21:14
redvamp128I had actually never heard of putty-- last server for dhcp I set up years ago-- running slackware21:14
ivoksit's like asking if it would have volkswagen, while it's running porsche21:15
redvamp128It is still running today-- for a network with 10 computers and 3 servers-21:15
ivoksdhcp is quite stupid protocol21:16
ivoksthere isn't much to brake21:16
ivoksthat could be the reason why it's still running :)21:16
redvamp128To laugh though it runs great on a PII slot21:16
redvamp128300mhz cpu and 128mb of memory and a 10 gig hard drive21:17
redvamp128The current server has just had a bad memory lapse of what IP addresses it can assing and it is windows based.21:17
redvamp128and also forgets it needs to give out the "e-host" page-21:18
redvamp128Though I think on monday I will just tell them to go with the 3,000$ package which comes with a years worth of support. (instead of dealing with it myself) I am a maintenance man- at a Holiday Inn Express.21:20
redvamp128I don't make enough to deal with all the hassles21:21
redvamp128Thanks for the answers though..21:21
ivoksi'll sell you support for 2000$ :)21:26
ivoksoh, he left, darn...21:27
dou213can somebody help me with mysqld ?? Error: http://pastebin.com/d2c1b452421:27
ivokswhat did you do with mysql?21:27
ivoksany special custom config?21:27
dou213trying to install lamp21:28
dou213so that everything works smooth21:28
ivoksso, this is default install?21:28
dou213ivoks, yes21:28
dou213something like that21:28
dou213tried it with lamp-server from taskel first, same error21:29
ivoksso, you are on the first step for mysql?21:29
ivokstry this:21:30
ivoksdebconf_DEBUG=developer dpkg --configure -a21:30
ivoksDEBCONF_DEBUG=developer dpkg --configure -a21:30
ivoksand paste output on pastebin21:30
dou213ivoks, or maybe if u have a working lamp tutorial (already tested by urself) i would really appreciate it21:32
ivoksi just install apache2 and mysql-server21:33
ivoksand that works21:33
ivoksso, this tutorial isn't wrong21:33
ivoksand it should work21:33
ivokscheck /var/log/syslog21:33
ivoksit should have some info why it didn't start21:34
dou213ivoks, can i send u in prv msg?21:34
rene-i am using the asterisk provided package and i am seeing some issues with it, first, it tries to record to /usr/share/.... and there seems no way to change where is it record except with absolute paths, second, it wont play lots of gsm audios that other asterisk systems play just fine21:35
rene-appreciate all the help i can get on this one, i have ubuntu server 8.1021:35
ivoksrene-: asterisk isn't quite supported yet, but you are welcome to report bugs21:36
ivoksrene-: that would help us make it better21:36
ivoksdou213: ps ax | grep mysql21:36
ivoksdou213: and ls -dl /var/run/mysqld/*21:37
dou213ls: cannot access /var/run/mysqld/*: No such file or directory21:38
hadsUse FreeSWITCH :)21:38
ivoksdou213: how about ls -dl /var/run/mysql*21:38
dou213ok returned something21:39
ivokswhat? :)21:39
dou213*** 2 mysql *** 40 Sep 19 15:23 /var/run/mysqld21:40
dou213the '*' are added by myself as substitution for sensitive data21:41
ivoksdisclose first ***21:41
ivoksit should be drwxr-xr-x21:42
ivoksand the second is root21:42
dou213lol :) yes21:42
ivoksthose aren't sensitive data21:42
ivoksopen a terminal21:43
ivoksrun in it 'tail -f /var/log/syslog'21:43
ivokshit enter couple of time, so you would know when you started tracking logs21:43
ivoksin other terminal run 'dpkg --configure -a'21:43
ivoksand then paste all the logs somewhere21:43
ivoksand, if you worry about sensitive data, send me a link over PM21:44
dou213if u tell me there is no sensitive data, then i trust u21:44
ivokswell, i can't tell that21:45
ivoksjust give me the link over PM :)21:45
dou213paste it in pastebin y?21:46
dou213could it be that some kind of socket is not existing?21:47
ivokssocket is generated on start21:48
dou213sent it 2 u21:50
ivoksi asked if you have custom configuration21:52
ivokslike, changed mysql variables21:52
ivoksyou changed mysql config and this isn't default install21:53
ivoksthen you should know that ubuntu comes with apparmor security framework21:53
dou213oh ... sry, thought u mean something else with custom configuration21:53
ivokswhich doesn't allow mysql to write outside of designated places21:53
ivokseasiest fix would be to put apparmor to complain mode21:53
ivoksaa-complain /etc/apparmor.d/usr.sbin.mysqld21:54
ivoksafter that dpkg --configure -a will work21:54
dou213aham, so either i keep the custom config or put aa to complain mode ?21:54
ivoksor modify apparmor profile21:54
ivoksit's easy to do it21:54
dou213can u teach me how?21:54
ivoksopen /etc/apparmor.d/usr.sbin.mysqld in your favourite editor and dig in21:54
dou213ok ivoks, thx v. much22:00
ivoksdou213: once you put apparmor profile in complain, it stays that way untill you enforce it again22:03
ivoksso, on reboots, everything is like you want it to be22:03
ivoksgood night22:04
dou213ok it worked now, if i want to put apparmor profile in normal again (as it was before), will it interfere with mysqldaemon?22:05
dou213thx very much22:05
ivoksyes, it will22:05
ivoksit will kill it22:05
dou213:( hate it when it does that22:05
dou213good night22:05
ivoksthen fix config for your custom settings22:05
ivoksi told you how22:05
ivoksand even where and what in private22:05
ivoksi don't know what else one can expect22:06
dou213nothing more, my expectations were were surmatched22:07
ivokstake care, bye22:07
dou213u2 mate22:08
Omar87How do I activate Mod_Python?22:36
kansananyone know how to adjust /etc/ssh/sshd_config so that when a SSH connection is made on port 5000 (assuming you're already listening on port 5000), it gets forwarded to port 4000?23:02
jmedinakansan: I think you need to create a ssh tunnel, which has noting to do with sshd_config23:11
rdw200169kansan, yah, i think you23:18
rdw200169kansan, are thinking of 'reverse tunneling'23:19
rdw200169kansan, here's what i got first on a google search: http://lericson.se/docs/reverse-port-forwarding-openssh/23:20

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!