[00:17] error 25 anybody know what it is? [00:19] without more context, no, no way at all [01:00] hi, how can i change timezone ? [01:00] /etc/timezone [01:01] run the command tzselect [01:03] I have a cron job that puts all output into a file .. how can I then after that cron job runs, email that file to myself? [01:03] * * * * /foo/script.log > /tmp/file.log 2>&1 [01:04] can I do: * * * * /foo/script.log > /tmp/file.log 2>&1 ; cat /tmp/file.log | mailx -s "email" email@email.com ? [01:05] Bangers1, some metioned here the other day that there's a way to do it with postfix, but i can't remember what he said [01:05] Bangers1, i've always done it with the program sendemail though [01:06] i dont care what program I use, mailx or whatever... [01:06] My question might be cron syntax related? [01:07] Bangers1: well that cat is extra [01:08] pipe the output from script.log directrly to email :D [01:08] Bangers1: Doesn't cron email all output from jobs to the invoking user anyway? [01:10] That's true, but I still want that file written to the system for keeping in the future (output file is /tmp/file.log.$(date) [01:10] then use tee [01:10] Well, how about foo 2>&1 | tee -a mylog.log [01:11] why not set the MAIL= flag in your crontab ? [01:11] ah, we've established that *finishes reading up* [01:13] if I foo 2>&1 | tee -a mylog.log -- wont i be in the same position I was before? cron wont have any output to email me... [01:14] Oh, ignore me. tee copied output to the FD, and to stdout still [01:27] ok last question, why does this work? But adding the $(date) stops it from working? [01:27] WORKS 25 1 * * 5 /usr/bin/ssh user@server "ls -l" 2>&1 | tee /tmp/file.log | mailx -s "test" email@email.com [01:27] DOESNT WORK 25 1 * * 5 /usr/bin/ssh user@server "ls -l" 2>&1 | tee /tmp/file.log.$(date +'%F') | mailx -s "test" email@email.com [01:29] Bangers1: shot in the dark here, but are you 199% sure the syntax is correct? [01:30] Yep. it works in bash, but as a cron job it doesnt work [01:30] use the absolute path to date [01:31] hrm, the problem is cron uses 'sh' not bash for the input command, and my command isnt valid for sh [01:32] ah, yes, that too, heh [01:48] how can i check free desk space ? [01:48] disk [01:51] df [01:51] df -h is a little easier to read [01:53] ok, when i do rm -r dir/ , does the space free up ? i just deleted like 3 gb directory [01:53] and i think the disk space didnt change [01:53] orudie: Yes, it frees up, unless some other process has the files open. [01:54] In that case it will free up once that process closes the files concerned. [01:59] hi, are you able to set parameters with setenv.sh for tomcat6? (8.10 server obviously) === chmac7 is now known as chmac [03:23] no one around with tomcat6 and 8.10? [04:07] hi [04:11] anyone know the trick to getting the dual LSI Logic / Symbios Logic SAS1068 PCI-X Fusion-MPT SAS controllers to work with the MD3000 in 8.04 ? [05:04] hmm...just updated...trying to reboot to the new kernel.....shutdown -r now is doing nothing....says its going down to reboot..but 5 mins later and im still in the same session and it never rebooted [05:06] reboot and halt do the same thing....says its going down..but never does [05:11] nevermind, got it. it was multipath IO, needed to install and configure multipath-tools [05:15] New bug: #313249 in samba4 (universe) "samba problems (dup-of: 278864)" [Undecided,New] https://launchpad.net/bugs/313249 [05:31] Flannel: My thinking is an Ubuntu-based software port forward howto would be more apt than one for hardware routers. But maybe that's just me :) [05:35] Sorry, wrong channel :) [08:17] did anyone notice that unix time 1234567890 is on friday, 13. of february? :) [08:42] rofl. no i didnt [08:44] ivoks: nice [08:46] <_ruben> sweet :p [08:48] ivoks: let's call it "Happy 1234567890" day [08:49] <_ruben> ;) [08:50] wonder if unix time will end early ;) [08:51] in 2038 we'll have a problem [08:52] Yeah, about around by 65 years birthday. [08:52] my 65-year birthday I mean [08:53] mmm. near my 53rd iirc [08:54] Jan 19, 2038, and I'm born Jan 18 ;) [08:54] Just about the right time to retire. [09:11] :) [10:11] i don't have the directory /root/bin. can i just create it manually, or would this usually be autocreated by something else? [10:11] nothing would autocreate that [10:11] you can create it manually if you want [10:12] you can create a package that autocreates it [10:12] \o/ [10:12] thanks, guys. [10:13] * MenZa creates domas. [10:13] hi [10:13] I'm already here/there/somewhere! [10:13] someone could help me plz with pptp server ; ? [10:27] shiiiit, /me kicks forcedeth multiple times, more and more and more [10:27] domas ... [10:27] what [10:27] pptp server? just run it! [10:28] after connecting to it i get disconnected after exactly one min ;... [12:25] hello [12:27] i've read and applied https://help.ubuntu.com/8.04/serverguide/C/postfix.html and yet i get the error Jan 30 14:20:59 ozses postfix/smtpd[29010]: warning: cannot get private key from file /etc/ssl/private/smtpd.key / Jan 30 14:20:59 ozses postfix/smtpd[29010]: warning: TLS library problem: 29010:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:399: / Jan 30 14:20:59 ozses postfix/smtpd[29010]: can [12:27] not load RSA certificate and key data. how come? [13:31] New bug: #323158 in dhcp3 (main) "alt installer looping, dhcp request every second" [Undecided,New] https://launchpad.net/bugs/323158 [14:17] I have been trying for a bit now to get kvm 83 from jaunty into intrepid. Someone here suggested prevu to try and build an intrepid deb from jaunty. I read the documentation and followed the instructions. I am getting a problem satisfying deps. . Selecting previously deselected package pbuilder-satisfydepends-dummy. [14:17] pbuilder-satisfydepends-dummy depends on debhelper (>= 7.0.17ubuntu2); [14:17] I have tried prevu debhelper. Then prevu-update as directed in the docs. The error does not change. Any suggestions? [14:22] refnumzx: usually you have to modify control file or rules file in debian/ subdirectory of the source [14:22] refnumzx: they contain depencies and intrepid and jaunty depencies of course will be different...a little bit, but still [14:22] meh, more forcedeth crashes [14:22] domas: it still crashes? :) [14:23] * PecisDarbs remebers when it was introduced first....crashed as hell [14:23] PecisDarbs: "soft lockup" [14:23] domas: oohhh dear [14:23] meh, will just use vanilla 2.6.28.2 kernels [14:23] though... I did all workarounds mentioned in server manual [14:24] server was both receiving and pushing out a gigabit of traffic + 100MB/s i/o activity [14:24] and it locked up [14:26] PecisDarbs: i thought that is whatprevuwas ment to handle? i do not know how do modify those files as you describe [14:27] refnumzx: it is very important to have packages today or you can wait for a day or two? [14:27] refnumzx: It's really rather simple.. [14:27] refnumzx: I could try to build them, because I will play with KVM next few months anyway [14:27] refnumzx: Add a deb-src line to your sources.list for Jaunty [14:27] And run: [14:28] sudo apt-get build-dep kvm [14:28] apt-get source kvm [14:28] cd kvm-83+dfsg [14:28] sudo apt-get install fakeroot [14:28] dpkg-buildpackage -rfakeroot -b -uc -us [14:28] Done. [14:36] soren: there are a number of deb-src lines in the sources.list file. which do i need to add from the jaunty archive? [14:37] One with main in it [14:37] Something like [14:38] deb-src http://se.archive.ubuntu.com/ubuntu jaunty main [14:38] thanks. [14:47] hey guys. i was using screen in my shell i was brosing the net using elinks. it crashed on me so i killed the window it was in. now when i lauch screen it starts up and then when it asks you to hit enter and returns you to the shell it gives me a whole bunch of errors and doesnt work. any ideas? [14:58] i've read and applied https://help.ubuntu.com/8.04/serverguide/C/postfix.html and yet i get the error Jan 30 14:20:59 ozses postfix/smtpd[29010]: warning: cannot get private key from file /etc/ssl/private/smtpd.key / Jan 30 14:20:59 ozses postfix/smtpd[29010]: warning: TLS library problem: 29010:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:399: / Jan 30 14:20:59 ozses postfix/smtpd[29010]: can [14:58] not load RSA certificate and key data. how come? [15:00] Kartagis: Is it you who is posting to the postfix-users list about this same question. [15:01] ScottK, yes [15:01] Kartagis: Did you get your question answered then? [15:02] ScottK, I posted a reply to Wietse's post [15:02] hi, is it allowed to log apache errors to multiple locations? [15:03] If you gave a password when you made the cert, that's definitely a problem. [15:03] if somebody could look into bug 323158, I'd appreciate it; I'm very unfamiliar with the internals of dhclient [15:03] Launchpad bug 323158 in dhcp3 "alt installer looping, dhcp request every second" [Undecided,New] https://launchpad.net/bugs/323158 [15:03] in other words to have two ErrorLog directives [15:03] oooooh, I have a question! what are pros/cons of irqbalance? [15:04] as in, why would anyone not run it? [15:04] (or why it wouldn't be on by default on ubuntu server) [15:06] ScottK, it asked me a password, so i gave one [15:07] that's your problem. [15:07] Redo the cert and just leave it blank. [15:07] okay thanks [15:08] Kartagis: Please take a look at those docs and see what they lack that led you astray. Then file a bug against ubuntu-doc explaining what went wrong and what it needs to say that it didnt' [15:08] Kartagis: That way the next person to come along doesn't have the same problem. [15:08] sommer: ^^^ [15:13] ScottK, it gave me You must type in 4 to 8191 characters when i left the password blank [15:13] Odd. [15:13] Then there's something else about what you are asking it. [15:13] Did you see the posted link in that thread to the community docs page? [15:13] See if that invokes openssl any different. [15:14] I'm in a meeting right now, so I can't focus on it. [15:14] https://help.ubuntu.com/community/Postfix?action=recall&rev=43 ? [15:14] In about an hour I can probably help you get it sorted. [15:14] I think so. [15:14] i'll be back on Monday [15:14] or maybe this weekend [15:28] bbl ScottK, thanks [15:30] so, i'm trying to configure Amanda Backup client on Ubuntu 8.10... should I install xinetd? or should I be doing something else? [15:30] (well amanda server and client on the same machine) [15:30] how can I make ubuntu server automount my external USB drive like ubuntu desktop does? I tried usbmount but it doesn't automount the disk (its NTFS) [15:34] barduck: I think there is not the same support for ntfs as in the desktop [15:34] Im not sure, in the desktop is supported by fuse, never tried to mount ntfs in a desktop :D [15:35] jmedina: I can mount it manually without a problem. but I want it to automount it each time I plug the USB drive [15:35] probably with autofs [15:35] like in the old times :D [15:36] or using a udev script [15:36] hmmm...never used autofs, I will go google it. I read that usbmount is a light and easy sctipt that can do this [15:36] but I am not sure if it is supposed to work for ntfs [15:36] usbmount uses udev [15:37] i'd recommend that approach personally [15:37] I am not sure what to put in the usbmount.conf, fdisk says the filesystem is HPFS/NTFS but when I mount it df -T says is is fuseblk [15:37] Deeeps: yeap, udev is the new way [15:37] so if usbmount uses udev, it is supposed to work somehow ? [15:38] indeed, it's mounted using ntfs-3g, which is built around fuse [15:38] then you have fuse support :D much better [15:38] so fileststem would be ntfs or ntfs-3g [15:38] filesystem* [15:38] should try to put ntfs or ntfs-3g in usbmount.conf ? [15:38] yep [15:39] ok, will try. If that doesn't work, next thing is to write udev script for that particular drive ? [15:39] that would be my approach, yep [15:39] ok, I will try. gona be tough battle for me but I will give it a shot [15:40] thanks [15:42] udev just calls whatever in /etc/udev/rules.d/ for each change, right ? [15:42] i believe so === _AshTray- is now known as AshTray- [15:49] hey guys, how can i fetch my external ip from shell? [15:49] if ifconfig doesn't display it, `wget -q -O - http://whatismyip.org` should [15:50] ifconfig only displays my internal ip [15:50] i'm behind a router [15:50] same way you do on windows then, query a page for your ip, or query your router [15:50] i gave an example above [15:51] one way to store the IP somewhere for a script to use, would be: [15:51] Deeeps, y thx it worked ;) which would be the cmd to query the router? [15:51] MYIP=`wget -q -O - http://whatismyip.org` [15:52] dunno, depends on your router, read your router's manual to see if it provides any interfaces, otherwise you'd have to write a script to scrape the information out of it from http/telnet [16:21] anyone have experience running Amanda server and client on Ubuntu 8.10? I'm, wondering if I should install xinetd like this tutorial for Ubuntu 6.06 says: http://ubuntuforums.org/showthread.php?p=2470030 (it's the closest thing I can find to a tutorial on how to configure Amanda on Ubuntu. [16:28] i use bacula for backup [16:30] hi ivoks ! [16:31] mathiaz: hi [16:31] mathiaz: have you played with python-ldap in intrepid? [16:33] i think that's really broken [16:33] ivoks: yea, that's what i noticed was the native backup in Ubuntu... for some reason i'd rather wrestle with amanda.. maybe because i'm an idiot [16:34] MadChopr: FYI bacula is the supported backup solution in Ubuntu (it's in main) while amanda is in universe. [16:34] ivoks: I haven't. [16:34] mathiaz: thank for stating that... again, i don't know why i'm trying to use amanda, maybe because i'm an idiot :P [16:35] i get really strane errors with it [16:35] strange [16:35] mathiaz: i'm afraid that bacula isn't as scalable as amanda for one thing. [16:35] simple import ldap, sys [16:35] and 'for arg in sys.argv: print arg' [16:35] spits out total nonsene [16:35] nonsense [16:36] but it doesn't if i start python shell [16:36] MadChopr: how come it's not scalable? where would be the shortcomings? [16:36] MadChopr: that's really strange conclusion [16:36] MadChopr: bacula is far more flexibile :) [16:37] mathiaz, ivoks: from reading about the comparisons people have made between the two packages. [16:37] one of the arguments was that bacula uses mysql, and amanda uses postgres; [16:37] lol [16:37] bacula uses sqlite|sqlite3|mysql|postgre [16:37] whatever you want [16:37] ah didn't realize [16:38] amanda doesn't do backups over two tapes [16:38] it can't continue backup on another tape, when one is finished [16:38] only that makes it pale comparing to bacula [16:39] can bacula do many backups to one tape? [16:39] yes [16:39] ivoks: your python script example works well here [16:39] mathiaz: which version is that? [16:39] thanks ivoks, maybe i'm convinced... [16:40] ivoks: http://paste.ubuntu.com/111760/ [16:40] ivoks: on intrepid [16:40] odd [16:40] does bacula support windows98? [16:40] as a client? [16:40] i should join #bacula [16:41] * jmedina uses bacula with a tape library with 16 tapes [16:41] mathiaz: http://paste.ubuntu.com/111761/ [16:41] mathiaz: :) [16:41] MadChopr: it suppports windows [16:42] ivoks, thank you [16:42] ivoks: /home/ivoks/ldap.py <- ?? [16:42] ivoks: File "/home/ivoks/ldap.py", line 8, in [16:42] ivoks: is there a irc channel (looked on efnet and freenode and find nothing) [16:42] atleast in #bacula [16:42] mathiaz: right... and there's no 8 lines in the file :) [16:43] MadChopr: http://bacula.org/en/ [16:43] nevermind, i'm an idiot [16:43] :) [16:43] is there anything similar to redhats chkconfig? [16:43] ivoks: what's the content of /home/ivoks/ldap.py ? [16:44] I like to use chkconfig --list servicename to get a list about runleves this services is configured [16:44] aaaaaaaaaaaarrrrrrrrrrrr /me stupid [16:44] mathiaz: right.. it imported ldap from current directory :) [16:44] instead from library :) [16:45] jmedina: there is a chkconfig package in intrepid [16:46] do you guys have bacula configured with MySQL or Postgre ? [16:46] i have with mysql and sqlite [16:47] but i've tested with postgre [16:47] okay [16:47] I always used with mysql under slackware, gentoo, centos but in ubuntu I use sqlite [16:48] thanks ivoks and jmedina [16:49] I have a howto (in spanish) about bacula, it is the implementation for a customer [16:49] but there is no better documentation than the official [16:50] nice, i'll read through the ubuntu docs and the official... apt-get remove amanda'ing right now [16:52] bacula in ubuntu is works-out-of-the-box :) [16:52] ivoks: yeap I like that, and with dvd support integrated :D [16:52] jmedina: you use bacula in ubuntu? [16:52] ivoks: yeap, in dapper and hardy [16:52] so, how do you like it in hardy? [16:53] there was an update recently [16:53] ivoks: ti works fine, here is backing up only 4 servers, but with a customer is backing up 1 centos, 1 gentoo, 1 ubuntu, 2 windows (sap dbs) and about 50 linux desktops [16:54] I only remember a bug about the catalog [16:54] with another customer backing up 30 xen vm machines [16:54] which bug? [16:55] there was a but about the script that generates the catalog, I think it was something about permisions to the database [16:55] oh, right [16:55] im not sure, it was probably a year about [16:55] ago [16:55] that was fixed [16:55] path was wrong [16:56] but that was only with our new catalog-backup script [16:56] I only use hardy as server [16:56] yeap, that one [16:56] which catalog backup script do you use? ubuntu's awk or bacula's default? [16:56] ivoks: you are ubuntu developer? [16:56] we ship ubuntu script by default [16:56] ivoks: afaik awk [16:56] jmedina: i'm watching over bacula in ubuntu [16:57] good I still remember a but that created a 644 file in / in edgy or something [16:57] so, i'm interested in how people use it or do they use it at all [16:57] s/but/bug/ [16:57] since we don't get lots of feedback [16:58] 644? [16:58] i think edgy didn't have bacula supported [16:58] a file or dir named 644 or 755 in / [16:58] iirc, we support bacula since 7.10 or something like that? [16:59] well not sure if was edgy, I was backporting bacula from edgy or feisty to dapper [16:59] I think 1.39 was introduced in edgy [17:00] not sure [17:00] right... real bacula clean up was in 8.04 [17:00] that was first release with supported bacula, iirc [17:00] ivoks: what you mean with "supported" in main? [17:01] yes [17:01] ok [17:01] ivoks: I hope you can help me with this doubt [17:02] can I get a list of the packages I have installed from universe repository? [17:02] with some scripting, yes [17:02] :S [17:03] i'm not aware of any program that can do that for you [17:03] I want to get a list because I need to know which packages are not "supported" and probably work with them to introduce it to main or something [17:04] MadChopr: u should also look at BackupPC: http://www.howtoforge.com/linux_backuppc [17:08] dayo__: thanks will look into it... why did you mention it? [17:24] MacChopr: u thought u were talking about bacula for creating backups? [17:32] ivoks: where can I suscribe to see bacula changes? [17:32] in ubuntu? [17:32] there's /usr/share/doc/bacula-*/changelog.gz :) [17:34] :D, mm I was thinking about pending bugs, new proposed changes and like that [17:35] jmedina: grep-status -sPackage -FSection universe [17:35] on launchpad [17:36] maxb: ? [17:36] https://edge.launchpad.net/ubuntu/+source/bacula [17:36] 17:02 < jmedina> can I get a list of the packages I have installed from universe repository? [17:37] but what you mean with that sentence? [17:37] hey guys, i want to restrict on my ssh-server the connection-attempts to 3... how can i do it? in /etc/ssh/sshd_config maybe "MaxAuthTries 3" ? [17:38] i know about fail2ban, just wandering if it is possible this way too [17:38] dou213: that wont stop attackers [17:38] or robots [17:38] they can retry auth [17:38] jmedina, u mean "MaxAuthTries 3"? [17:39] or fail2ban? [17:39] maxaut.. [17:39] hmm... damn, so fail2ban is better yes? [17:40] well I better change the port and only allow key based auth [17:40] with that I forget about brute force attacks [17:40] dou213: You can do it in iptables. [17:41] ScottK, how? [17:41] that is another option with the LIMIT target [17:41] thx jmedina [17:41] match [17:41] yeah. that [17:41] dunno what u guys are talking, maybe some insight? :) [17:42] or preferable documentation links [17:45] dou213: http://www.cyberciti.biz/tips/howto-limit-linux-syn-attacks.html [17:46] that is using iptables using recent match and limit [17:46] and here another http://www.debian-administration.org/articles/187 [17:46] there is also the port knocking option using iptables :D [17:47] I implement it using shorewall [17:48] jmedina, thx for ur trouble [17:48] * dou213 is reading.. [17:59] maxb: where do I have to grep for those fields? [18:00] I gave you an exact command line to run [18:19] if i may ask, a good tutorial (one which you already checked out) to install a web server (apache) and database server (mysql) ? but pls make sure u checked it (followed it urself) [18:20] <_ruben> dou213: sudo apt-get install lamp-server^ ... done .. apache2+mysql+php all ready to go [18:20] _ruben, nice tutorial :D:D [18:21] ok thx [18:21] taskselect and select LAMP [18:21] <_ruben> which is the same [18:23] thx, i was kinda looking for something like this: http://www.howtoforge.com/perfect-server-ubuntu-8.10 [18:23] was interested if anyone has followed such a tutorial and can recommend one [18:24] perfect ubuntu server runs just mysql!!!! [18:24] * ScottK is fairly certain anything perfect doesn't have mysql in it. [18:25] i've unleashed pandora's box :P [18:25] :( [18:26] usually people who have never properly used mysql say so! :) [18:28] \o/ found some fedora box, deadlocked immediately: http://p.defau.lt/?N82mJbAJ31bLoJBb5lbNmA [18:28] jmedina: tasksel* [18:31] maxb: thanks, I thought grep-status was mispelled [18:38] domas: I am not a SQL/RDBMS heavy weight, but I've work on projects with people that were. Pretty universally they prefer Postgresql. [18:40] guys, would it be safe to remove apparmor? [18:40] dou213: yes. no. [18:40] in the tutorial i sent u, they advice to do that [18:40] ScottK: :) my major field is web database heavyweights [18:40] ScottK: there PG is nonexisting, and MySQL is everywhere [18:40] one of my customers have a 800GB DB and they use postgresql [18:40] domas, so it depends... [18:41] dou213: nothing will break, though security will become a bit worse :) [18:41] they said they tested everthing even running psql under aix, but it performed better under linux [18:41] dou213: Why do you want to do that? [18:41] well, some our customers have thousands of mysql servers :) [18:41] ScottK, it's an advice i've read on this tutorial : they say if not removed, ISPconfig won't work [18:42] dou213: doesn't make sense... [18:42] dou213: by default there're nearly no apparmor profiles [18:42] only few packages come with those [18:42] kinda thought that too ... that's why i asked [18:43] damn, I was forced to deploy vanilla kernels, now don't have apparmor :( [18:43] on database boxes [18:43] no need, of course %) [18:45] http://www.howtoforge.com/perfect-server-ubuntu-8.10-p3 ---> at the end [18:46] dou213: I can certify that guide author is an idiot! [18:46] * domas ducks [18:46] a) it is very easy to find out when apparmor blocks anything, because thats what audit logs are for [18:47] shit :( [18:47] b) apparmor is one of best security practices out there for net-facing systems [18:48] hmm... domas, if i wanna reinstall apparmor as it was before: sudo apt-get install apparmor apparmor-utils ? [18:48] I understand managing selinux is way more complicated [18:48] * kees loves apparmor [18:48] kees: you're security engineer, you have to. [18:48] domas: hah, no, plenty of people hate AA. :) [18:49] kees: I'm working now on a project to wrap whole codebase into proper AA profiles, with proper hats, etc [18:49] not me! [18:49] Urgh. The guide author is doubly silly for recommending manual use of update-rc.d [18:49] domas: nice! [18:49] I <3 AA [18:49] kees: well, 'our codebase' in my hobby project [18:49] dou213: your apt-get will re-install the AA tools, yes, but you need the kernel support compiledin [18:49] but it is huge codebase [18:50] kees, that means? [18:50] i already did : "/etc/init.d/apparmor stop [18:50] update-rc.d -f apparmor remove" [18:52] anyway, apparmor makes sense when you use it [18:52] it will not do anything by itself [18:52] (except for few packages that put in profiles) [18:53] oh so i get it i can remove it, since i won't use it [18:54] *shrug* [18:54] without making the webserver and ssh-server insecure [18:54] ? [18:54] let me show you an example of an apparmor profile [18:54] I'm not entirely happy with it yet, but.. [18:57] http://p.defau.lt/?xovyedW457Rpz94srZHShg [18:57] you can see that for quite complex codebase I can narrow execution a lot [18:57] there're few other projects in mind to make this way more secure (like not use sh for PHP sub-process invocation, etc) [18:58] dou213: why did you disable it? [18:58] to be honest, i don't understand very much about it, but it was interesting to see what u're working on... :) [18:59] want to install that ispconfig [18:59] kees, maybe i can reverse it? [18:59] dou213: I highly recommend reinstalling it and leave it on. if a profile gets in the way, you can turn off that profile with aa-complain [18:59] dou213: sudo apt-get install apparmor apparmor-utils; sudo /etc/init.d/apparmor start (if it hasn't already) [18:59] kees, that's it? [19:00] dou213: then "sudo aa-status" will show you want it's up to [19:00] dou213: yeah, if you have a normal Ubuntu kernel [19:00] "update-rc.d -f apparmor remove" what did this cmd do and how can i reverse it? [19:00] dou213: though, since you did a "stop" you'll either need to restart the services it protects or reboot. [19:00] dou213: It wiped out the initscript symlinks [19:00] dou213: that ripped apparmor's init logic out [19:01] dou213: "sudo update-rc.d apparmor defaults" [19:01] * domas hugs 'px' [19:01] ok very many 10x kees [19:02] kees: may I ask few private distro sec engineering questions ? [19:02] kees: how app vendors should do communication, etc [19:02] sudo /etc/init.d/apparmor start ---> "Loading aa profiles - aa already loaded with profiles.: skipped." guess already loaded [19:03] kees: Is defaults appropriate here? Don't you need to look up the actual params used from the postinst? [19:03] kees, "sudo update-rc.d apparmor defaults" ---> System startup links for /etc/init.d/apparmor already exist. [19:03] dou213: use "sudo aa-status" to check on AA [19:04] domas: I'm not sure what you mean [19:04] maxb: hm, good point. [19:04] dou213: "sudo update-rc.d -f apparmor start 37 S ." [19:05] er, no "-f", sorry [19:05] "sudo update-rc.d apparmor start 37 S ."? [19:05] But re-run "sudo update-rc.d -f apparmor remove" first, then run the command to put them back [19:06] so ... first "sudo update-rc.d -f apparmor remove", then "sudo update-rc.d apparmor start 37 S ." ... syntax correct? [19:06] kees: I'm 'paying users' security officer at mysql, so it isn't entirely in my domain, but... what is the best way to approach all linux vendors with security problems, apart from logging into each of their bugs systems? [19:06] dou213: yes [19:06] thx u guys [19:07] kees: I'm sure distribution maintainers read our changelogs, but sometimes 'security improvement' may mean 'remote code execution avoided' [19:07] dou213: don't do the remove [19:07] dou213: ah! [19:07] kees: But without the remove first, the second command will decide you have an existing config that it should not modify [19:08] dou213: if you have a security vulnerability issue, report it to vendor-sec@lst.de. That's a private list of most (if not all) the distros [19:08] kees, already did sry, what did i do wrong? [19:08] kees: ah, oki, writing down [19:08] maxb: true. I'm not clear what problem is being solved :P [19:08] ok thx [19:08] i'm clear now [19:08] :) [19:09] dou213: does "sudo aa-status" report that apparmor is loaded? [19:09] dou213: cool [19:09] 'sudo aa-status' ---> aa is loaded [19:10] u really helped me out ;) [19:14] kees: oh, I guess I'm even eligible for membership on the list :) [19:18] which repositories i gotta activate to install lamp-server? [19:18] No extra ones [19:19] E: couldn't find package lamp-server [19:19] It's not a package, it's a task. Run tasksel [19:24] gah.. i'm having a hard time with bacula nonetheless [19:24] i need a break [19:27] bacula is really tough to setup :/ [19:28] thanks for the support :) [19:29] well ask your question ;) [19:29] I'm at the "i got my home backed up to the same pc" with bacula so not that far :) [19:40] New bug: #323324 in mysql-dfsg-5.1 (universe) "package mysql-server-5.1 5.1.30-2ubuntu5 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/323324 [19:43] yann2: i have no clue really what's going on right now... but... i poked holes in ufw on 9101, 9102, and 9103... when i type 'bconsole' to 'label' my tape... it tries to connect to the 'storage daemon' on 9103, and fails... i've restarted both /etc/init.d/bacula-sd and bacula-dir and still no solution. [19:44] check the passwords? [19:44] i didn't really check the passwords, lemme check that out.. i just figured ubuntu automatically filled all that stuff in during the config [19:44] my tests with bacula on hardy show that the packages are a mess, that the documentation is missing and that it is generally very complex [19:44] yes ok [19:45] if I get it to work I'll write something down I promise ;) [19:45] yann2: good :) [19:49] failed to install the ubuntu server on t1000 .. this is how far I came .. http://pastebin.com/d6718eeb4 [19:51] yann2: well, it looks like the passwords are in the right spots [20:07] yann2: i just opened up the postgresql port (5432) still no movement forward. [20:38] hi, anyone here can help out with a postfix install on intrepid? [20:44] is there a way I can get the original sources.list? I was an idiot and replaced my personal computer's sources. [20:45] Bryan: which version? [20:45] server 8.04 I do believe [20:46] eah [20:46] yeah* [20:46] 8.04 [20:46] kernel 2.6.24-19-server [20:46] http://verde.e-compugraf.com/jm-confs/apt/hardy-server/ [20:46] there is mine [20:47] Thanks :D [20:48] Okay, I have one more question. Is there an easy way to change the server in the sources (other than doing a replace in the file)? [20:49] Because there is a mirror here on campus, and I wanted to change it to that [20:51] davertron: having said that, what is the issue? [20:54] ScottK: doncha love content-free questions? [20:54] hrm... was that my out-loud voice? [21:02] i seem to be having issues setting up postfix [21:03] i apt-get installed postfix, but then when i execute "netcat localhost 25", i see that i'm running Sendmail; if i then type "apt-get remove sendmail", it says it isn't installed [21:03] i'm a bit confused :) [21:05] it probably isn't configured [21:05] dpkg-reconfigure -pmedium postfix [21:06] wait. [21:06] what tells you you're running sendmail? [21:06] and what does 'ps aux | grep sendmail' say? [21:08] apt-get purge sendmail.* [21:09] I was asked a question that I didn't know the answer-- Can ubuntu-server run putty? [21:10] redvamp128: normally, we just run openssh-{server,client} rather than trying to run the windows implementation of the same.... [21:11] putty is a client for ssh servers [21:11] so if you're trying to use putty to get into an ubuntu-server install, you need to apt-get install openssh-server [21:11] ahh ok [21:12] redvamp128: and, on questions starting with 'Can Ubuntu...', the answer is always 'Yes'. [21:12] :) [21:12] What they want to do is get a system up cheap-- to replace what is in the motel [21:12] Can Ubuntu send me ivoks to do my dishes ? [21:13] ivoks: although sometimes a not-insignificant amount of coding is yet to be done... [21:13] Yes, it can [21:13] lol [21:13] :D [21:13] ogra: that's part of the fee-based program [21:13] All it needs to do is the following-- Assign Ip addresses - over wireless- to dish out a web page a "E-host" page [21:13] ogra: for a small amount of $$$$$, you can get even ivoks doing your dishes [21:13] I knew that ubuntu-server could do it- [21:13] dhcp3-server [21:13] lol [21:14] ivoks, my GF loves you she says [21:14] just when they asked -- will it have putty? I didn't know the answer [21:14] ogra: i wonder what would my gf respond to that... [21:14] giggle [21:14] and no, it won't have putty. it'll have mother-of-putty :-D [21:14] I had actually never heard of putty-- last server for dhcp I set up years ago-- running slackware [21:15] it's like asking if it would have volkswagen, while it's running porsche [21:15] It is still running today-- for a network with 10 computers and 3 servers- [21:16] dhcp is quite stupid protocol [21:16] there isn't much to brake [21:16] that could be the reason why it's still running :) [21:16] To laugh though it runs great on a PII slot [21:17] 300mhz cpu and 128mb of memory and a 10 gig hard drive [21:17] The current server has just had a bad memory lapse of what IP addresses it can assing and it is windows based. [21:18] and also forgets it needs to give out the "e-host" page- [21:20] Though I think on monday I will just tell them to go with the 3,000$ package which comes with a years worth of support. (instead of dealing with it myself) I am a maintenance man- at a Holiday Inn Express. [21:21] I don't make enough to deal with all the hassles [21:21] Thanks for the answers though.. [21:26] i'll sell you support for 2000$ :) [21:27] oh, he left, darn... [21:27] can somebody help me with mysqld ?? Error: http://pastebin.com/d2c1b4524 [21:27] what did you do with mysql? [21:27] any special custom config? [21:28] trying to install lamp [21:28] so that everything works smooth [21:28] so, this is default install? [21:28] *smoothly [21:28] ivoks, yes [21:28] http://www.zeroathome.de/wordpress/lamp-linux-apache-mysql-php/ [21:28] something like that [21:29] tried it with lamp-server from taskel first, same error [21:29] so, you are on the first step for mysql? [21:29] y [21:30] try this: [21:30] debconf_DEBUG=developer dpkg --configure -a [21:30] bah [21:30] DEBCONF_DEBUG=developer dpkg --configure -a [21:30] and paste output on pastebin [21:31] http://pastebin.com/dd06ce46 [21:32] ivoks, or maybe if u have a working lamp tutorial (already tested by urself) i would really appreciate it [21:33] i just install apache2 and mysql-server [21:33] and that works [21:33] so, this tutorial isn't wrong [21:33] and it should work [21:33] check /var/log/syslog [21:34] hello [21:34] it should have some info why it didn't start [21:34] ivoks, can i send u in prv msg? [21:35] i am using the asterisk provided package and i am seeing some issues with it, first, it tries to record to /usr/share/.... and there seems no way to change where is it record except with absolute paths, second, it wont play lots of gsm audios that other asterisk systems play just fine [21:35] ok [21:35] appreciate all the help i can get on this one, i have ubuntu server 8.10 [21:36] rene-: asterisk isn't quite supported yet, but you are welcome to report bugs [21:36] rene-: that would help us make it better [21:36] dou213: ps ax | grep mysql [21:37] dou213: and ls -dl /var/run/mysqld/* [21:37] sure [21:38] ls: cannot access /var/run/mysqld/*: No such file or directory [21:38] Use FreeSWITCH :) [21:38] dou213: how about ls -dl /var/run/mysql* [21:39] ok returned something [21:39] what? :) [21:40] *** 2 mysql *** 40 Sep 19 15:23 /var/run/mysqld [21:41] the '*' are added by myself as substitution for sensitive data [21:41] disclose first *** [21:42] it should be drwxr-xr-x [21:42] drwxr-xr-x [21:42] and the second is root [21:42] lol :) yes [21:42] those aren't sensitive data [21:42] hm [21:43] open a terminal [21:43] run in it 'tail -f /var/log/syslog' [21:43] hit enter couple of time, so you would know when you started tracking logs [21:43] in other terminal run 'dpkg --configure -a' [21:43] and then paste all the logs somewhere [21:44] and, if you worry about sensitive data, send me a link over PM [21:44] if u tell me there is no sensitive data, then i trust u [21:45] well, i can't tell that [21:45] just give me the link over PM :) [21:46] paste it in pastebin y? [21:46] y [21:47] could it be that some kind of socket is not existing? [21:48] socket is generated on start [21:50] sent it 2 u [21:52] i asked if you have custom configuration [21:52] like, changed mysql variables [21:53] you changed mysql config and this isn't default install [21:53] then you should know that ubuntu comes with apparmor security framework [21:53] oh ... sry, thought u mean something else with custom configuration [21:53] which doesn't allow mysql to write outside of designated places [21:53] easiest fix would be to put apparmor to complain mode [21:54] aa-complain /etc/apparmor.d/usr.sbin.mysqld [21:54] after that dpkg --configure -a will work [21:54] aham, so either i keep the custom config or put aa to complain mode ? [21:54] or modify apparmor profile [21:54] it's easy to do it [21:54] can u teach me how? [21:54] open /etc/apparmor.d/usr.sbin.mysqld in your favourite editor and dig in [22:00] ok ivoks, thx v. much [22:03] dou213: once you put apparmor profile in complain, it stays that way untill you enforce it again [22:03] so, on reboots, everything is like you want it to be [22:04] good night [22:05] ok it worked now, if i want to put apparmor profile in normal again (as it was before), will it interfere with mysqldaemon? [22:05] oh [22:05] ok [22:05] thx very much [22:05] yes, it will [22:05] it will kill it [22:05] :( hate it when it does that [22:05] :D [22:05] good night [22:05] then fix config for your custom settings [22:05] i told you how [22:05] and even where and what in private [22:06] yeap [22:06] i don't know what else one can expect [22:07] nothing more, my expectations were were surmatched [22:07] take care, bye [22:08] u2 mate [22:36] How do I activate Mod_Python? [22:45] a2enmod? [23:02] anyone know how to adjust /etc/ssh/sshd_config so that when a SSH connection is made on port 5000 (assuming you're already listening on port 5000), it gets forwarded to port 4000? [23:11] kansan: I think you need to create a ssh tunnel, which has noting to do with sshd_config [23:18] kansan, yah, i think you [23:19] kansan, are thinking of 'reverse tunneling' [23:20] kansan, here's what i got first on a google search: http://lericson.se/docs/reverse-port-forwarding-openssh/ [23:31] ah