=== bromic94_ is now known as thewrath [00:55] Hey everyone... does anyone know of a cd/dvd buring program that uses command line interface? [00:55] mkisofs / growisofs [00:55] genisoimage now, I think. [00:56] Traditionally genisoimage (nee mkisofs) is used to create an .iso, and this is then burnt with cdrecord. [00:56] For DVDs, the growisofs tool can perform both steps at once. [00:57] ok so growisof [00:57] Incidentally, most (all?) GUI burning tools end up just calling the CLI tools internally. [00:58] yeah... just the server im using has no GUI and i would prefer not to have a gui installed in order to keep the system hardened [00:59] That won't really "harden" the system much. [01:00] But using a GUI remotely is often slow, and in this case is certainly unnecessary. [01:00] will "weaken" [01:00] most vulnerabilites are found with GUIs and if i install one then i have to go through a battery of tests to ensure that the system is hardened [01:01] Myst: if those GUIs can only be used by ssh -X, then you're only as weak as ssh. [01:01] Unless end users have shell access to your server, I guess. [01:03] the last time i installed a GUI for linux it had alot of processes that ran at startup, which in turn created some vulnerabilities during the testing... so i have avoided using guis on any server... [01:04] Installing a single graphical application is different to what you call "installing a GUI". [01:04] along with all the xauth etc. packages that are then needed for x-forwarding [01:04] I'm not advocating installing ubuntu-desktop or anything, just e.g. xcdroast. [01:05] Deeps: well, openssh-server Recommends xauth anyway [01:05] recommend, doesn't depend [01:05] Deeps: recommend is opt-out now [01:05] twb: i opt out [01:05] yeah... just if i want to run a burning utility and need the gui to do it all those unnecessary processes run... but ill look into xcdroast [01:05] i'd take the opposite attitude to twb here, and i'd avoid any X related applications on a server [01:05] Deeps: well so do I [01:06] especially since like he says, in the case of cd/dvd burning, they all just end up using the same cli tools internally anyway [01:06] Deeps: I'm just saying that of all the things that you can do to harden a server, refusing to install libx11 is pretty negligible. [01:06] so skip their front ends and just do it yourself [01:07] Removing anything non-essential listed in netstat -nap or in /etc/init.d/ or /etc/inetd would be a start. [01:07] Installing a firewall, possibly auto-applying security updates. [01:08] Compared to installing, say, xdu or xterm, those will have far more impact. [01:08] hehe... i didnt mean to start a debate about hardening a system... but advice is always welcome [01:08] Myst: no worries, I should be working... [01:15] Regarding smartmontools... [01:15] I need to tell it my drives are SATA, not SCSI. I can add /dev/sda and /dev/sdb to smartd.conf. [01:15] But what happens if the device names happen to change (e.g. because USB gets modprobed before SATA for some reason)? [01:16] Does it know about UUID? [01:16] Can I tell smartd to identify devices by a UUID or serial, or even just to default to assuming SATA? [01:17] eh, it should detect all drives automaticly? [01:17] JanC: yes, but it detects them autoamtically as SCSI [01:18] Because of the SAT emulation layer in the kernel. [01:18] (That's why drives are called /dev/sda not /dev/hda nowadays) [01:18] of course, but it's easy enough for them to see that it's really a SATA disk... [01:19] JanC: smartd apparently doesn't know to do that. [01:19] smart works fine with my sata drives [01:20] I don't know anyone who's had a problem ... can you describe exactly what's going wrong? [01:22] giovani2: I have to add -d sat. [01:23] giovani2: this means explicitly listing the drives, AFAICT. [01:23] giovani2: this means that if the drives change names, smartd.conf will be wrong. [01:23] what happens if you don't? [01:23] Device /dev/sda: ATA disk detected behind SAT layer [01:23] Try adding '-d sat' to the device line in the smartd.conf file. [01:23] For example: '/dev/sda -a -d sat' [01:23] ...in syslog. [01:24] odd, that doesn't happen for any of my SATA drives, is the SAT layer non-default? [01:24] giovani2: AFAIK this is a stock Ubuntu 8.04 Server install. [01:24] https://help.ubuntu.com/community/Smartmontools [01:24] did you read that? [01:25] the script on the bottom seems to be a solution, as it's doing "-d ata" -- you could simply swap that out with "-d sat" [01:25] it's iterating through /dev/disk/by-id/ [01:28] twb: it should also understand the device links in e.g. /dev/disk/by-id/ [01:29] and probably the other ones under /dev/disk/ too [01:31] giovani2: sorry, I'm multiplexing multiple tickets. Looking now... [01:31] giovani2: OK, that link seems to basically be circumventing the existing init.d infrastructure entirely. [01:32] Oh, no, I see, they're talking about using that script as a replacement for the default scanner execed in smartd.conf [01:35] Hmm, this actually looks like it works: [01:35] Just add "-a -d sat" to the DEVICESCAN line itself. [01:37] Wish I knew how to simulate a smart failure on a remote machine, though :-) [01:38] on my system SATA drives are automaticly recognized as such, it seems... [01:45] twb: don't have any old, bad drives around? [01:46] New bug: #342056 in samba (main) "Samba automatic account creation assumes local accounts" [Undecided,New] https://launchpad.net/bugs/342056 [01:48] giovani2: the machine is in a data center [01:48] And more to the point, I'm not [01:49] I'm usig ufw for firewall. if a port is not ALLOW, does it not mean DENY? what defference does explicitely DENY make? === bromic94_ is now known as thewrath [01:50] anyone know anything about this: http://linux.slashdot.org/article.pl?sid=08/02/13/0227231 [02:00] doginize: run "iptables-save" and pastebin the output. [02:00] doginize: if you look at the top of that output, you'll see something like... [02:00] :INPUT ACCEPT [0:0] [02:00] :FORWARD DROP [0:0] [02:00] ...those lines mean that INPUT defaults to ACCEPT and FORWARD defaults to DROP. [02:01] Unless you're working on a router, you mostly care about the INPUT chain. [02:02] doginize: however what you might find is that the default policy for INPUT is ALLOW, but at the bottom of the chain ufw has a rule like "otherwise, always reject". [02:02] I haven't used ufw enough myself to know if that's the case by default, and I don't have a ufw-enabled box nearby to check. [02:03] twb: here is the output: http://dpaste.com/13850/ [02:04] doginize: OK, so the default policy for INPUT is DROP. [02:04] DROP is like REJECT, only the packet is thrown away without sending a "piss off, loser" packet to the other computer. [02:06] thanks, twb [02:06] What that means is the other end will just see something like "connection timed out" instead of "connection refused". [02:06] And I can't see any generic "otherwise -j REJECT" at the bottom of the INPUT chain. [02:09] Greetings [02:10] any way to get real time logs to show on tty? [02:10] tail -f logfilename? [02:10] twb: i dont know what those output mean. any suggestion for me to read? [02:11] ScottK... hehe. My bad for not articulating. [02:11] That did seem too easy. [02:11] I'd like to have syslog show in realtime on a tty straight from boot. [02:12] I can always switch to another tty to log in... [02:13] but typically I do all from SSH and the server doesn't have keyboard/mouse... just a monitor [02:13] doginize: basically ufw is an abstraction layer over a more powerful (and more complex) system called "iptables". [02:13] doginize: so to know what ufw did, I looked at what the actual iptables settings were "under the hood". [02:14] doginize: unfortunately I don't know a good single reference for iptables, I just kind of picked it up as I went along. [02:14] * Fenix|home mumbles about iptables... which is like learning icelandic through greek, through latin, through chinese and you don't know any of those languages. [02:16] doginize, wanna learn IPTables... go to the project homepage at http://netfilter.org/ [02:16] be prepared though... it's a rough ride [02:16] ok, thanks. [02:20] alright... have a good night boys and girls. [02:47] Eh, the iptables homepage never really helped me grok iptables [02:47] I needed to actually try it, and see working examples, and read articles on how to do specific things (e.g. DNAT) with it [03:24] Is there any point in zeroing (dd if=/dev/zero of=/dev/sda1) md RAID1 nodes prior to creating the array? [03:34] twb: not really [03:47] How do I discover the UUID of a swap partition? [03:48] vol_id will probably tell you [03:50] ajmitch: where is that? [03:50] in /sbin [03:50] Hmm, not on the Etch box I'm pinching bits from. [03:50] Apparently that's provided by udev [03:51] sorry, I assumed you were using ubuntu [03:51] No worries, I'm duplicating it *to* ubuntu [03:51] This box being Etch was a bit of an accident. [03:51] why do you need to copy the UUID? [03:51] since it probably won't have one on that swap partition [03:52] swaps have UUIDs [03:52] they aren't required to [03:53] Ah. [03:53] In general I'm copying the UUIDs so that when I copy the OS from one set of disks to another, /etc/fstab and menu.lst and such will be correct without me needing to munge them. [03:54] Last time I did this for an Ubuntu box, which uses UUIDs more than this silly Etch system. [03:54] * ajmitch is different & has LVM, so the swap volume is just addressed by name on this sid box [03:54] but has a UUID on the hardy system here [03:54] ajmitch: even though it's on LVM, it's addressed by UUID here. [03:54] (On the Ubuntu example I'm looking at) [03:55] But then I probably set up LVM on it via d-i [03:55] either way works [03:55] Nod. [04:30] hi... can anyone help me? i want to get an online file host... any recommendations? [04:31] something cheap but very good and FAST, though it doesn't have to have a ton of storage space [04:31] joanki123: file host for what purposes? backups? remote access? media delivery? [04:31] backups [04:31] just for me personal [04:31] for a few files - not a ton [04:31] amazon s3 works great for me [04:31] mostly for convenience, so it doesnt' have to be anything large [04:31] they only charge you for what you use, so it's good for small usage [04:32] 15cents per gb [04:32] i have less than 1 gig of stuff to backup [04:32] per month [04:32] is there anything flatrate or annual so i don't have too stres about using too much? [04:32] to* [04:32] why would you stress? [04:32] and stress rather [04:32] unlimited is a bad idea [04:32] because tomorrow's files are going to be HUGE [04:32] i have to do a one time large transfer [04:32] no service is unlimited, and nyone that sells it are overselling [04:33] ok i see [04:33] http://aws.amazon.com/s3/ [04:33] .15 /gb not bad [04:33] I asked you how much you wanted to back up, you said less than one GB [04:33] now it's more? which is it? [04:33] tomorrow it will be like 100 [04:33] 100GB? [04:33] for a day [04:33] and then it will reduce to like 1 gb [04:33] do you have a connection to upload that amount? [04:33] on average [04:34] it will take time, of course.... [04:34] so flat-rate file server is hosting is not.... adviseable [04:34] i would think one would just prefer to know what she is paying for ahead of time [04:35] you would know ... because you know your usage [04:35] why pay every month for something you're not using? [04:35] if you pay $5/mo [04:35] for a year [04:35] you've paid $60 [04:35] but, if you average 1GB per month on s3 ... you pay $1.80 per year [04:35] how is the former better? [04:36] lol [04:36] ok [04:36] if you need to store 100GB for a year [04:36] that's different [04:36] but, I wouldn't trust anyone who provides 100GB of backup for $5/mo [04:37] they are losing money, and overselling to provide it to you [04:37] they also charge for data transfer [04:37] what is a tb? [04:37] yes? backups aren't retransfered all the time [04:37] Terabyte? 1024 Gigabytes [04:37] for backups, you should be using rsync [04:37] which only transfers the files that have changed, and not everything [04:37] rsync [04:38] ok [04:38] rsync is software [04:38] for linux [04:38] i will look it up [04:38] http://samba.anu.edu.au/rsync/ [04:38] but can you backup to a file server? [04:38] an online one [04:38] from that program? [04:38] rsync doesn't care where you're backing up to [04:38] how often do you backup your personal computer? [04:38] you mount your s3 account on your linux computer [04:38] i think i want to do it every month [04:38] and then rsync to that mount point [04:38] I run rsync nightly [04:38] ohhhh coool [04:38] if you run rsync nightly.... do you transfer data to s3 nightly? [04:39] yes ... only what has changed [04:39] which is probably 50-100MB at most [04:39] ooo i see [04:39] and you can choose which files to back up [04:39] i was using an external harddrive [04:39] of course ... [04:39] I have to go [04:39] good luck [04:39] aww [04:39] ok i will get rsync [04:39] thank you [04:41] has anyone actually ever got to get ubuntu working on a hp mediasmart ex4xx? [04:44] sorry dell here [04:45] i gotta go... bye everyone === jwstolk1 is now known as jwstolk === jwstolk1 is now known as jwstolk [10:11] hi, we have a strange problem on 8.10, we recently upgraded from 8.04 to 8.10 and now the system refuse to boot (it cannot find the root partition), fstab contains /dev/disk/by-uuid references. In BusyBox if we wait a while devices starts to appears and we can mount them (sort of delay problem?). We use ata_piix for disks. Any clue? [10:12] nomoa: If you look in the release notes there's a note about failure to boot with Intel 945. It's now known to affect more broadly than that. [10:13] What you have sounds somewhat like that. [10:13] In busybox if you wait a few minutes what happens if you just exit (don't manually mount anything)? [10:14] ScottK: I'm going to try [10:14] OK. [10:17] ScottK: It works [10:18] nomoa: Add rootdelay=90 (90 works for me, you might have to adjust) to the boot parameters in /boot/grub/menu.lst. [10:18] Also there's a bug you should comment in. Let me find it. [10:20] nomoa: Bug 290153 <-- Please comment with the particulars of your hardware. Also there's a recent request for testing with newer kernels you might consider. [10:20] Launchpad bug 290153 in linux "Fails to find boot device in Intel D945Gnt" [High,In progress] https://launchpad.net/bugs/290153 [10:20] ScottK: We deactivate our scsi LTO-2 medium autochanger wich takes ages to load, I'll check with it and adjust the delay [10:20] ScottK: ok many thanks [10:20] YW. [10:27] anybody here use screen? [10:27] is there an easy way to save sessions in screen if your server's going to reboot? [10:28] chrisadams: far as i knoe there isnt anyawy to save screen session [10:28] damnation [10:28] ah, nevermind [10:28] offcourse there is way around it [10:28] I guess I should be using screen rc to save settings anyway... [10:29] yeah.. the way around it is use virtual machine which you can transfer toa nother computer [10:29] i think Xen supports it, maybe little overkill for just keep screen running [10:29] lol [10:29] definitely :) [10:37] so ... in jaunty one of the last days broke my nfs mount [10:37] that worked for ages [10:37] i get "authentication failure" [10:38] anyone has any clue how to debug this? [10:51] problem is in authentication part :) [10:51] kirkland: looks good. an extra space I'm not sure where it's from, but otherwise what I expected. [11:18] I have a vps running ubuntu 8.10, and lately that server suddenly just freeze so i have to force restart it.. anyone else here have the same problem? === asac_ is now known as asac === scfh is now known as scfh_ === scfh_ is now known as scfh [12:35] Nafallo: if you pull 1.38 from the PPA, there's an item in the Menu that lets you configure on/off each of the status indicators [12:36] ah yea. kewl. [12:37] kirkland: found a bug then... === bromic94_ is now known as thewrath [12:37] Nafallo: what's that? [12:37] Nafallo: the whitespace? [12:37] hey all how do i mount a new drive to server? [12:37] kirkland: I turned off mem-available and mem-used now says: ,46% [12:37] sudo mount /dev/sda3 /tftpboot ? [12:38] Nafallo: so that's the same problem as with the whitespace [12:38] kirkland: ah. after the hostname. yea pretty much. [12:38] :-) [12:38] Nafallo: enabling/disabling those status items doesn't actually remove them from your profile [12:38] Nafallo: it just makes the scripts exit 0 [12:38] Nafallo: immediately [12:38] ha. oki. [12:39] the status line is still [12:39] # Status string, last line [12:39] hardstatus string '%{+b kr}\%{= ky}o%{=b kY}/%{=b Wk} %100` %{= Wk}%112` %= %{=b bW}%102`%{= Wk} %{=b rW}%101`%{= Wk} %{= Wg}%108`%{= Wk} %{= Yk}%106`%{= Wk} %{= Wk}%104`%{=b cW}%103`%{= Wk} %{=b gW}%105`%107`%{= Wk} %Y-%m-%d %0c:%s' [12:39] Nafallo: I haven't thought of a good way to clean that up [12:40] anyone?> [12:40] as long as you don't have to care about / read it ;-) [12:41] Nafallo: ? [12:42] kirkland: I don't see that line when I use the application :-) [12:42] kirkland: ...so not as bothered :-) [12:45] Nafallo: cool [12:45] Nafallo: so besides the leading/trailing chars, you like? [12:45] kirkland: I've got arch now :-) [12:45] kirkland: yea. it's fine. [12:46] Nafallo: \o/ [12:46] kirkland: except of course... the constant annoyance you're already told about multiple times :-) [12:47] plain, light, dark [12:47] Nafallo: too many colors [12:48] kirkland: plain, light, dark, random ? and the random one can generate stuff like green text on pink background? :-) [12:48] Nafallo: [12:48] Nafallo: would you please file a wishlist bug on that one? [12:48] Nafallo: requesting the colored profiles be split out to screen-profiles-extras [12:48] kirkland: if you consider it a serious suggestion I will :-) [12:48] ah [12:48] doh [12:49] Nafallo: not green/pink :-) [12:49] kirkland: random could generate whatever really ;-) white on white? :-P [12:49] Nafallo: yeah, that would increase security [12:53] Bug #342244 [12:53] * Nafallo pokes the bot! [12:53] Nafallo: Error: Could not parse data returned by Launchpad: The read operation timed out [12:53] bug 342244 [12:53] Nafallo: Error: Could not parse data returned by Launchpad: The read operation timed out [12:54] uvirtbot: why do you hate freedom? [12:54] Nafallo: Error: "why" is not a valid command. [12:58] is there a way to identify a device (e.g. /dev/sgX) with a script by reading an entry in a file like /proc/scsi/scsi (we had a usefull device /dev/tape/by-id/XXX but it disappears after we upgrade from 8.04 to 8.10)? [13:02] hi I've installed nagios3 for server 8.10 - do I still need to download plugins off the site or is this included when installing nagios? [13:03] bn43: you might want to install the "nagios-plugins" package [13:04] bug 342244 [13:04] Launchpad bug 342244 in screen-profiles "Split out the themes to screen-profiles-extras" [Undecided,Confirmed] https://launchpad.net/bugs/342244 [13:04] ^-- kirkland [13:04] Nafallo: Error: "--" is not a valid command. [13:04] ah - silly me I was just doing a sudo aptitude search nagios3 [13:04] god damn bot! [13:04] I see I have "i A" next to nagios-plugins [13:05] does it have to trigger on any god damn character :-P [13:05] what does the A mean? [13:18] I can see a whole lot of scripts in /usr/lib/nagios/plugins - I don't see this on the web interface ie check_disk - what gives? [13:19] <_ruben> those are the scripts used by the actual checks === photon_ is now known as photon [13:22] _ruben: but how do they get activated and configured? I can't see how to do this on the webpage [13:25] bn43: Look in /etc/nagios/commands.cfg or something like that. [13:25] bn43: It defined the names of commands you can use for service checks. [13:25] Sometimes there's a one-to-one mapping between those and the scripts in /usr/lib/nagios/plugins, sometimes there's not. [13:27] ah ok that has rung a bell - on the web interface, there is a commands page where I can see all the scripts and switches [13:27] now I just got to figure out what they all mean [13:27] I have a script in cron.daily and it doesn't run -- what should I be checking? [13:28] it's owned by root too [13:28] mrwes: does it run manually? [13:29] yah [13:29] 25 9 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) [13:29] it's a blocklist script to udpate transmission blocklist [13:30] it didn't run at 9:25 [13:30] so it runs sometimes? [13:30] no, never from the cron.daily [13:31] do I need to 'activate' root's cron? [13:31] i know I had a weird one previously - its the naming of the scripts [13:32] did not accept [13:32] _ for instance [13:32] check for that [13:32] the script is called blocklist.sh [13:32] maybe it's the .sh ? [13:33] yeah - check that [13:33] rename and see [13:33] k [13:34] set to run in 2 minutes... [13:34] Liinux servers are powerful -- what a great way to really learn Linux [13:35] yeah I'm learning constantly - I'm a noob but can do some funky stuff now [13:35] running a couple of servers and having fun [13:35] same here -- been running this server for hrmm.. maybe a week :) [13:35] just a simple file and print server [13:35] me too [13:35] and transmission-daemon too [13:36] script still didn't run [13:36] er [13:37] bugger [13:37] hrmm...script won't run without the sh blocklist [13:38] it's chmod +x too [13:38] mrwes: Do you have cron installed? [13:39] ?? u took the sh out right? so its "blocklist" [13:39] hrmm [13:39] yah installed :) [13:39] bn43, yah blocklist [13:40] so if you ./blocklist it does not run? [13:40] and it's sitting in /etc/cron.daily [13:41] administrator@ubuntu:/etc/cron.daily$ sudo ./blocklist [13:41] Waiting for the daemon to exit done [13:41] blocklist updated [13:41] Starting bittorrent client transmission-daemon... [13:41] Starting bittorrent client transmission-daemon succeeded [13:41] and the level1 file is there [13:41] wtf am I missing here? heh [13:42] mrwes: How can you tell it isn't run? [13:43] soren, I deleted the level1 file and had the cron.daily set to run at 9:25am, then I checked for the level1 file after that time and it wasn't there [13:44] maybe it ran and there's an error? [13:44] and when you edit crontab you go "sudo crontab -e" right? [13:44] mrwes: Perhaps your script doesn't like running without a controlling terminal. [13:44] bn43, that's not necessary for cron.daily [13:44] mrwes: check your e-mail. cron sends the output of the commands it runs to root. [13:44] soren, no mail :( [13:45] mrwes: No mail because you don't have an mta or no mail because it didn't send any? [13:45] yes but it ensures that root is running the script - not the user [13:45] and I have an alias root=administrator [13:45] bn43: you still there [13:45] yeah [13:46] try getting to https://www.wasd.k12.pa.us [13:46] bn43, /etc/crontab calls out to cron.daily [13:46] you don't need to 'install' it [13:47] says that right in /etc/crontab [13:47] thewrath: why am I looking at that website? [13:48] cuz cron.daily is run by root [13:48] er [13:48] ?? no each user has there own as far as I know [13:48] crontabs don't belong to root only [13:49] yah I know that [13:49] # /etc/crontab: system-wide crontab [13:49] # Unlike any other crontab you don't have to run the `crontab' [13:49] # command to install the new version when you edit this file [13:49] # and files in /etc/cron.d. These files also have username fields, [13:49] # that none of the other crontabs do. [13:49] it's system wide [13:49] ok then I'm talking outa my behind! not sure how to help [13:50] and crontab is running [13:50] soren, any ideas? [13:50] but just to xperiment - can you try it in root crontab? [13:51] bn43, yah I was about to do that [13:51] I just wanted to use cron.daily for what it's designed for [13:52] mrwes: Still: It's possible your script doesn't like getting run without a controlling terminal. [13:52] thewrath: u still there? [13:52] this looks right [13:53] 55 9 * * * cd /etc/cron.daily && ./blocklist [13:53]