[00:02] what is the default sudo timer ? [00:09] Hello all, I'm getting -Alert! /dev/mapper/ddf1_RAID on a 8.10 server install, booting of of a fake Intel SATA raid [00:10] I can run a dmraid -ay and exit out of the shell and ubuntu fill finish loading. [00:12] But I still can't figure out why it can't boot normally. Is there some sort of module you need to have loaded inorder to get your array recognized? [00:13] looks like https://bugs.launchpad.net/ubuntu/+source/linux/+bug/314395 is experiencing the same problem. [00:13] Launchpad bug 314395 in linux "Unable to boot Ubuntu 8.10 w/ RAID 1" [Undecided,New] [00:16] running apt-get upgrade to see if any updates takes care of this... [00:16] Hi, how do I disable the root user? lol [00:17] enabled it by mistake. [00:22] mat1211: sudo passwd -l [00:26] New bug: #354188 in mysql-dfsg-5.0 (main) "Add apport hook to gather relevant information" [Wishlist,Triaged] https://launchpad.net/bugs/354188 [00:27] updating the system does not solve the booting problem for bug 314395 [00:27] Launchpad bug 314395 in linux "Unable to boot Ubuntu 8.10 w/ RAID 1" [Undecided,New] https://launchpad.net/bugs/314395 [00:44] could bug 220493 have anything to do with it? I'm running a raid 1 not 4 or 5 [00:44] Launchpad bug 220493 in linux "[Hardy][Regression] dmraid45 target missing in latest kernel" [Medium,Fix committed] https://launchpad.net/bugs/220493 [00:54] Time for dinner bbl. === MenZa_ is now known as MenZa [01:56] New bug: #352841 in openssh (main) "SCP over IPv6 address is very Slow. Takes Hours" [Undecided,New] https://launchpad.net/bugs/352841 [02:39] Do xserver packages have to be installed on the LTSP server in order for the client to login to X? [02:53] I have a .deb file I wrote and its doing something weird in the post install script. Is it possible to turn on debugging during "apt-get install" to output all the pre/post install scripts with debug (bash -x) ? [03:05] oh_noes: dpkg has some debugging switches i believe? === Trae is now known as Guest75751 === Guest75751 is now known as octobrx === octobrx is now known as occy === Zaraphrax is now known as Zaraphrax[laptop === Zaraphrax[laptop is now known as Zaraphrax_Laptop === Zaraphrax_Laptop is now known as Zaraphrax === anewbie is now known as unewbie [08:12] I'm looking at switching over a group of servers on fedora and a handful of VM's in vmware esx. I was wondering how lightweight/minimalistic a basic ubuntu server install was compared to other distros, and how it faired performance wise, specifically when being virtualized, so that I could get the most out of the shared resources. I'd love to do a gentoo stage1 install or something like LFS, which I've done before for personal us [08:13] well, no open ports [08:14] meaning - no services by default [08:16] <_ruben> ubuntu runs like a charm virtualized [08:16] oh, virtualized [08:16] <_ruben> as for minimalistic, look into JeOS .. disk footprint isnt much smaller than standard server install though [08:17] yeah... it even has kernel specialized for running as a guest [08:18] can anyone help with ltsp and thin-clients not booting? [08:18] ouch no 64 bit? [08:18] ltsphelp: well, i don't know exactly how ltsp works, but i'm guessing it relay on common tools; so, what's the problem? [08:19] Maelaian: ? [08:19] Maelaian there is a 64-bit version. [08:19] Of JeOS? [08:19] Maelaian oh, I thought you were talking about ubuntu-server. [08:21] jeos isfor appliances [08:21] i need new keyboard :/ [08:21] Well a base for appliances, but it seems to be ubuntu tuned for what I am looking to do. [08:22] the thinclient fails at authentication. the auth logs say the user cannot be found [08:23] Anyone used Grails? [08:23] ltsphelp: you get that from logs? could you paste on pastebin the exact error [08:23] Having a 64bit VM is kind of silly I suppose why JeOS doesnt seem to offer it, but I have 2 very specific apps that only come in 64 bit versions. [08:24] Maelaian: use ubuntu-server with linux-virtual kernel and strip it down [08:24] Ok, what would stripping it down involve? [08:25] removing wireless-tools :) [08:25] I know ubuntu has the uhh similar to yum tool, would it be done through that utility basically? [08:25] yes [08:26] ubuntu-server is already quite bare system... [08:26] And specifying the kernel would be done post install using the same utility? [08:26] right [08:27] apt-get install linux-virtual [08:27] Apt, thats right. [08:27] Alright, I think I can do some installs and performance testing and comparisons done then and go from there, thanks for the info. [08:28] np [08:28] paste-bin? i'm on another computer... goes sumfin like this [08:28] sshd[5729]: pam_lwidentify(sshd:auth) PAM config: global:krb5_ccache_type 'FILE' [08:28] sshd[5729]: pam_lwidentify(sshd:auth): failed to get GP info [08:29] sshd[5729]: pam_lwidentify(sshd:auth): getting password (0x00000000) [08:29] sshd[5729]: pam_lwidentify(sshd:auth): request failed [08:29] sshd[5729]: pam_lwidentify(sshd:auth): User 'xxx' is not known [08:30] pam_lwidentify is for active directory, iirc [08:30] what do you need it for on ltsp? [08:32] sori. i installed the alternate cd and added edubuntu thinking that the clients will just connect. dunno where the pam things come into it. [08:35] have you tried in #edubuntu? [08:35] thanks. i'll check [08:38] <_ruben> the -virtual kernels is pretty much the same as the -server kernel, but with less kmods available (this applies to 8.10 and newer, with 8.04 the kernels differ a bit) [08:38] <_ruben> i just use -server kernels for my vms .. has paravirtualization and all [08:54] how can i fix packages that have failed at configuration because i manualy removed some files, otherwise the application is working [08:54] can i somehow mark package configured manualy ? [09:05] kwork: sudo dpkg-reconfigure package_name [09:05] p_quarles, tnx [09:07] moin [10:05] hello all. I use ubuntu-vm-builder to generate VM on a Hardy server (64bit). The host disk is running RAID1 and a LVM partion on top of RAID. After generate (log at http://viettug.org/attachments/download/148/kvm.log) i cannot boot into VM (the guest grub doesnot work). Any idea? [10:20] does someone know how to route SMTP traffic through a specific interface with ip rule ? === asac_ is now known as asac [10:53] how can I unde a revoke-full in openvpn ? [10:53] undo* [11:55] i'm following this guide: http://ubuntuforums.org/showthread.php?p=7004774#post7004774 2. Add a proxy entry to the apt system. This is for the gui Synaptics. How do I add a proxy entry on the server? [12:02] dayo2: 2 add a proxy entry to the apt system. 3 is only for synaptic. [12:05] ewook: awesome. thanks! [13:26] Hi all. Over the weekend I intend to upgrade a 7.10 server to 8.04. I realise I'll need to use do-release-upgrade. The server is remote and on a medium speed link. I'd like to have it download packages while I sleep. How do I do that? [13:28] you can run the upgrade in a screen and hope it wont ask too many questions ;) [13:28] Not really the answer I was looking for. [13:28] I'd love it to actually go about downloading all the stuff and actually running it when I'm watching. [13:29] may be an argument of apt-get [13:29] I think there was like --download-only [13:29] let me check [13:29] Does do-release-upgrade have a download only option? [13:29] -d, --download-only [13:29] sudo apt-get upgrade -d [13:30] or do-release-upgrade, didnt know about that one [13:30] does do-release-upgrade really exists? its not in the man [13:30] The recommended process is using do-release-upgrade, it takes care of all kinds of magic behind the scenes, fixing known transition problems etc. [13:31] update-manager-core: /usr/bin/do-release-upgrade [13:31] right [13:31] well I am just upgrading to jaunty with a dist-upgrade so I hope it'll be fine :) [13:32] so your problem is that it's actually undocumented [13:32] jpds > if I were you I'd run a sudo apt-get dist-upgrade -d , and then the day after a do-release-upgrade [13:32] I bet that it'll work [13:33] That's what I was thinking. [13:33] d-r-u doesn't have a download-only option in the source. [13:34] Now that's a canny thought. I wonder if it will work, or just delete all the packages it just downloaded. [13:34] ubuntu has a slight habit of creating tools and forgetting about the man sometimes [13:34] owh > it's worth a try :P [13:35] Hmm, just realised that dist-upgrade will only work if I change the sources.list [13:35] That looks like asking for trouble :( [13:35] It's amazing how conservative you become if your server is not in the same room :-) [13:52] I would really like to use ubuntu on my workstations - but I can't figure out how to setup server with "roamin profile" [13:53] what's that? [13:55] roaming profiles is a windows-expression I think - in practical use - my pupils can log into any workstaion at school and get their own desktop and so on [13:56] each workstation should mount /home from NFS server [13:56] and you could use LDAP for username/password [13:57] ivoks: I've been reading about nfs, but I find it a bit difficult. I'm in need of a howto which explains it step by step. Yes, you're right. Each ws must mount home/%user% [13:59] have you looked for howtos? [14:00] ivoks: yes, I find howtos about nfs and ldap - but I can't figure out what to do. They don't expalin how to mount home from nfs-server. I'm not very technical, but have no problems with following a howto :-) [14:01] mount -t nfs server_ip:/exported/path /home [14:02] ivoks: ok - but where comes the username? [14:02] why do you need username? [14:02] export whole /home [14:03] ivoks: I don't understand. How does nfs know that it is jamesk's home which are supposed to be mounted? [14:03] <_ruben> you dont [14:03] <_ruben> you mount *all* homes [14:03] <_ruben> file permissions take care of the rest [14:04] embrik: jamesk's home is /home/jamesk [14:04] embrik: if you mounted /home, then anything on top of it will be there [14:05] embrik: do you understand concept of home directory on unix? [14:05] _ruben: ok - I see, but when jamesk opens home folder ( a shortcut on his desktop) he ends in his own homefolder? [14:05] embrik: imagine My Documents [14:05] ivoks: I understand the concept .'-) [14:06] er... My Documents is wrong example [14:06] maybe that's why you are confused [14:06] what's the name of the directory were all the data of all users is stored in Windows? [14:06] all users i think [14:07] nope [14:07] top of that is... [14:07] Documents and Settings? [14:07] documents and settings? [14:07] right [14:07] So, Documents and Settings = /home [14:07] if you mount /home, then all user's data is there [14:07] Documents and Settings/Administrator /home/jamesk [14:08] so, if you share Documents and Settings from server and mount it on clients as Documents and Settings [14:08] then all users have their data on all computers - right? [14:08] ivoks: you and ruben may have enlightened me a bit to day :-) What you have told me noe may get me started [14:09] ivoks: i follow you - ubuntu server edition has got both nfs and ldap? [14:09] yes [14:09] ivoks: do u have any good links for nfs and such? [14:09] dayo2: man exports :D [14:10] what do you think about this: https://help.ubuntu.com/community/SettingUpNFSHowTo [14:10] is it possible to set a different text mode for the installer? [14:11] ivoks: embrik: thanks, that's a good start [14:11] embrik: good start; it might get you all the way [14:11] incorrect: ? [14:12] embrik: notice the: /home 192.168.0.0/255.255.255.0(rw,sync,no_subtree_check) [14:12] ivoks, I am pxe installing my servers, I want a larger text console during installation so i can read the output [14:12] ivoks: i've got an exisitng server with ldap and about 200 users. Could i export them and import them into the new server? [14:12] embrik: yes [14:12] embrik: there are two ways [14:13] <_ruben> replication comes to mind [14:13] embrik: one is slapcat/slapadd - you do this when slapd is offline [14:13] <_ruben> (which is something ive been meaning to look into) [14:13] embrik: creating ldif file and importing it - you do this when slapd in online [14:13] incorrect: i belive you can change it [14:14] ivoks: great, I must save this log :-) [14:14] incorrect: default is 80x24, iirc [14:14] <_ruben> incorrect: you can probably just add an appropriate vga= line to the boot cmdline [14:14] incorrect: like vga = 773 [14:15] that's 1024x768x256 :D [14:15] embrik: take you time [14:15] embrik: get familliar with nfs and ldap before doing anything [14:15] <_ruben> assuming framebuffer is available during install [14:16] ivoks: I have a test network :-) I will not get into production before I've had an expert to look into it :-) [14:16] embrik: but once you do it, you'll feel good about your self, cause you'll know a lot more than you thought it's possible :) [14:17] nfs/ldap does some strange things to humans :) [14:17] i belive we have some helper apps in ubuntu [14:18] ivoks: right, well thank you - have to finish dinner - bye [14:18] auth-client-config - pam and NSS profile switcher [14:19] ivoks: are you talking to me? I'm on my way to the kitchen... [14:19] yes [14:20] ivoks: are the gui-apps? [14:20] no, ubuntu server has 0 gui apps [14:20] it doesn't have gui at all [14:20] unless you install desktop [14:21] that doesn't change a thing [14:23] sup all, i have networking question maybe someone can help out... [14:23] hello, i need help with weird problem that i'm experiencing in my network. i have two juniper 4200EX switches (48-poe) i have random disconnect of client from the switch and it's looks like negotiation problems. some times the connection breaks and sometime it re-negotiate at 10mbit, i have disabled stp,rstp protocols just to make sure that if there's a network loop stp won't disconnect clients. any idea? [14:26] app of the year: apache directory studio === kwork is now known as kinnaz|w [15:02] Hi, I have a question. When I try to give a group of users permission to write to a directory, how do I do this? I can't figure out how to get the chown command to work properly lol [15:03] chown username:groupname (or chgrp groupname) [15:04] maxb: or, chmod g+rw /the/path/to/dir/ [15:04] mat1211: or, chmod g+rw /the/path/to/dir/ [15:04] maxb: sorry, wrong person [15:04] Indeed, both are part of the solution. [15:05] g+s may also be advisable [15:06] Sadly Linux provides no way to grant write permissions to a group, and prevent users from writing files writable only by themselves individually in that directory [15:06] ? [15:13] maxb: chmod -R 760 /name_on_directory (owner: all permisions, group write permission, anybody else no permissions [15:15] embrik: You've omitted group traverse permission, which is almost certainly a mistake, and that still doesn't stop users in the group from creating files not writeable by the group. [15:17] Now I understand. A user creates a new codument wchich will be read only for other users in the same group. Yes, thta's annoying. Mus run a cron job every 15 minutes to fix it [15:18] embrik: chmod -R 7... <- won't that make all files exectuable? [15:19] jpds: yes 7= r+w+x [15:19] Exactly. :) Probably not something one wants to do. [15:20] jpds: maybe not, but I always give the owner rwx, don't know why. [15:21] You should almost always have r and x set as a pair on directories [15:24] Something like: find . -type d | xargs chmod 0770 - would be better. [15:25] s/./"/path/to/dir/"/ [15:26] Okay, sorry I got disconnected for a sec. What I want to do is give a group of users write permissions for only one directory, and that dir is /var/www/uploads. I try and do this but when I use the sudo chown command it says operation not permitted. Is there another way? [15:28] what's the name of the group? [15:31] the name of the group is hmm, lets say uploaders [15:35] mat1211: If your user account is not the owner, and your not in the group 'uploaders', then you will not be permitted to make that change. Use sudo. [15:37] I do use sudo. [15:37] sudo chgrp /var/www/uploads [15:37] bah [15:37] sudo chgrp uploaders /var/www/uploads [15:37] sudo chmod g+rwx /var/www/uploads [15:38] looks like IBM really owns Sun [15:39] $7 billion [15:39] ivoks: what site has coverage? [15:39] phone... [15:40] thx [15:41] http://www.nytimes.com/2009/04/03/technology/business-computing/03blue.html?_r=2&ref=technology [15:41] Ah, so it's not 100% final just yet. [15:42] it's not, but this would mean that big blue is back [15:42] with a bang :) [15:42] I'm not exactly sure Sun provides much in the way of 'bang' these days. [15:43] If takes place though I would like to see the PR mess that is becoming MySQL get cleaned up. [15:43] stickystyle: it's not the Sun that will bang, but the whole profile of IBM [15:44] almost full control of UNIX [15:44] When I do the chgrp thing it still says opperation not permitted. would it matter if I was using an external hd? [15:44] mat1211: what filesystem is that? [15:44] mat1211: if you're using a Windows filesystem, absolutely yes. [15:44] mat1211: send a pastebin of $mount [15:44] probably FAT [15:44] I think I may be using a windows fs, its vfat [15:45] mat1211: you'll have to reformat it with EXT3 (or another Linux-specific filesystem). [15:45] arrgghh lol [15:45] but all his pr0... data is there! [15:45] :) [15:46] how do I reformat it with a linux fs? and if I do that will windows recognize it? [15:46] windows is ego-centric [15:46] ? [15:46] mat1211: Why do you need Windows to recognize it? No, Windows won't recognize it. [15:46] it know only about its own filesystems [15:47] I have a windows computer, I am getting a apple comp soon but for now I may need windows comp to work with harddrive. [15:47] is there a driver I can install onto my ubuntu server that will allow me to do these things? [15:48] FAT doesn't support users [15:48] mat1211: if you're using it for web hosting on your Linux machine, you won't be able to use it on your other machines anyway. I think you'd be better off to get a different hard disk for this other use. They are getting cheap enough. [15:48] so, you can't set up users on FAT [15:48] this has nothing to do with OS [15:49] hmm, what is the command to reformat the disk with the right filesystem? [15:49] sudo umount /mnt [15:49] woops [15:50] wrong window lol [15:50] mat1211: mkfs.ext3 (assuming you want to use EXT3, it's a good, commonly used filesystem). but you need to know how the drive is partitioned first. and if you do this, you'll erase everything on it. do some googling before you begin. [15:51] its only one big disk [15:51] so... [15:51] mat1211: there's a ext3 driver for windows [15:51] and i think OSX supports ext3 anyway [15:51] what is Linux calling the drive? it should be sdx. [15:52] ivoks: I'm pretty sure OS X supports it. but I think his solution is NFS, not Windows-compatible file systems. [15:52] nfs? [15:53] Network File System. [15:53] i.e. networking. [15:53] If you need to be able to write to this disk from other systems, enable NFS on the Linux machine, and mount the disk as a remote file system on the client machine. That works on Linux or OS X. [15:54] and if you enable Samba, you can mount it on Windows too. [15:54] oh, right [15:55] I export /var/www as an NFS file mount. and I enable it in Samba. I mount it to my Windows machines as W:. [15:55] that way I can copy web content right to it from any machine on my LAN. === atomic__ is now known as atomic___ === atomic___ is now known as atomic__ [16:06] in my preseed file I have a disk recipe, that is cool but i want a second one for the other hard drive, is this possible? [16:07] what is nfs? :P like networking? [16:07] mat1211, some people say its like magic [16:07] ...... [16:08] some people say if you close your eyes for just long enough and wish really really hard miracles happen [16:09] kirkland: ping. [16:12] kirkland: ecrytfs is freaking me out on me: http://pastebin.com/f144931b7 === Deevzz is now known as Deevz [16:13] PhotoJim: Windows servers can mount NFS also. [16:15] whats better about nfs than say ext3 or whatever the other is? [16:18] mat1211, you don't actually know what nfs ? [16:19] mat1211, or are you actually just trolling? [16:19] no, I actually don't know nfs, I'm quite new at this stuff. [16:20] ok nfs is a protocol that allows you to export your local file system [16:21] your local file system could be, ext2,3,4,jfs,xfs etc [16:21] I, see... [16:22] and could I do this nfs thing without reformatting my harddrive? [16:22] lol [16:22] yes [16:23] are you using ubuntu? [16:23] yes im using ubuntu. [16:23] why do you think you want nfs? [16:23] How do I set my external hd to use nfs? [16:24] So I can get my external harddrive to work with users, or would I still need ext3 for that [16:24] http://ubuntuforums.org/showthread.php?t=249889 [16:25] what file system is your external hard drive? [16:25] fat [16:25] you probably want samba then [16:27] can't say i've ever tried to nfs export fat [16:27] mat1211: The NFS solution was proposed as a way for you to be able to share the data on that FAT drive between the three different OS's you mentioned. So you would need the drive formated with a filesystem that supports users and POSIX permissions, then you would be creating a network share by way of NFS or samba that your windows or mac could mount over the network. [16:28] ah, I see. [16:28] Thanks lol [16:31] how can i seed partman to partition 2 drives [16:36] stickystyle: Windows servers can? didn't know that. how about Windows clients? [16:37] kirkland: hey - I've got some feedback on kvm 84 on hardy [16:37] kirkland: I've been running it for a few weeks now [16:37] kirkland: it's stable for my usage pattern [16:38] mat1211: yeah, NFS has nothing to do with the file system on your disk. what it lets you do is read and write data to and from that disk, without you having to disconnect it from the Ubuntu server. any machine on your network could write or read data to or from that disk. [16:38] kirkland: however I've noticed some performance changes [16:38] mat1211: you wouldn't need to disconnect it to put stuff on it. just put data on it over the network. [16:38] kirkland: especially on the host load [16:38] PhotoJim: Win2k, WinXP (didn't relize it could also) can both use 'services for unix' from MS. 2k3 has it built in. [16:38] stickystyle: I didn't realize that was even an option. good to know. [16:39] kirkland: if I do a dist-upgrade (for example) in a guest the host load goes way up (8 to 10) [16:39] stickystyle: I tend to just stick external EXT3/whatever drives on my server and access them over the network, but it's good to have options. [16:39] kirkland: and the guest can become unresponsive for a couple of seconds [16:39] PhotoJim: Options are what the whole linux game is all about :) [16:39] stickystyle: true indeed! [16:40] kirkland: unfortunately I don't have any metrics to backup this claim - it's just my perception of using guests. [16:40] stickystyle: although there are enough options that some of the options are unnecessary much of the time, so one has to learn about them serendipitously :) [16:40] kirkland: but something has definetly change performance wise [16:40] PhotoJim: also true indeed. [16:40] kirkland: with two or three guests running at the same the load on the host can go up to 20/30 sometimes [16:40] New bug: #354568 in likewise-open5 (universe) "Likewise Open5 does not unregister pam-auth-update profile when removed" [Medium,Triaged] https://launchpad.net/bugs/354568 [16:41] kirkland: If I install packages in all the guests at the same time [16:41] kirkland: what do you think about that? [16:45] ivoks: hi - did you have some time to test the evolution-mapi plugin? [16:47] mathiaz: nope, the exchange environment is broken :( [16:47] ivoks: you mean that you cannot test it or that the plugin is broken? [16:47] other reported that it works, so i belive it is working [16:47] i cannot test [16:47] ivoks: ok - I was thinking about writing a call for testing [16:47] ivoks: to get more coverage on the plugin [16:48] ivoks: on the ubuntuserver blog [16:48] sure... i still don't see it as a server topic, but well... :) [16:48] it's an enterprise topic :D [16:48] ivoks: right - I'd say that ubuntu server users are more likely to have access to an exchange environment [16:51] New bug: #354578 in likewise-open5 (universe) "Joining/leaving the domain leaves a modified SSH config" [Low,Confirmed] https://launchpad.net/bugs/354578 [16:53] Interesting bug [16:55] New bug: #354580 in likewise-open5 (universe) "Joining/leaving the domain leaves backup files everywhere, even after purge" [Low,Confirmed] https://launchpad.net/bugs/354580 [16:57] genii: nothing like etckeeper to reveal naughty packages. [16:58] Hey there has anyone figured out a fix for https://bugs.launchpad.net/ubuntu/+source/linux/+bug/314395 [16:58] Launchpad bug 314395 in linux "Unable to boot Ubuntu 8.10 w/ RAID 1" [Undecided,New] [17:06] New bug: #354585 in mysql-dfsg-5.1 (universe) "package mysql-server-5.1 5.1.31-1ubuntu2 failed to install/upgrade: sub-processo post-installation script retornou estado de sa?da de erro 1" [Undecided,New] https://launchpad.net/bugs/354585 [17:13] jdstrand_: regarding qrt and README.multi-purpose vm - is there a reason to use bind+dhcpd rather than dnsmasq? [17:15] mathiaz: mostly because bind and dhcpd are the ISC reference implementations and in wider use === jdstrand_ is now known as jdstrand [17:15] jdstrand: I'm looking at automating the process of creating a multipurpose vm [17:16] jdstrand: in order to make easier to setup a test environment [17:16] * sbeattie votes for dnsmasq [17:16] jdstrand: and it seems that using dnsmasq as the dns/dhcp server in such an environment is easier [17:16] mathiaz: totally agree with ease of use [17:17] jdstrand: OTOH dnsmasq is in universe, while bind+dhcpd are in main [17:17] JDStone: Did you get my ping on clamav updates? [17:17] Err sorry JDStone. [17:17] jdstrand: ^^^ [17:18] mathiaz: I wonder if you will have all the functionality required when using dnsmasq though. eg dnssec, tsig, dynamic updates, ... [17:18] jdstrand: right - I'm looking at the dnsmasq man page. [17:18] mathiaz: we (I) started that document so that I could test security updates and functionality against a fully loaded vm. that me be a different use case fro what you have [17:18] jdstrand: dynamic updates are automatic since dnsmasq does both dhcp and dns [17:19] ScottK: no I didn't [17:19] [19:40:59] jdstrand: Would you please have a look at Bug #354190 - it's both security fixes and apparmor profile fixes. I think it's ready to go. [17:19] jdstrand: right - IIUC the multipurpose vm is a system that runs in your testing environment and provide standard servicesd === Nicke_ is now known as Nicke [17:19] Launchpad bug 354190 in clamav "Security fixes from clamav 0.95 need backport" [Medium,In progress] https://launchpad.net/bugs/354190 [17:19] jdstrand: it's not supposed to be the system to be tested [17:19] mathiaz: is dnsmasq able to do all the dhcpd goodies? like ntp-server, etc? do you care? [17:19] That was in #ubuntu-hardened last night. [17:20] jdstrand: ntp-server -> handing out the ntp-server option? [17:20] ScottK: ack. thanks [17:20] mathiaz: yes, and others like tftp, etc [17:20] jdstrand: No problem. [17:20] jdstrand: yes. [17:21] jdstrand: everything related to Dynamic updates is not needed for dnsmasq [17:21] jdstrand: it's include OOTB [17:22] mathiaz: and I suppose it'll do all the SRV records that can be used with kerberos (this isn't in that document yet, but planned) [17:22] jdstrand: now IIUC dnssec is not supported by dnsmasq [17:23] mathiaz: honestly, if it greatly speeds development to use dnsmasq, I'm not sure dnssec is enough of a reason not to use it [17:24] jdstrand: SRV and TXT records are supported [17:24] mathiaz: if you do use dnsmasq, can I request that you update README.multipurpose-vm to include it [17:24] ? [17:24] I'd like to have more than your script for documentation ;) [17:24] jdstrand: sure - I'll give it a shot [17:25] mathiaz: cool, thanks [17:26] nxvl: hey, have you been coordinating with ScottK on clamav? specifically bug #354190? [17:27] Launchpad bug 354190 in clamav "Security fixes from clamav 0.95 need backport" [Medium,In progress] https://launchpad.net/bugs/354190 [17:27] hi, i need help with sshd key [17:27] jdstrand: We've been talking about clamav stuff, but I don't recall if we discussed that one. [17:27] nxvl, ScottK: I'll get intrepid going-- just thinking about hardy and earlier [17:27] jdstrand: In the bug I make recommendations about how to deal with the earlier releases. [17:28] nxvl is working on libclamav rdepends for Jaunty right now. [17:28] * jdstrand nods [17:28] yup [17:28] once we are finish with jaunty i was going to start with the SR stuff [17:28] I just didn't see nxvl referenced in the bug, so wanted to know what was happening there [17:28] cool. thanks nxvl! [17:29] and ScottK! :) [17:29] He's in the ubuntu-clamav team so he gets all the bugmail. [17:29] ok cool [17:29] Actually, maybe he doesn't [17:29] actually i don't [17:29] I think that just goes to me now that I consider it. [17:29] the team is not subscribed [17:30] * ScottK needs to look into that. [17:31] should i change the ssh listen port from 22 to 2222? [17:31] or can i change it to any other port ? [17:32] you can change to any port you want [17:32] moving away from port 22 reduces the risk from brute force attacks, but increases inconvenience [17:34] will the hacker be able to tell which port sshd is listening on ? [17:38] oruwork: Yes, anyone can tell what port ssh is open on by scanning all available ports on you box, looking for the one that sshd answers on. However most bots that are scanning these days go for the low hanging fruit and just focus on seeing if ssh is open on port 22 (and port 2222 more recently) [17:38] is there a way to jail users in their home directoires ? [17:39] oruwork: for ftp/sftp usage or shell? [17:39] for shell [17:39] and for any [17:39] but shell primarly [17:40] Sure you probably *could* do that, it would be a major pain to administer though. lets step back and ask *why* you want to do this. [17:42] my system had been compromised [17:42] one of the users had a really weak password [17:42] ubuntu forums has a relatively straightfoward guide on how to do it if you want to jail users into a shared jail [17:42] if you want each user in their own jail, it's basically the same as described in the forums, but creating a new jail for each user [17:43]