/srv/irclogs.ubuntu.com/2009/07/01/#ubuntu-server.txt

uvirtbot`New bug: #394043 in nagios3 (main) "Sync nagios3 3.0.6-5 (main) from Debian unstable (main)." [Wishlist,Confirmed] https://launchpad.net/bugs/39404300:01
MianoSMhttp://www.iana.org/assignments/port-numbers00:04
incorrectcan anyone suggest a good command line tool to view network throughput?00:11
ghostlinesiftop dude00:26
ghostlinesthat's a nice app, I think it's what you want00:27
jmedinaghostlines: iftop wont graph network throughtput unless you generate trafic00:35
jmedinaincorrect: for network throughput you can use iperf00:36
jmedinaor simply rsync, or scp00:36
jmedinaI really like vnstat :)00:36
cmwslwi know this might sound ridiculous, but is there any way to restart my server from a webpage?00:54
smultroncmwslw: i've never used one, but you might want to look at web-based server managers like: http://www.webmin.com/01:00
MianoSMI love webmin01:04
foxbuntuMianoSM, tried ebox?01:08
foxbuntucmwslw, you might want to check out ebox as well01:09
cmwslwi already have that installed, but it is a security risk if it is enabled for the whole internet to access01:11
ewookfirewall it?01:12
cmwslwi do have a login protected admin page though which i would like a simple restart button01:12
cmwslwi might need to reboot while on vacation - that's why i need a reboot button01:14
smultrondon't want to ssh in and reboot?01:14
cmwslwi can't really firewall webmin because i don't know what the ip address is01:14
cmwslwcan i use an ipod touch to ssh - mine's jailbroken and ssh installed01:15
cmwslwidk if it is the ssh client or just server01:15
MianoSMfoxbuntu: I did, it wasn't my cup of tea (to be honest I have liked using webmin for too long)01:15
smultroncmwslw: you should be able to use that. just do a test before leaving01:16
cmwslwwait, my ssh is enabled for lan only, like webmin01:17
cmwslwi always thought that enabling services like these for the internet were huge security hazards - is it not the case?01:18
foxbuntucmwslw, while they can be, you just need to take proper precautions to secure them01:19
foxbuntucmwslw, I have a few servers with ssh out to the web, but I use RSA key authentication not passwords01:24
cmwslwi just tried sshing into my server via my ipod touch, and everything worked01:25
cmwslwi'm going to see if i can get rsa keys to work on it01:25
JorgeJorgessonI have a mysql server running on one machine, but cannot access from another even with the same username/pswd (root)01:25
jmedinaJorgeJorgesson: JorgeJorgesson probably because mysqld only listen on the loopback interface01:26
jmedinacheck /etc/mysql/my.cnf for the bind-address option01:26
JorgeJorgessonAh, if I change that, then I cannot access it on the same local machine, correct?01:27
JorgeJorgessonNow I see my problem.01:29
JorgeJorgessonI cannot use the mysql database server from a local machine and a remote machine at the same time, correct?01:29
jmedinajust comment the line and restart mysql01:30
jmedinacheck01:30
jmedinanetstat -pltn | grep mysqld01:30
jmedinathat will show you the socket mysql is listening01:31
JorgeJorgessonjmedina: comment what line?  how do I get mysqld to listen on both remote and local?01:31
jmedinabind-interfaces01:31
jmedinabind-address01:32
JorgeJorgessonDo I bind both?01:32
jmedinaor something, im telling you from memmory01:32
JorgeJorgessonOk, nevermind.  Thanks for the tip though!01:32
jmedinayou can just comment the line, and mysql will listen on every network interfaces01:32
JorgeJorgessonI tried that.01:33
JorgeJorgessonLocal access works, remote does not01:33
MianoSMYou forwarded the port, and tried connecting to the local and external IP?01:35
=== obstriege is now known as obst
JorgeJorgessonMianoSM: even internal (LAN) connection need to connect via WAN?01:36
jmedinaJorgeJorgesson: did you create a mysql account allowd to connect from remote hosts?01:37
jmedinathe defualt root account only allows to connect from localhost root@localhost01:37
JorgeJorgessonI don't understand....I've had all this working before01:38
jmedinaJorgeJorgesson: show the evidence....01:39
jmedinashow your logs01:39
jmedinashow your config files01:39
jmedinashow output from netstat -pltn | grep mysql01:39
JorgeJorgessonok, something is wrong here01:43
JorgeJorgessonI think two servers are running01:43
jmedinashow the evidence01:43
jmedinause pastebin01:43
JorgeJorgessonMy remote account shows no databases, my local shows all01:44
JorgeJorgessonI had this all working just the other day....no proof required.  I was using it.01:44
JorgeJorgessonI don't understand what went wrong here01:44
jmedinawell, if you dont show us the output, all we can do is guess01:45
JorgeJorgessonWhat do you want to see?  Do you too want ssh?01:46
jmedinaJorgeJorgesson: your config file01:46
jmedinaoutput from netstat01:46
jmedina:)01:46
JorgeJorgessonconfig what01:46
jmedinathe one we were just taking about01:46
jmedinamy.cnf01:46
JorgeJorgessonhttp://pastebin.ca/148021001:48
jmedinanow from netstat -pltn | grep mysql01:49
JorgeJorgessontcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      3912/mysqld01:50
jmedinaok01:50
jmedinaand what about the account?01:50
JorgeJorgessonThis stuff is going to give me a heart attack soon or later01:50
jmedinacan you connect to mysql with root?01:50
jmedina:)01:50
JorgeJorgessonlocal yes, remote no01:50
jmedinaok01:51
jmedinause mysql;01:51
JorgeJorgessonyes01:51
jmedinaselect host,user,password from user;01:51
JorgeJorgessonyes01:51
JorgeJorgessonI get a connection with no databases remotely01:51
JorgeJorgessonlocal I see all my databases01:51
jmedinashow the output01:52
JorgeJorgessonWhat log can I show you that it worked just a couple of days ago01:52
JorgeJorgessonI was using the remote to study for my exam01:52
JorgeJorgessonOutput:01:53
JorgeJorgessonDatabase information_schema01:53
JorgeJorgesson1 row in 0.00 sec01:54
jmedinamm01:54
JorgeJorgessonYeah, same problem as before01:54
JorgeJorgessonIt all worked just two days ago01:55
JorgeJorgessonremote, local01:55
JorgeJorgessonall good01:55
JorgeJorgessonThe mysql guys called me a moron (more or less) the ubuntu-us-fl guys got me running local....great job!01:56
jmedinaJorgeJorgesson: use pastebin01:56
jmedinaI coulnt see your output01:56
jmedina:)01:56
JorgeJorgessonpastevin.ca/148021401:57
JorgeJorgessonpastebin.ca/148021401:57
jmedinaJorgeJorgesson: spanish?01:58
jmedinammm01:58
JorgeJorgessonyeah, pretty much!!!01:58
jmedinatocayo01:58
jmedinalets try in english :)01:58
JorgeJorgessonciau baby01:58
JorgeJorgessonok, did you get it?01:58
jmedinayeap01:59
jmedinaok but...01:59
jmedinaI never ask for the output from show databases;01:59
JorgeJorgessonOh crap....01:59
JorgeJorgessonOk, reset01:59
JorgeJorgessonWhat did you want again?01:59
jmedinause mysql;01:59
JorgeJorgessonyes01:59
JorgeJorgessonOn the remote?01:59
jmedinaselect host,user,password from user;01:59
jmedinanot01:59
jmedinafrom local01:59
jmedinaroot at local02:00
JorgeJorgessonmysql02:00
JorgeJorgessonnot sure what you want02:00
JorgeJorgessonuse mysql;02:00
JorgeJorgesson?02:00
jmedinaI want to get a mysql user list02:00
jmedinaI want the optput from selec..02:00
JorgeJorgessonok, exact  commands02:01
jmedinascroll up02:01
JorgeJorgessonI did02:02
JorgeJorgessonNo database selected02:02
jmedinawhat?02:02
jmedinadid you type: use mysql;?02:03
JorgeJorgessonI guess I'm just not smart enough to get this stuff.02:03
JorgeJorgessonyess02:03
jmedina¬¬02:03
jmedinaagain02:03
jmedinause mysql;02:03
jmedinayou should get something like: database changed...02:03
jmedinathen type the select command..02:03
jmedinaand show me the output02:03
jmedinaso are you takina mysql exam?02:03
jmedinataking02:03
JorgeJorgessonyes and I've run a website for a year02:04
JorgeJorgessonthis is making no sense to me02:04
JorgeJorgessonERROR 1046 (3D000): No database selected02:04
jmedinammm02:04
jmedinahow did you connecto to mysql?02:04
jmedinafrom remote or local?02:04
JorgeJorgessonI can write select queries galore02:05
JorgeJorgessonI am local02:05
jmedinaok02:05
jmedinashow databases;02:05
jmedinayou should get a list of databases;02:05
JorgeJorgessonI told you before, no problem02:05
JorgeJorgessonRemote is the problem02:06
jmedinaok, but we need to type some commands from local to debug this02:06
JorgeJorgessonok02:06
JorgeJorgessonI understand what you want to do02:06
JorgeJorgessonshow users, show permissions02:06
JorgeJorgessonright?02:06
jmedinayeap02:07
JorgeJorgessonOk, I'm not that far yet in my studies!02:07
JorgeJorgessonI'm at select, create and such...up to chpt. 1002:07
jmedinaok again02:08
jmedinashow the output from show databases;02:08
JorgeJorgessonfrom where?02:08
jmedinafrom local!!!!!02:08
jmedinaI want to know if you have a root account with remote access02:09
JorgeJorgessonI told you ......all my databases.....http://pastebin.ca/148022202:10
JorgeJorgessonSorry, I'm being a smartass again....you are helping.02:10
JorgeJorgessonJust frustration02:10
jmedinaok02:11
jmedinanow02:12
jmedinause mysql;02:12
jmedinaand02:12
JorgeJorgessonwharer02:12
JorgeJorgessonwhere02:12
jmedinaLOCAL!!!!!!!!!!!!!!!02:12
JorgeJorgessonok02:12
JorgeJorgessonok02:13
jmedinaand then type02:13
jmedinaselect host,user,password from user;02:13
jmedinaand show me tht output02:13
jmedinathat will give you a mysql users list and the host they are allowed to coonnect from02:13
JorgeJorgessonERROR 1046 (3D000): No database selected02:13
jmedinadamn02:13
JorgeJorgessonthat would be in information_schema02:14
jmedinaplease show me the full output from use mysql to that error02:14
JorgeJorgessonI did02:14
jmedinaagain02:15
jmedinaI want to see everything02:15
jmedinanot only that line02:15
JorgeJorgessonThat is it.02:15
mattt*use mysql;*02:15
JorgeJorgessonOne line02:15
mattt:)02:15
JorgeJorgessonI did02:15
JorgeJorgessonI can make stuff up if you want :)02:15
jmedinaJorgeJorgesson: just paste full output02:15
JorgeJorgessonI did....not sure what you want here02:16
JorgeJorgessonThat is the exact output02:16
jmedinause your mouse, click in the line that starts with mysql> use mysql, and drag it down until the line with ERROR02:16
jmedina:)02:16
JorgeJorgessonexit02:16
JorgeJorgessonsorry02:16
jmedina:D02:16
cmwslwdoes anybody know how to enable ssh access over the internet, but only w/ rsa keys?02:17
JorgeJorgessonmysql> select host,user,password from user;02:17
JorgeJorgessonERROR 1046 (3D000): No database selected02:17
cmwslwi got rsa keys to work on my ipod02:17
jmedinaI want to see full output for every command you type and for every message mysql02:17
JorgeJorgessoncan we do this all together?02:18
matttJorgeJorgesson: you haven't switched to the mysql DB :(02:18
JorgeJorgessonah, use mysql02:18
matttyep, 'use <DB>;', where <DB> in this instance is mysql02:18
jmedinacmwslw: edit /etc/ssh/sshd_config and add PasswordAuthentication no02:19
JorgeJorgessonmattt, i understand02:19
matttJorgeJorgesson: otherwise, you can do: 'select host,user,password from mysql.user;'02:19
cmwslwjmedina: thanks a ton!02:19
JorgeJorgessonhttp://pastebin.ca/148022802:20
jmedinacmwslw: I think that option was in the config file with yes02:21
JorgeJorgessonmattt, understood now02:21
jmedinaprobably ubuntu guys remoted it02:21
jmedinaJorgeJorgesson: now02:24
jmedinaselect host,db,user from db where user='root';02:24
jmedinamatt thanks for remind me about db.table02:25
JorgeJorgessonempty02:25
JorgeJorgessonso how do I logon as local root02:27
jmedinaso, your root@% dont have accees to any database02:28
jmedinayou mean remote02:28
JorgeJorgessonso how do I logon as local root02:28
jmedinaas local?02:28
jmedinayou are doing this as local.02:28
JorgeJorgessonI still don't understand....this worked just days ago02:28
jmedinaJorgeJorgesson: well something changed, and someone did it02:29
JorgeJorgessonBut I am right here02:29
JorgeJorgessonI own these machines02:30
JorgeJorgessonI had it all working02:30
JorgeJorgessonI cannot now access my "server" from my "local" machines02:30
JorgeJorgessonMachines in the same network02:30
jmedinagrant all privileges on *.*  to 'root'@'%';02:31
jmedinaand then02:31
jmedinaflush privileges;02:31
jmedinaand there you go :)02:31
JorgeJorgessonI just don't get what happened.02:33
JorgeJorgessonMy website is running just fine.......and has been for a year02:33
ajmitchand your website is on which computer?02:34
cmwslwyes! i can now ssh with an rsa key from my iphone02:34
cmwslwthis is awesome02:35
jmedinacmwslw: good,  you should write a howto :)02:36
cmwslwi was planning on doing that02:36
jmedinaIm going to by a hiphone :)02:36
cmwslwon my blog02:36
jmedina200 dollars :)02:36
cmwslwit was actually not very different from a normal computer02:37
cmwslwi hope jorge gets back on02:37
cmwslwi just realized i had the same problem as him and fixed it02:37
jmedinaI have some servesr configured to allow password auth for normal users and only allow root using rsa02:38
JorgeJorgessonjmedina: all is well now, thanks again02:38
cmwslwjorge: did you try rebooting?02:39
JorgeJorgessonyup02:39
cmwslwthat fixed the problem for me02:39
JorgeJorgessonWorks great02:39
jmedinaJorgeJorgesson: you are welcome02:39
cmwslwhaha02:39
jmedinareboot?02:39
jmedinawhat?02:39
cmwslwi had the same problem02:39
jmedinathis is not windows02:39
jmedina:)02:39
ajmitchjmedina: he had problems with mysqld apparantly not running after a reboot earlier02:39
cmwslwserver was down for a week until i rebooted02:39
cmwslwcould have fixed it sooner but i was on vacation02:40
cmwslwnow i can use my IPHONE! woot02:40
Island_SwimmerHi, All. I should be the happy owner of three new baby servers, but something has gone a miss03:12
matttIsland_Swimmer: ?03:12
Island_SwimmerWell, when I go to create a new Mediawiki page, I get:03:14
Island_SwimmerError Text:03:14
Island_SwimmerFatal error: Allowed memory size of 20971520 bytes exhausted (tried to allocate 7680 bytes) in /var/www/technology/wiki/includes/AutoLoader.php on line 58203:14
cmwslwidk why mediawiki would use that much03:15
Island_SwimmerWhat could be wrong? Any help is appreciated. Please03:15
ajmitchcmwslw: 20MB isn't much03:15
cmwslwi thought 20mb was the default?03:15
ajmitchIsland_Swimmer: change the memory limit in the php.ini file03:15
ajmitchcmwslw: it's still not a lot of memory :)03:15
Island_SwimmerI tried, but since I can't get VIM-full installed, I can't edit the files03:15
cmwslwnano?03:16
Island_SwimmerI am not comfortable with Nano, since it broke my php in the first place03:16
matttIsland_Swimmer: sed -i ?  :)03:16
cmwslwwell if that's the case, i would reinstall php then03:16
Island_SwimmerI did. That is why my limit is back to 16 MB03:17
cmwslwi don't see how nano could be more complicated than vim03:17
matttIsland_Swimmer: ok, so then you know what the problem is ... but the problem is that you can't use nano?03:17
jmedinaand why not vi?03:18
Island_SwimmerI'm blind. Learning a new Text Editor on a production system is not really an option in the time crunch. Unfortunately that is the case03:18
matttok, that certainly complicates things a bit :/03:18
Island_SwimmerI wasn't sure if that was the problem, but rather I suspected it. I also needed to confirm this03:18
jmedinaIsland_Swimmer: copy the file to your local machine, edit it, and upload it again :)03:19
ajmitchsed -i it is then03:19
jmedina:)03:19
jmedinaor ed03:19
jmedina:)03:19
Island_SwimmerI didn't think of that03:19
ajmitchjmedina: that's cruel03:19
Island_SwimmerI'll be back. What is the file exactly I'm editing again03:19
jmedinaajmitch: well if he is unable to use vi then will be hard to use sed03:20
Island_Swimmer?03:20
Island_SwimmerPlease03:20
ajmitchthe file in /etc/php5/apache2/php.ini03:20
ajmitchjmedina: you don't need to navigate around anything with sed, it's a single command to run03:20
jmedinaajmitch: I know03:21
jmedinahe just can't learn sed right now, so I just give a solution, I would use sed03:21
* jmedina loves sed03:22
jmedina:)03:22
ajmitchphp5's debian/rules uses sed to change the memory limit03:22
jmedinaajmitch: share the line03:24
ajmitch        cat php.ini-dist | tr "\t" " " | sed -e'/memory_limit =/ s/128M/32M/g' > debian/php5-common/usr/share/php5/php.ini-dist.cli03:24
ajmitchis what's in debian/rules, of course it'd need to be changed for the installed file03:25
Island_SwimmerOk. I upped the limit and still get the same error after Apache2 Force-reload03:28
Island_SwimmerI upped it to 32M03:28
Island_SwimmerI appreciate all solutions, no matter how big or how small03:29
jmedinaIsland_Swimmer: restart apache03:30
jmedinanot just reload03:30
* ajmitch would suggest it being much higher than 32M, depending on how much RAM your servers have03:31
Island_SwimmerI got a slightly different error03:31
Island_SwimmerError text:03:31
Island_SwimmerFatal error: Allowed memory size of 20971520 bytes exhausted (tried to allocate 8192 bytes) in /var/www/technology/wiki/includes/SpecialPage.php on line 103:31
ajmitchcertain PHP apps gobble up the memory03:31
Island_SwimmerYeah, but Mediawiki is recomended at 32M03:32
Island_Swimmer32M03:32
ajmitchas a bare minimum?03:32
Island_SwimmerHmm. I'll be back03:32
ajmitchlooking at the mediawiki site, you should also increase the memory limit in LocalSettings.php03:33
ajmitchhttp://www.mediawiki.org/wiki/Manual:Errors_and_Symptoms#Fatal_error:_Allowed_memory_size_of_nnnnnnn_bytes_exhausted_.28tried_to_allocate_nnnnnnnn_bytes.2903:34
Island_SwimmerThanks04:09
Island_SwimmerThat fixed it04:09
Island_SwimmerIt was in Localsettings.php04:12
Island_Swimmer!Webadmin04:12
ubottuSorry, I don't know anything about Webadmin04:12
Island_Swimmer!Webmin04:12
ubottuwebmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.04:12
Island_Swimmer!ebox04:13
ubottuebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox04:13
Island_SwimmerWhy is VIM-full not in my repository?04:15
Island_SwimmerPlease04:15
Island_Swimmer!Packages04:16
ubottuYou can browse and search for Ubuntu packages using !Synaptic, !Adept, "apt-cache search <keywords or regex>", or online at http://packages.ubuntu.com - Ubuntu has about 20000 packages available, so please *search* for an official package before installing things in awkward ways!04:16
Island_Swimmer!Repositories04:16
ubottuThe packages in Ubuntu are divided into several sections. More information at https://help.ubuntu.com/community/Repositories and http://www.ubuntu.com/ubuntu/components - See https://wiki.ubuntu.com/RecommendedSources for the recommended way to set up your repositories04:16
ScottKIsland_Swimmer: vim is (I suspect) vim-full.04:18
Island_SwimmerI know that, but unfortunately it is not in my repository. Neither is Ebox04:37
Island_SwimmerIt is odd. It is a minimal install of Ubuntu 8.04 Hardy04:38
=== smultron_ is now known as smultron
neggeI'm wondering if PHP 5.3 will make it into Hardy? If so I need to start doing some testing...07:46
neggedoes anyone know?07:47
aroonihow do i fix this:  for apache?  Directory index forbidden by Options directive: /mnt/app/current/public/07:53
neggearooni: somewhere in /etc/apache2/sites-available/<yoursite> there's a line that forbids directory listing. Normally that's exactly what you want to do08:05
aroonithats what i want right08:05
aroonito forbid direcotry indexing08:05
neggearooni: check the Apache documentation or just Google it, I don't remember exactly what you're supposed to write. But the file you should put ut in is the one I mentioned, that's for sure08:15
aroonigot it working08:15
neggegood08:15
acalvohi08:25
acalvoI need some advise: I want to migrate my old mail server and I was thinking that maybe is time for a change. We're using POSTFIX and COURIER as MTA/MDA with LDAP as backend. I've been researching a little bit, and maybe DOVECOT or QMAIL could do the job better and easier. What do you think? Thanks!08:27
matttacalvo: do the job better how?08:29
matttacalvo: are you having problems w/ postfix/courier?08:30
acalvomattt, no, but it was a pain to set it up and it lacks some administration tools08:30
matttacalvo: i don't even see a qmail package on hardy :/08:31
acalvomattt, damn, my test machine is Jaunty...08:33
matttdon't see one for jaunty either :)08:33
matttiirc, there is some packing issues w/ qmail which is why ubuntu/red hat, etc. don't distribute it08:34
ajmitchsome historic licensing issues at least08:34
acalvooh, ok08:34
acalvobut, what do you think about DOVECOT?08:34
ajmitchdovecot & postfix are the recommended tools for ubuntu08:35
acalvowell, I think I'll give it a try08:35
acalvohope the LDAP integration works fine08:35
acalvohave you tried with such a configuration (LDAP, quotas, ...)?08:36
ajmitchI haven't tried it, but I believe there's some good documentation on dovecot & ubuntu08:36
acalvooh, well08:36
* ajmitch uses exim4 & dovecot08:36
acalvouhmmm08:36
acalvoexim!08:36
acalvoanother one I've heard about08:36
mattti like postfix ... the standard install works nicely w/out much (if any) hacking08:40
matttbut it's really configurable if you want to do wacky stuff08:40
acalvoI agree08:40
acalvobut it seems that exim is more powerful and customizable08:40
mattti thought exim's selling point was simplicity08:41
acalvoyes, but it achieves that by having several plugins08:43
steady2023hey can you guys help08:52
steady2023how do u apt-get install including config files if I deleted the directory08:53
twb!u08:53
ubottuU is the 21st letter of the modern latin alphabet. Neither 'U' or 'Ur' are words in the English language. Nor are 'R', 'Y', 'l8', 'Ne1' or 'Bcuz'. Mangled English is hard for non-native English speakers. Please see http://geekosophical.net/random/abbreviations/ for more information.08:53
twbsteady2023: try aptitude reinstall.  You may have to purge and install the package in question, because deleting a config file is treated as a deliberate action by dpkg -- that is, it will REMEMBER that you wanted to delete it.08:54
steady2023ok cool that fixed it08:56
steady2023u got a good easy guide to getting proftpd to work08:56
steady2023I followed 3 of them but they are all from a few years ago and have conflicts08:56
twbproftpd is full of security holes, IIRC.09:01
twbWhy don't you use vsftpd?09:01
steady2023I just need to get an ftp working to install joomla09:02
steady2023I mean I guess it tells me it needs ftp access09:02
sandstromHow can I reset (settings and everything) ufw?09:08
uvirtbot`New bug: #394164 in cyrus-sasl2 (main) "uninstallable: incorrect dependencies after security update" [Undecided,New] https://launchpad.net/bugs/39416409:20
twbsandstrom_: ufw disable?09:34
sandstrom_I  was thinking of everything (files etc). But I think I managed. thanks anyway09:35
twbsandstrom_: aptitude purge ufw? ;-)09:40
neggesandstrom_: easiest way is to delete everything from /var/lib/ufw/user.rules (or user6.rules if you're using ipv6)09:53
neggeno need to reinstall or anything09:53
sandstrom_thanks09:53
=== mdz_ is now known as mdz
twbnegge: ah, well, he should have been clearer about what he meant by "reset" :-)10:01
acalvodoes anyones uses squid with some add-on to block undesired services (such as msn, p2p, ...) and web pages?10:03
twbacalvo: you mean at the firewall level?10:05
acalvowell10:05
acalvono, we have a firewall10:05
twbObviously you can avoid p2p on your own hosts by simply not installing p2p software.10:05
acalvohardware firewall10:05
acalvobut does not support web or service filtering10:05
acalvowell, try to tell to the students what they should not do...10:06
twbSounds like you have an appliance device running a closed version of Linux, such that you cannot get to its software firewall and tell it to block p2p packets.10:12
twbNormally in such a situation I'd install OpenWRT or Ubuntu Server on the router in question, and teach it to block p2p packets with the l7 stuff.10:13
twbOr if you have total control over the desktops (i.e. they all run your custom GOE and you don't allow users to use their own laptops or install things), you can just ensure that no p2p apps are installed on the desktops.10:14
acalvowell, thanks10:15
acalvobut I was thinking in using a transparent proxy which had some utility to block/filter services10:15
acalvoI've heard about squid-guard10:16
acalvobut I never get it to work10:16
acalvo(yet!)10:16
twbsquid-guard won't do shit against bittorrent10:17
twbBecause bittorrent does not use HTTP.10:17
nlindbladHi10:25
nlindbladHow come an e-mail with score -1.80 gets marked as spam when the treshold is 5.20?10:25
nlindblad(Sendmail with milter-spamc)10:25
twbAny reason you're using sendmail instead of, say, postfix?10:26
eolo999hi, where can i find good documentation on how to convert Xen guests to run with KVM?10:28
twbeolo999: have you tried the ubuntu server admin guide?10:40
eolo999twb: apparently there's nothing there regarding migration from xen to kvm; or i'm wrong?10:44
twbeolo999: I don't know.10:44
twbInasmuch as kvm is qemu, there is qemu-convert.  That assumes you already have some form of disk image, though...10:44
eolo999twb: that just take care of disk images not of xml creation, kernel adjustments(as xen guests use the host kernel) and who knows more...10:46
twbkvm needs XML?10:47
a_okmy mail log stays empty after rotate. i do reload (now even restart) sysklogd in the last logrotate entry10:50
a_okpostfix is the mailer btw10:51
eolo999twb: if you want to use it with libvirt...10:53
twba_ok: is your postfix logging via syslog?10:56
a_oktwb: yeah10:56
twba_ok: postfix and/or syslog should install the appropriate logrotate entries already -- did you mess with them?10:56
a_oktwb: this is a setup from way back so they are messed with before i came to work here. I rearanged things so i have a full mail log in /var/log/adm/mail and the important stuff in /var/log/mail.log however the later does not work10:57
acalvotwb, nice point there... I should install some firewall rules there10:58
a_oktwb: could you show me your entry perhaps?10:58
twba_ok: I don't have an Ubuntu system handy.11:00
twba_ok: try "aptitude download <package>", then use "dpkg -X <package>*deb `mktemp -d`" to extract it into a temporary directory to inspect it11:01
a_oktwb: anyway I am allowed to mess with them I do not understand why it does not do what it supposed to do11:01
a_oktwb: a manual sysklogd reload solves the problem11:03
uvirtbot`New bug: #394211 in nagios3 (main) "Reporting CGIs incorrectly calculate start or end time for periods spanning changes to daylight time" [Undecided,New] https://launchpad.net/bugs/39421111:56
ssc__hi all13:05
ssc__is there a way to make bind9 accept an update without a key ? like an 'insecure mode' ?13:06
jo___Hi13:54
heath|workhello13:54
jo___what is the default boot manager installed in Jaunty server?13:55
jo___I do not have a /boot/grup dir, and no /etc/lilo.conf either13:56
heath|workshould be grub13:57
heath|work/boot/grub13:58
jo___hm. While an dist-upgrade I get the error message:13:58
jo___Searching for GRUB installation directory ...13:58
jo___No GRUB directory found. To create a template run 'mkdir /boot/grub' first. To install grub, install it manually or try the 'grub-install' command. ### Warning, grub-install is used to change your MBR. ###13:58
jo___ls /boot/grub13:59
jo___ls: cannot access /boot/grub: No such file or directory13:59
jo___ lilo13:59
jo___Fatal: Cannot open: /etc/lilo.conf13:59
heath|worklilo is not installed by default, looks like you will have to rebuild grub, are you in recovery?13:59
jo___no - hope not14:00
jo___how to test that?14:00
matttjo___: is it a virtual machine by any chance?14:02
jo___no, its a real one (I hope)14:02
heath|worklol... i hope14:04
matttjo___: yeah, not sure .. i'd expect grub to be installed, but it could be a xen virtual machine or something similar which doesn't need a boot loader14:05
heath|workany know the name of the third party mysql table type that replaces InnoDB tables?14:31
Sam-I-Ammyisam?14:32
Sam-I-Amheap?14:33
Sam-I-Amgoogle probably knows :)14:33
Sam-I-Amthink it does bdb too...14:33
heath|workFOUND IT!! XtraDB14:33
VK7HSEbeat me to it I was just about to paste "MyISAM" but I really don't know if that's the right answer!14:34
=== maxb__ is now known as maxb
Sam-I-Amheh14:38
Sam-I-Amso many choices...14:38
heath|workshould hostname and hostname -f show the same?14:45
heath|workthe fqdn?14:45
sandstrom_I get an error when starting the firewall. How can I see what the message means? (ERROR: problem running init script)14:48
didrocksjdstrand: FYI, I sent the contributor agreement for "quickly". If you want to merge my branch for ufw as we discussed at UDS, the process seems easy (just ask jcastro)14:48
sandstrom_the firewall == UFW14:49
jdstranddidrocks: thanks. yeah, I will need a contributor agreement for ufw14:49
bitprophetheath|work: afaik, hostname prints the value of /etc/hostname, whereas hostname -f prints the FQDN as defined in /etc/hosts (for 127.0.1.1, first mapping)14:49
didrocksjdstrand: it seems that you have to be listed there: http://www.canonical.com/contributors14:49
heath|workright, but should I echo full.host.name >> /etc/hostname && /etc/init.d/hostname.sh start?14:49
=== SteveMBP is now known as Steve[mbp]
jdstranddidrocks: it is:14:50
jdstrandUncomplicated Firewall (ufw)14:50
jdstrand(about a third of the way down)14:50
didrocksjdstrand: oh yes. I was just looking for ufw ;) I can send it to you now, if you wish14:51
heath|workbitprophet, the reason I ask is because I tutorial I was reading through said they should match, but I have never done that14:51
jdstranddidrocks: that would be great. thanks for your patience :)14:51
didrocksjdstrand: no problem :) It's sent14:53
* jdstrand nods14:55
heath|workman I love this stuff15:20
sandstrom_I get an error when running ufw enable (ERROR: problem running init script). How can I see what the message means?15:24
jdstrandsandstrom: if this is hardy, use '/etc/init.d/ufw 'stop|start'. if that isn't helpful enough, use 'sh -x /etc/init.d/ufw start|stop'15:40
jmedinagood morning15:41
sandstromjdstrand: thanks!15:48
oioiii_hi, I buld a kernel module against an installed kernel (not running) using 'make install BUILD_KERNEL=<kernel version>', works as expected, but after reboot module gets not loaded although being listed in /etc/modules, anyone?16:02
oioiii_ah, forgot: ubuntu 8.04 LTS server, module is Intel nic driver igb16:03
oioiii_the module is installed in /lib/modules/<kernel version>/kernel/drivers/net but not in /lib/modules/<kernel version>/ubuntu/net16:04
oioiii_anyone?16:04
=== cjwatson_ is now known as cjwatson
jmedinaoioiii_: can you load it by hand?16:06
jmedinais there any other driver load instead?16:06
Sam-I-Amjmedina: did you take a look at any of my PPA packages?16:08
oioiii_nope, after reboot with new kernel it gives me 'Could not load /lib/modules/<kernel version>/ubuntu/net/igb/igb.ko' although igb.ko is present in /lib/modules/<kernel version>/kernel/drivers/net/igb/ . Doing a rebuild with running kernel and modprobe igb works fine16:08
oioiii_But hitting the KVM each time is painful16:08
jmedinaSam-I-Am: not yet, I've been out of office all this days16:08
Sam-I-Amjmedina: mmmkay16:09
Sam-I-Amjmedina: almost done populating it with a whole suite of useful backports to hardy16:09
oioiii_jmedina: no other igb module presemt16:09
jmedinaoioiii_: did you run depmod?16:09
oioiii_no, I thoutght depmod was for running kernel?16:10
jmedinanop16:10
oioiii_ok16:10
Sam-I-Amusually a kernel install with dpkg runs depmod for you :)16:10
jmedinayou can use depmod -a 2.6.xx16:10
oioiii_aaah, I see16:10
jmedinathat version shoud match with your kernel dir at /lib/modules16:10
oioiii_ok, I try (one second)...16:11
jmedinaSam-I-Am: could you please send me your ppa link to bookmark it16:16
Sam-I-Amjmedina: https://launchpad.net/~ionosphere8016:18
Sam-I-Amjmedina: they're all in there... there are PPA dependencies, so you'll have to check them.16:18
jmedinaSam-I-Am: what you mean with ppa dependencies?16:19
oioiii_jmedina: works! thanks a lot:-)16:19
jmedinaoioiii_: good!!16:19
Sam-I-Amjmedina: for example... the samba ppa built against other ppas since i had to backport some libs16:22
Sam-I-Amjmedina: you'd just need to add the dependent ppas to sources.list as well16:22
KnirghWhat's the best ftp server to start with? must be commandline16:22
jmedinaKnirgh: pure-ftpd it works all by parameters16:22
jmedina:)16:23
jmedinaor you can use debians wrapper and use a config file16:23
jmedinaSam-I-Am: so your packages are built agains svn or 2.4.16?16:26
jmedinaI mean openldap packages16:28
Sam-I-Amjmedina: svn16:29
Sam-I-Amjmedina: since theres issues with 2.4.1616:29
matttanyone here use xen?16:35
jmedinao/16:35
jmedina3.2 in hardy server16:35
bitprophet3.1 on 8.04 here16:37
bitpropheterr sorry 7.1016:37
* bitprophet just WISHES that server was on 8.0416:37
ScottKbitprophet: Well 7.10 is out of support, so you really ought to upgrade it.16:38
bitprophetno shit :)16:38
ScottKOK.  Just saying.16:38
bitprophet"ought to" does not, sadly, translate into "has time to"16:38
bitprophetI know, thanks :)16:38
jmedinawell xen in 8.04 is not supported afaik, it is in universe16:38
PhotoJimperfectly fine to keep using it.  just unplug the ethernet connection. ;)16:38
ScottKI'm one to talk.  I still have a dapper desktop for the same reason.16:38
bitprophetjmedina: I was wondering about that since I heard of something along those lines. what changed with ubuntu's xen support post 7.10?16:38
bitprophetin terms of "can install and run it without having to compile from source", I guess.16:39
jmedinabit I dont know, I only use LTS versions for servers16:39
jmedinaso I have tests tex in dapper and hardy16:39
bitprophetwell, you said you're using 8.04, which is almost definitely what I will upgrade to when I do upgrade16:39
bitprophetit still installs fine? I thought some packages were removed entirely, like the kernels or something16:40
jmedinaI only  use : apt-get install ubuntu-xen-server and that all16:40
bitprophetgood to know, thanks16:41
jmedinaI even run MS windows in HVM mode :)16:41
bitprophetyou know I'm not sure I've ever actually upgraded a system in place before. almost always it's a super old system that I just backup/wipe/install. (or a VM which just gets retired/replaced by a newer one)16:41
bitprophetcool16:41
bitprophetwe have a windows server for virtualizing that operating system, thankfully.16:41
FumohI use insmod to load a driver for my NIC, but it is not automatically loaded when I reboot... how can I get it to automatically load during boot?16:43
bitprophetadd it to /etc/modprobe.d somewhere, I think16:44
Fumohbitprophet: let me check there real fast.16:45
bitprophetactually, just /etc/modules looks like it'll do16:45
bitprophet"Kernel modules to load at boot time" :)16:45
FumohGreat, let me try that out :)16:45
bitprophetall I really know is that /etc/mod* is what you want, ha.16:45
bitprophetgood luck16:45
b3nwgood morning, does anyone have any experience with the Dell RD1000 backup drive line? Either USB or Internal SATA and Ubuntu?16:46
bitprophetconversely, you can add stuff to /etc/modprobe.d/blacklist to _prevent_ it from loading. very useful to turn off pcspkr, in my experience16:46
jmedinawujuuuuuuuuuuuuuuuu16:47
uvirtbot`New bug: #394365 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: le sous-processus post-installation script a retourn? une erreur de sortie d'?tat 1" [Undecided,New] https://launchpad.net/bugs/39436517:11
=== [1]th0m is now known as th0m
Fumohbitprophet: Yeah couldn't get it to work by modifying the modprobe.d stuff... I just created a startup script that runs the insmod command.  It's dirty, but it works!  Thanks for your help.17:23
heath|workhow do you enable sieve for jaunty dovecot?17:28
bitprophetFumoh: for that you could also just add it to /etc/rc.local, I think17:29
bitprophetyou made another init.d script?17:29
jmedinaFumoh: shy use insmod instead of modprobe, modprobe will take care to load dependencies modules, provided you have run depmod17:36
IRConananyone know a good way to prioritise network traffic on a ubuntu-server17:50
jmedinaIRConan: yeap use tc18:01
jmedinaI really like shorewall's way18:01
jmedinaHTB for egress traffic, IFB for ingress traffic18:01
NMR_1122Do you put all of the sub-domains (wiki.example.com, mail.example.com, www.example.com, etc) in a single Bind9 Zone file, or create separate files for each sub-domain?18:03
Sam-I-AmNMR_1122: are those hosts or subdomains?18:05
jmedinasame question...18:05
Sam-I-Amthey look like hostsd18:05
Sam-I-Ams18:05
jmedinayou declare subdomains with new NS records18:05
jmedinafor hosts you use IN, CNAME..18:05
NMR_1122they should point to different IP addresses18:06
NMR_1122so i think hosts?18:06
Sam-I-Amthey are hosts18:06
jmedinausually for both hosts and subdomains you use same zone file, unless you delegate that subdomain admin to someone else18:06
Sam-I-Amthen they're in the example.com zone18:06
IRConanjmedina: tc?18:07
jmedinaIRConan: yeap18:07
jmedinaTraffic Shapping Tool18:07
jmedinapart of iproute218:07
jmedinaNMR_1122: I always use this template file18:07
jmedinahttp://verde.e-compugraf.com/jm-confs/bind9/db.ejemplo.com.zone-SIMPLE.txt18:07
NMR_1122the comments are in spanish18:08
jmedinayeap18:09
jmedinaif you want to know what they mean, read bind's ARM18:09
jmedinahttp://ws.edu.isoc.org/workshops/2008/cctld-ams/Documentation/bind-arm/Bv9ARM.html18:09
NMR_1122ok, Thanks!18:10
IRConanjmedina: got any good links for how to configure tc well?18:12
jmedinaIRConan: I told you I like shorewalls features18:15
jmedinahttp://www.shorewall.net/traffic_shaping.htm18:15
jmedinait is not that easy18:15
IRConan"Do not attempt to install Shorewall on a remote system. You are virtually assured to lock yourself out of that system."18:15
IRConanhmm...18:15
jmedinayou need to correctly understand how packet flows18:15
jmedinaIRConan: what do you want to do?18:16
IRConanI haven't really worked out exactly which packets need prioritisation yet18:17
jmedinaIRConan: you can start reading lartc.org18:17
jmedinaLinux Advance Routing and Traffic Control18:18
IRConancool... thanks for the info18:18
heath|workmy mail server is named mail.company.local, but I have virt domains running on it. For the CA's do I need the Common Name to be mail.company.local?19:11
jmedina.local ??? what Exchange?19:16
heath|workit runs local email, but I would like to add virtual domains as well19:18
heath|workI can move it to a .com if I need to19:19
heath|workI'm just trying to avoid cert hostname mismatch errors19:19
ScottKNothing can see it outside your network if it's on .local19:20
jmedinaheath|work: for mail servers CN should match the hostname your mail clientes use19:20
jmedinain fact I have MTA rules that rejects mail from .local domains19:20
jmedinaso for local use donesnt matter your FQDN19:21
heath|workso if the mail clients are using mail.company.com, then the cert should be the same19:21
slangasekkirkland: what kind of testing have you done with open-iscsi in jaunty/karmic, by chance?  Working with Etienne on bug #236640, he's apparently now running into a kernel oops when running isci_discovery :(19:21
uvirtbot`Launchpad bug 236640 in open-iscsi "iSCSI install fails under hardy" [High,In progress] https://launchpad.net/bugs/23664019:21
heath|workI was reading it as it must match the hostname19:22
jmedinaheath|work: yeap19:22
jmedinaand you have to import your CA cert into your mail clients19:22
heath|workbut it's the name the clients will use... cool thanks for clearing that up19:22
heath|workyeah... thanks jmedina19:22
jmedinaI would rename your domain if you plan to use this mail system outside your local network19:23
kirklandslangasek: i did some testing in early jaunty, dec/jan timeframe19:23
kirklandslangasek: as of the upload mathiaz and I made around then, we were able to auto mount an iscsi partition on boot, in a vm19:24
* jmedina uses open-iscsi with ubuntu xen guests for live migration with jaunty iscsi target19:24
kirklandslangasek: as long as that partition wasn't / or /usr, i think19:24
kirklandslangasek: that, we had working well as of that upload19:24
kirklandslangasek: we were using iscsi-target for our testing19:24
slangasekkirkland: ok19:26
slangasekso the kernel oops may be a karmic regression19:27
slangasekhopefully jaunty wasn't like that19:27
kirklandslangasek: yeah, i didn't see that in jaunty19:28
slangasekyou also said you only tested early in jaunty19:28
slangasekso the kernel might've changed before release19:28
slangasekwell - the kernel /did/ change before release, but maybe it changed in a way that broke :)19:29
kirklandslangasek: heh, that's totally true19:29
RoAkSoAxsoren, are you working on cobbler ?19:54
sorenRoAkSoAx: No.19:54
RoAkSoAxsoren, are you gonna package it for karmic?19:54
sorenRoAkSoAx: No.19:54
sorenRoAkSoAx: I want to, I just don't have the time.19:54
RoAkSoAxsoren, ok thanks. I'll try to work on it then :)19:55
jpdssoren: too many phone call meetings? :)20:06
heath|workcan I grep through every file in a dir looking for foo?20:12
heath|worknevermind that was easy20:13
Nafallojpds: soren needs clones. that's his only way to win the mdraid by default crack he's on :-P20:23
=== erichammond1 is now known as erichammond
henkjanNafallo: can i anywhere vote for that?20:30
Nafallohenkjan: no idea. but it won't happen :-)20:31
henkjando default install on a broken raid 1?20:33
Nafallohenkjan: install every system with software raid1 by default. if there is one disk found, leave it degraded by default.20:36
Nafallo(as I've understood it)20:36
Nafalloanyway. nvm. it was a troll to begin with from my part :-P20:37
Nafallo(obviously)20:37
ajmitchNafallo: yes, because we know that soren is not really human, right?20:48
Nafalloajmitch: of course. a guy that walks up to the bar, get notified it's last call and walks away with 10 beers is not my definition of normal :-)20:49
ajmitchhaha20:49
bcwould anyone know if the default mail set up for amavis, pyzor, etc, communicates with cloudmark.com? I'm seeing strange traffice two and from there every minute or so.21:43
bcnetcat to the IP on the port of 2703 only produces this a string like this -> sn=C&srl=11088&a=1&a=cg&ep4=7542-1021:45
bcnevermind, found the answer: http://www.google.com/search?q=sn%3DC+cloudmark21:46
=== erichammond1 is now known as erichammond
=== erichammond1 is now known as erichammond

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!