[00:01] <uvirtbot`> New bug: #394043 in nagios3 (main) "Sync nagios3 3.0.6-5 (main) from Debian unstable (main)." [Wishlist,Confirmed] https://launchpad.net/bugs/394043
[00:04] <MianoSM> http://www.iana.org/assignments/port-numbers
[00:11] <incorrect> can anyone suggest a good command line tool to view network throughput?
[00:26] <ghostlines> iftop dude
[00:27] <ghostlines> that's a nice app, I think it's what you want
[00:35] <jmedina> ghostlines: iftop wont graph network throughtput unless you generate trafic
[00:36] <jmedina> incorrect: for network throughput you can use iperf
[00:36] <jmedina> or simply rsync, or scp
[00:36] <jmedina> I really like vnstat :)
[00:54] <cmwslw> i know this might sound ridiculous, but is there any way to restart my server from a webpage?
[01:00] <smultron> cmwslw: i've never used one, but you might want to look at web-based server managers like: http://www.webmin.com/
[01:04] <MianoSM> I love webmin
[01:08] <foxbuntu> MianoSM, tried ebox?
[01:09] <foxbuntu> cmwslw, you might want to check out ebox as well
[01:11] <cmwslw> i already have that installed, but it is a security risk if it is enabled for the whole internet to access
[01:12] <ewook> firewall it?
[01:12] <cmwslw> i do have a login protected admin page though which i would like a simple restart button
[01:14] <cmwslw> i might need to reboot while on vacation - that's why i need a reboot button
[01:14] <smultron> don't want to ssh in and reboot?
[01:14] <cmwslw> i can't really firewall webmin because i don't know what the ip address is
[01:15] <cmwslw> can i use an ipod touch to ssh - mine's jailbroken and ssh installed
[01:15] <cmwslw> idk if it is the ssh client or just server
[01:15] <MianoSM> foxbuntu: I did, it wasn't my cup of tea (to be honest I have liked using webmin for too long)
[01:16] <smultron> cmwslw: you should be able to use that. just do a test before leaving
[01:17] <cmwslw> wait, my ssh is enabled for lan only, like webmin
[01:18] <cmwslw> i always thought that enabling services like these for the internet were huge security hazards - is it not the case?
[01:19] <foxbuntu> cmwslw, while they can be, you just need to take proper precautions to secure them
[01:24] <foxbuntu> cmwslw, I have a few servers with ssh out to the web, but I use RSA key authentication not passwords
[01:25] <cmwslw> i just tried sshing into my server via my ipod touch, and everything worked
[01:25] <cmwslw> i'm going to see if i can get rsa keys to work on it
[01:25] <JorgeJorgesson> I have a mysql server running on one machine, but cannot access from another even with the same username/pswd (root)
[01:26] <jmedina> JorgeJorgesson: JorgeJorgesson probably because mysqld only listen on the loopback interface
[01:26] <jmedina> check /etc/mysql/my.cnf for the bind-address option
[01:27] <JorgeJorgesson> Ah, if I change that, then I cannot access it on the same local machine, correct?
[01:29] <JorgeJorgesson> Now I see my problem.
[01:29] <JorgeJorgesson> I cannot use the mysql database server from a local machine and a remote machine at the same time, correct?
[01:30] <jmedina> just comment the line and restart mysql
[01:30] <jmedina> check
[01:30] <jmedina> netstat -pltn | grep mysqld
[01:31] <jmedina> that will show you the socket mysql is listening
[01:31] <JorgeJorgesson> jmedina: comment what line?  how do I get mysqld to listen on both remote and local?
[01:31] <jmedina> bind-interfaces
[01:32] <jmedina> bind-address
[01:32] <JorgeJorgesson> Do I bind both?
[01:32] <jmedina> or something, im telling you from memmory
[01:32] <JorgeJorgesson> Ok, nevermind.  Thanks for the tip though!
[01:32] <jmedina> you can just comment the line, and mysql will listen on every network interfaces
[01:33] <JorgeJorgesson> I tried that.
[01:33] <JorgeJorgesson> Local access works, remote does not
[01:35] <MianoSM> You forwarded the port, and tried connecting to the local and external IP?
[01:36] <JorgeJorgesson> MianoSM: even internal (LAN) connection need to connect via WAN?
[01:37] <jmedina> JorgeJorgesson: did you create a mysql account allowd to connect from remote hosts?
[01:37] <jmedina> the defualt root account only allows to connect from localhost root@localhost
[01:38] <JorgeJorgesson> I don't understand....I've had all this working before
[01:39] <jmedina> JorgeJorgesson: show the evidence....
[01:39] <jmedina> show your logs
[01:39] <jmedina> show your config files
[01:39] <jmedina> show output from netstat -pltn | grep mysql
[01:43] <JorgeJorgesson> ok, something is wrong here
[01:43] <JorgeJorgesson> I think two servers are running
[01:43] <jmedina> show the evidence
[01:43] <jmedina> use pastebin
[01:44] <JorgeJorgesson> My remote account shows no databases, my local shows all
[01:44] <JorgeJorgesson> I had this all working just the other day....no proof required.  I was using it.
[01:44] <JorgeJorgesson> I don't understand what went wrong here
[01:45] <jmedina> well, if you dont show us the output, all we can do is guess
[01:46] <JorgeJorgesson> What do you want to see?  Do you too want ssh?
[01:46] <jmedina> JorgeJorgesson: your config file
[01:46] <jmedina> output from netstat
[01:46] <jmedina> :)
[01:46] <JorgeJorgesson> config what
[01:46] <jmedina> the one we were just taking about
[01:46] <jmedina> my.cnf
[01:48] <JorgeJorgesson> http://pastebin.ca/1480210
[01:49] <jmedina> now from netstat -pltn | grep mysql
[01:50] <JorgeJorgesson> tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      3912/mysqld
[01:50] <jmedina> ok
[01:50] <jmedina> and what about the account?
[01:50] <JorgeJorgesson> This stuff is going to give me a heart attack soon or later
[01:50] <jmedina> can you connect to mysql with root?
[01:50] <jmedina> :)
[01:50] <JorgeJorgesson> local yes, remote no
[01:51] <jmedina> ok
[01:51] <jmedina> use mysql;
[01:51] <JorgeJorgesson> yes
[01:51] <jmedina> select host,user,password from user;
[01:51] <JorgeJorgesson> yes
[01:51] <JorgeJorgesson> I get a connection with no databases remotely
[01:51] <JorgeJorgesson> local I see all my databases
[01:52] <jmedina> show the output
[01:52] <JorgeJorgesson> What log can I show you that it worked just a couple of days ago
[01:52] <JorgeJorgesson> I was using the remote to study for my exam
[01:53] <JorgeJorgesson> Output:
[01:53] <JorgeJorgesson> Database information_schema
[01:54] <JorgeJorgesson> 1 row in 0.00 sec
[01:54] <jmedina> mm
[01:54] <JorgeJorgesson> Yeah, same problem as before
[01:55] <JorgeJorgesson> It all worked just two days ago
[01:55] <JorgeJorgesson> remote, local
[01:55] <JorgeJorgesson> all good
[01:56] <JorgeJorgesson> The mysql guys called me a moron (more or less) the ubuntu-us-fl guys got me running local....great job!
[01:56] <jmedina> JorgeJorgesson: use pastebin
[01:56] <jmedina> I coulnt see your output
[01:56] <jmedina> :)
[01:57] <JorgeJorgesson> pastevin.ca/1480214
[01:57] <JorgeJorgesson> pastebin.ca/1480214
[01:58] <jmedina> JorgeJorgesson: spanish?
[01:58] <jmedina> mmm
[01:58] <JorgeJorgesson> yeah, pretty much!!!
[01:58] <jmedina> tocayo
[01:58] <jmedina> lets try in english :)
[01:58] <JorgeJorgesson> ciau baby
[01:58] <JorgeJorgesson> ok, did you get it?
[01:59] <jmedina> yeap
[01:59] <jmedina> ok but...
[01:59] <jmedina> I never ask for the output from show databases;
[01:59] <JorgeJorgesson> Oh crap....
[01:59] <JorgeJorgesson> Ok, reset
[01:59] <JorgeJorgesson> What did you want again?
[01:59] <jmedina> use mysql;
[01:59] <JorgeJorgesson> yes
[01:59] <JorgeJorgesson> On the remote?
[01:59] <jmedina> select host,user,password from user;
[01:59] <jmedina> not
[01:59] <jmedina> from local
[02:00] <jmedina> root at local
[02:00] <JorgeJorgesson> mysql
[02:00] <JorgeJorgesson> not sure what you want
[02:00] <JorgeJorgesson> use mysql;
[02:00] <JorgeJorgesson> ?
[02:00] <jmedina> I want to get a mysql user list
[02:00] <jmedina> I want the optput from selec..
[02:01] <JorgeJorgesson> ok, exact  commands
[02:01] <jmedina> scroll up
[02:02] <JorgeJorgesson> I did
[02:02] <JorgeJorgesson> No database selected
[02:02] <jmedina> what?
[02:03] <jmedina> did you type: use mysql;?
[02:03] <JorgeJorgesson> I guess I'm just not smart enough to get this stuff.
[02:03] <JorgeJorgesson> yess
[02:03] <jmedina> ¬¬
[02:03] <jmedina> again
[02:03] <jmedina> use mysql;
[02:03] <jmedina> you should get something like: database changed...
[02:03] <jmedina> then type the select command..
[02:03] <jmedina> and show me the output
[02:03] <jmedina> so are you takina mysql exam?
[02:03] <jmedina> taking
[02:04] <JorgeJorgesson> yes and I've run a website for a year
[02:04] <JorgeJorgesson> this is making no sense to me
[02:04] <JorgeJorgesson> ERROR 1046 (3D000): No database selected
[02:04] <jmedina> mmm
[02:04] <jmedina> how did you connecto to mysql?
[02:04] <jmedina> from remote or local?
[02:05] <JorgeJorgesson> I can write select queries galore
[02:05] <JorgeJorgesson> I am local
[02:05] <jmedina> ok
[02:05] <jmedina> show databases;
[02:05] <jmedina> you should get a list of databases;
[02:05] <JorgeJorgesson> I told you before, no problem
[02:06] <JorgeJorgesson> Remote is the problem
[02:06] <jmedina> ok, but we need to type some commands from local to debug this
[02:06] <JorgeJorgesson> ok
[02:06] <JorgeJorgesson> I understand what you want to do
[02:06] <JorgeJorgesson> show users, show permissions
[02:06] <JorgeJorgesson> right?
[02:07] <jmedina> yeap
[02:07] <JorgeJorgesson> Ok, I'm not that far yet in my studies!
[02:07] <JorgeJorgesson> I'm at select, create and such...up to chpt. 10
[02:08] <jmedina> ok again
[02:08] <jmedina> show the output from show databases;
[02:08] <JorgeJorgesson> from where?
[02:08] <jmedina> from local!!!!!
[02:09] <jmedina> I want to know if you have a root account with remote access
[02:10] <JorgeJorgesson> I told you ......all my databases.....http://pastebin.ca/1480222
[02:10] <JorgeJorgesson> Sorry, I'm being a smartass again....you are helping.
[02:10] <JorgeJorgesson> Just frustration
[02:11] <jmedina> ok
[02:12] <jmedina> now
[02:12] <jmedina> use mysql;
[02:12] <jmedina> and
[02:12] <JorgeJorgesson> wharer
[02:12] <JorgeJorgesson> where
[02:12] <jmedina> LOCAL!!!!!!!!!!!!!!!
[02:12] <JorgeJorgesson> ok
[02:13] <JorgeJorgesson> ok
[02:13] <jmedina> and then type
[02:13] <jmedina> select host,user,password from user;
[02:13] <jmedina> and show me tht output
[02:13] <jmedina> that will give you a mysql users list and the host they are allowed to coonnect from
[02:13] <JorgeJorgesson> ERROR 1046 (3D000): No database selected
[02:13] <jmedina> damn
[02:14] <JorgeJorgesson> that would be in information_schema
[02:14] <jmedina> please show me the full output from use mysql to that error
[02:14] <JorgeJorgesson> I did
[02:15] <jmedina> again
[02:15] <jmedina> I want to see everything
[02:15] <jmedina> not only that line
[02:15] <JorgeJorgesson> That is it.
[02:15] <mattt> *use mysql;*
[02:15] <JorgeJorgesson> One line
[02:15] <mattt> :)
[02:15] <JorgeJorgesson> I did
[02:15] <JorgeJorgesson> I can make stuff up if you want :)
[02:15] <jmedina> JorgeJorgesson: just paste full output
[02:16] <JorgeJorgesson> I did....not sure what you want here
[02:16] <JorgeJorgesson> That is the exact output
[02:16] <jmedina> use your mouse, click in the line that starts with mysql> use mysql, and drag it down until the line with ERROR
[02:16] <jmedina> :)
[02:16] <JorgeJorgesson> exit
[02:16] <JorgeJorgesson> sorry
[02:16] <jmedina> :D
[02:17] <cmwslw> does anybody know how to enable ssh access over the internet, but only w/ rsa keys?
[02:17] <JorgeJorgesson> mysql> select host,user,password from user;
[02:17] <JorgeJorgesson> ERROR 1046 (3D000): No database selected
[02:17] <cmwslw> i got rsa keys to work on my ipod
[02:17] <jmedina> I want to see full output for every command you type and for every message mysql
[02:18] <JorgeJorgesson> can we do this all together?
[02:18] <mattt> JorgeJorgesson: you haven't switched to the mysql DB :(
[02:18] <JorgeJorgesson> ah, use mysql
[02:18] <mattt> yep, 'use <DB>;', where <DB> in this instance is mysql
[02:19] <jmedina> cmwslw: edit /etc/ssh/sshd_config and add PasswordAuthentication no
[02:19] <JorgeJorgesson> mattt, i understand
[02:19] <mattt> JorgeJorgesson: otherwise, you can do: 'select host,user,password from mysql.user;'
[02:19] <cmwslw> jmedina: thanks a ton!
[02:20] <JorgeJorgesson> http://pastebin.ca/1480228
[02:21] <jmedina> cmwslw: I think that option was in the config file with yes
[02:21] <JorgeJorgesson> mattt, understood now
[02:21] <jmedina> probably ubuntu guys remoted it
[02:24] <jmedina> JorgeJorgesson: now
[02:24] <jmedina> select host,db,user from db where user='root';
[02:25] <jmedina> matt thanks for remind me about db.table
[02:25] <JorgeJorgesson> empty
[02:27] <JorgeJorgesson> so how do I logon as local root
[02:28] <jmedina> so, your root@% dont have accees to any database
[02:28] <jmedina> you mean remote
[02:28] <JorgeJorgesson> so how do I logon as local root
[02:28] <jmedina> as local?
[02:28] <jmedina> you are doing this as local.
[02:28] <JorgeJorgesson> I still don't understand....this worked just days ago
[02:29] <jmedina> JorgeJorgesson: well something changed, and someone did it
[02:29] <JorgeJorgesson> But I am right here
[02:30] <JorgeJorgesson> I own these machines
[02:30] <JorgeJorgesson> I had it all working
[02:30] <JorgeJorgesson> I cannot now access my "server" from my "local" machines
[02:30] <JorgeJorgesson> Machines in the same network
[02:31] <jmedina> grant all privileges on *.*  to 'root'@'%';
[02:31] <jmedina> and then
[02:31] <jmedina> flush privileges;
[02:31] <jmedina> and there you go :)
[02:33] <JorgeJorgesson> I just don't get what happened.
[02:33] <JorgeJorgesson> My website is running just fine.......and has been for a year
[02:34] <ajmitch> and your website is on which computer?
[02:34] <cmwslw> yes! i can now ssh with an rsa key from my iphone
[02:35] <cmwslw> this is awesome
[02:36] <jmedina> cmwslw: good,  you should write a howto :)
[02:36] <cmwslw> i was planning on doing that
[02:36] <jmedina> Im going to by a hiphone :)
[02:36] <cmwslw> on my blog
[02:36] <jmedina> 200 dollars :)
[02:37] <cmwslw> it was actually not very different from a normal computer
[02:37] <cmwslw> i hope jorge gets back on
[02:37] <cmwslw> i just realized i had the same problem as him and fixed it
[02:38] <jmedina> I have some servesr configured to allow password auth for normal users and only allow root using rsa
[02:38] <JorgeJorgesson> jmedina: all is well now, thanks again
[02:39] <cmwslw> jorge: did you try rebooting?
[02:39] <JorgeJorgesson> yup
[02:39] <cmwslw> that fixed the problem for me
[02:39] <JorgeJorgesson> Works great
[02:39] <jmedina> JorgeJorgesson: you are welcome
[02:39] <cmwslw> haha
[02:39] <jmedina> reboot?
[02:39] <jmedina> what?
[02:39] <cmwslw> i had the same problem
[02:39] <jmedina> this is not windows
[02:39] <jmedina> :)
[02:39] <ajmitch> jmedina: he had problems with mysqld apparantly not running after a reboot earlier
[02:39] <cmwslw> server was down for a week until i rebooted
[02:40] <cmwslw> could have fixed it sooner but i was on vacation
[02:40] <cmwslw> now i can use my IPHONE! woot
[03:12] <Island_Swimmer> Hi, All. I should be the happy owner of three new baby servers, but something has gone a miss
[03:12] <mattt> Island_Swimmer: ?
[03:14] <Island_Swimmer> Well, when I go to create a new Mediawiki page, I get:
[03:14] <Island_Swimmer> Error Text:
[03:14] <Island_Swimmer> Fatal error: Allowed memory size of 20971520 bytes exhausted (tried to allocate 7680 bytes) in /var/www/technology/wiki/includes/AutoLoader.php on line 582
[03:15] <cmwslw> idk why mediawiki would use that much
[03:15] <Island_Swimmer> What could be wrong? Any help is appreciated. Please
[03:15] <ajmitch> cmwslw: 20MB isn't much
[03:15] <cmwslw> i thought 20mb was the default?
[03:15] <ajmitch> Island_Swimmer: change the memory limit in the php.ini file
[03:15] <ajmitch> cmwslw: it's still not a lot of memory :)
[03:15] <Island_Swimmer> I tried, but since I can't get VIM-full installed, I can't edit the files
[03:16] <cmwslw> nano?
[03:16] <Island_Swimmer> I am not comfortable with Nano, since it broke my php in the first place
[03:16] <mattt> Island_Swimmer: sed -i ?  :)
[03:16] <cmwslw> well if that's the case, i would reinstall php then
[03:17] <Island_Swimmer> I did. That is why my limit is back to 16 MB
[03:17] <cmwslw> i don't see how nano could be more complicated than vim
[03:17] <mattt> Island_Swimmer: ok, so then you know what the problem is ... but the problem is that you can't use nano?
[03:18] <jmedina> and why not vi?
[03:18] <Island_Swimmer> I'm blind. Learning a new Text Editor on a production system is not really an option in the time crunch. Unfortunately that is the case
[03:18] <mattt> ok, that certainly complicates things a bit :/
[03:18] <Island_Swimmer> I wasn't sure if that was the problem, but rather I suspected it. I also needed to confirm this
[03:19] <jmedina> Island_Swimmer: copy the file to your local machine, edit it, and upload it again :)
[03:19] <ajmitch> sed -i it is then
[03:19] <jmedina> :)
[03:19] <jmedina> or ed
[03:19] <jmedina> :)
[03:19] <Island_Swimmer> I didn't think of that
[03:19] <ajmitch> jmedina: that's cruel
[03:19] <Island_Swimmer> I'll be back. What is the file exactly I'm editing again
[03:20] <jmedina> ajmitch: well if he is unable to use vi then will be hard to use sed
[03:20] <Island_Swimmer> ?
[03:20] <Island_Swimmer> Please
[03:20] <ajmitch> the file in /etc/php5/apache2/php.ini
[03:20] <ajmitch> jmedina: you don't need to navigate around anything with sed, it's a single command to run
[03:21] <jmedina> ajmitch: I know
[03:21] <jmedina> he just can't learn sed right now, so I just give a solution, I would use sed
[03:22]  * jmedina loves sed
[03:22] <jmedina> :)
[03:22] <ajmitch> php5's debian/rules uses sed to change the memory limit
[03:24] <jmedina> ajmitch: share the line
[03:24] <ajmitch>         cat php.ini-dist | tr "\t" " " | sed -e'/memory_limit =/ s/128M/32M/g' > debian/php5-common/usr/share/php5/php.ini-dist.cli
[03:25] <ajmitch> is what's in debian/rules, of course it'd need to be changed for the installed file
[03:28] <Island_Swimmer> Ok. I upped the limit and still get the same error after Apache2 Force-reload
[03:28] <Island_Swimmer> I upped it to 32M
[03:29] <Island_Swimmer> I appreciate all solutions, no matter how big or how small
[03:30] <jmedina> Island_Swimmer: restart apache
[03:30] <jmedina> not just reload
[03:31]  * ajmitch would suggest it being much higher than 32M, depending on how much RAM your servers have
[03:31] <Island_Swimmer> I got a slightly different error
[03:31] <Island_Swimmer> Error text:
[03:31] <Island_Swimmer> Fatal error: Allowed memory size of 20971520 bytes exhausted (tried to allocate 8192 bytes) in /var/www/technology/wiki/includes/SpecialPage.php on line 1
[03:31] <ajmitch> certain PHP apps gobble up the memory
[03:32] <Island_Swimmer> Yeah, but Mediawiki is recomended at 32M
[03:32] <Island_Swimmer> 32M
[03:32] <ajmitch> as a bare minimum?
[03:32] <Island_Swimmer> Hmm. I'll be back
[03:33] <ajmitch> looking at the mediawiki site, you should also increase the memory limit in LocalSettings.php
[03:34] <ajmitch> http://www.mediawiki.org/wiki/Manual:Errors_and_Symptoms#Fatal_error:_Allowed_memory_size_of_nnnnnnn_bytes_exhausted_.28tried_to_allocate_nnnnnnnn_bytes.29
[04:09] <Island_Swimmer> Thanks
[04:09] <Island_Swimmer> That fixed it
[04:12] <Island_Swimmer> It was in Localsettings.php
[04:12] <Island_Swimmer> !Webadmin
[04:12] <Island_Swimmer> !Webmin
[04:13] <Island_Swimmer> !ebox
[04:15] <Island_Swimmer> Why is VIM-full not in my repository?
[04:15] <Island_Swimmer> Please
[04:16] <Island_Swimmer> !Packages
[04:16] <Island_Swimmer> !Repositories
[04:18] <ScottK> Island_Swimmer: vim is (I suspect) vim-full.
[04:37] <Island_Swimmer> I know that, but unfortunately it is not in my repository. Neither is Ebox
[04:38] <Island_Swimmer> It is odd. It is a minimal install of Ubuntu 8.04 Hardy
[07:46] <negge> I'm wondering if PHP 5.3 will make it into Hardy? If so I need to start doing some testing...
[07:47] <negge> does anyone know?
[07:53] <arooni> how do i fix this:  for apache?  Directory index forbidden by Options directive: /mnt/app/current/public/
[08:05] <negge> arooni: somewhere in /etc/apache2/sites-available/<yoursite> there's a line that forbids directory listing. Normally that's exactly what you want to do
[08:05] <arooni> thats what i want right
[08:05] <arooni> to forbid direcotry indexing
[08:15] <negge> arooni: check the Apache documentation or just Google it, I don't remember exactly what you're supposed to write. But the file you should put ut in is the one I mentioned, that's for sure
[08:15] <arooni> got it working
[08:15] <negge> good
[08:25] <acalvo> hi
[08:27] <acalvo> I need some advise: I want to migrate my old mail server and I was thinking that maybe is time for a change. We're using POSTFIX and COURIER as MTA/MDA with LDAP as backend. I've been researching a little bit, and maybe DOVECOT or QMAIL could do the job better and easier. What do you think? Thanks!
[08:29] <mattt> acalvo: do the job better how?
[08:30] <mattt> acalvo: are you having problems w/ postfix/courier?
[08:30] <acalvo> mattt, no, but it was a pain to set it up and it lacks some administration tools
[08:31] <mattt> acalvo: i don't even see a qmail package on hardy :/
[08:33] <acalvo> mattt, damn, my test machine is Jaunty...
[08:33] <mattt> don't see one for jaunty either :)
[08:34] <mattt> iirc, there is some packing issues w/ qmail which is why ubuntu/red hat, etc. don't distribute it
[08:34] <ajmitch> some historic licensing issues at least
[08:34] <acalvo> oh, ok
[08:34] <acalvo> but, what do you think about DOVECOT?
[08:35] <ajmitch> dovecot & postfix are the recommended tools for ubuntu
[08:35] <acalvo> well, I think I'll give it a try
[08:35] <acalvo> hope the LDAP integration works fine
[08:36] <acalvo> have you tried with such a configuration (LDAP, quotas, ...)?
[08:36] <ajmitch> I haven't tried it, but I believe there's some good documentation on dovecot & ubuntu
[08:36] <acalvo> oh, well
[08:36]  * ajmitch uses exim4 & dovecot
[08:36] <acalvo> uhmmm
[08:36] <acalvo> exim!
[08:36] <acalvo> another one I've heard about
[08:40] <mattt> i like postfix ... the standard install works nicely w/out much (if any) hacking
[08:40] <mattt> but it's really configurable if you want to do wacky stuff
[08:40] <acalvo> I agree
[08:40] <acalvo> but it seems that exim is more powerful and customizable
[08:41] <mattt> i thought exim's selling point was simplicity
[08:43] <acalvo> yes, but it achieves that by having several plugins
[08:52] <steady2023> hey can you guys help
[08:53] <steady2023> how do u apt-get install including config files if I deleted the directory
[08:53] <twb> !u
[08:54] <twb> steady2023: try aptitude reinstall.  You may have to purge and install the package in question, because deleting a config file is treated as a deliberate action by dpkg -- that is, it will REMEMBER that you wanted to delete it.
[08:56] <steady2023> ok cool that fixed it
[08:56] <steady2023> u got a good easy guide to getting proftpd to work
[08:56] <steady2023> I followed 3 of them but they are all from a few years ago and have conflicts
[09:01] <twb> proftpd is full of security holes, IIRC.
[09:01] <twb> Why don't you use vsftpd?
[09:02] <steady2023> I just need to get an ftp working to install joomla
[09:02] <steady2023> I mean I guess it tells me it needs ftp access
[09:08] <sandstrom> How can I reset (settings and everything) ufw?
[09:20] <uvirtbot`> New bug: #394164 in cyrus-sasl2 (main) "uninstallable: incorrect dependencies after security update" [Undecided,New] https://launchpad.net/bugs/394164
[09:34] <twb> sandstrom_: ufw disable?
[09:35] <sandstrom_> I  was thinking of everything (files etc). But I think I managed. thanks anyway
[09:40] <twb> sandstrom_: aptitude purge ufw? ;-)
[09:53] <negge> sandstrom_: easiest way is to delete everything from /var/lib/ufw/user.rules (or user6.rules if you're using ipv6)
[09:53] <negge> no need to reinstall or anything
[09:53] <sandstrom_> thanks
[10:01] <twb> negge: ah, well, he should have been clearer about what he meant by "reset" :-)
[10:03] <acalvo> does anyones uses squid with some add-on to block undesired services (such as msn, p2p, ...) and web pages?
[10:05] <twb> acalvo: you mean at the firewall level?
[10:05] <acalvo> well
[10:05] <acalvo> no, we have a firewall
[10:05] <twb> Obviously you can avoid p2p on your own hosts by simply not installing p2p software.
[10:05] <acalvo> hardware firewall
[10:05] <acalvo> but does not support web or service filtering
[10:06] <acalvo> well, try to tell to the students what they should not do...
[10:12] <twb> Sounds like you have an appliance device running a closed version of Linux, such that you cannot get to its software firewall and tell it to block p2p packets.
[10:13] <twb> Normally in such a situation I'd install OpenWRT or Ubuntu Server on the router in question, and teach it to block p2p packets with the l7 stuff.
[10:14] <twb> Or if you have total control over the desktops (i.e. they all run your custom GOE and you don't allow users to use their own laptops or install things), you can just ensure that no p2p apps are installed on the desktops.
[10:15] <acalvo> well, thanks
[10:15] <acalvo> but I was thinking in using a transparent proxy which had some utility to block/filter services
[10:16] <acalvo> I've heard about squid-guard
[10:16] <acalvo> but I never get it to work
[10:16] <acalvo> (yet!)
[10:17] <twb> squid-guard won't do shit against bittorrent
[10:17] <twb> Because bittorrent does not use HTTP.
[10:25] <nlindblad> Hi
[10:25] <nlindblad> How come an e-mail with score -1.80 gets marked as spam when the treshold is 5.20?
[10:25] <nlindblad> (Sendmail with milter-spamc)
[10:26] <twb> Any reason you're using sendmail instead of, say, postfix?
[10:28] <eolo999> hi, where can i find good documentation on how to convert Xen guests to run with KVM?
[10:40] <twb> eolo999: have you tried the ubuntu server admin guide?
[10:44] <eolo999> twb: apparently there's nothing there regarding migration from xen to kvm; or i'm wrong?
[10:44] <twb> eolo999: I don't know.
[10:44] <twb> Inasmuch as kvm is qemu, there is qemu-convert.  That assumes you already have some form of disk image, though...
[10:46] <eolo999> twb: that just take care of disk images not of xml creation, kernel adjustments(as xen guests use the host kernel) and who knows more...
[10:47] <twb> kvm needs XML?
[10:50] <a_ok> my mail log stays empty after rotate. i do reload (now even restart) sysklogd in the last logrotate entry
[10:51] <a_ok> postfix is the mailer btw
[10:53] <eolo999> twb: if you want to use it with libvirt...
[10:56] <twb> a_ok: is your postfix logging via syslog?
[10:56] <a_ok> twb: yeah
[10:56] <twb> a_ok: postfix and/or syslog should install the appropriate logrotate entries already -- did you mess with them?
[10:57] <a_ok> twb: this is a setup from way back so they are messed with before i came to work here. I rearanged things so i have a full mail log in /var/log/adm/mail and the important stuff in /var/log/mail.log however the later does not work
[10:58] <acalvo> twb, nice point there... I should install some firewall rules there
[10:58] <a_ok> twb: could you show me your entry perhaps?
[11:00] <twb> a_ok: I don't have an Ubuntu system handy.
[11:01] <twb> a_ok: try "aptitude download <package>", then use "dpkg -X <package>*deb `mktemp -d`" to extract it into a temporary directory to inspect it
[11:01] <a_ok> twb: anyway I am allowed to mess with them I do not understand why it does not do what it supposed to do
[11:03] <a_ok> twb: a manual sysklogd reload solves the problem
[11:56] <uvirtbot`> New bug: #394211 in nagios3 (main) "Reporting CGIs incorrectly calculate start or end time for periods spanning changes to daylight time" [Undecided,New] https://launchpad.net/bugs/394211
[13:05] <ssc__> hi all
[13:06] <ssc__> is there a way to make bind9 accept an update without a key ? like an 'insecure mode' ?
[13:54] <jo___> Hi
[13:54] <heath|work> hello
[13:55] <jo___> what is the default boot manager installed in Jaunty server?
[13:56] <jo___> I do not have a /boot/grup dir, and no /etc/lilo.conf either
[13:57] <heath|work> should be grub
[13:58] <heath|work> /boot/grub
[13:58] <jo___> hm. While an dist-upgrade I get the error message:
[13:58] <jo___> Searching for GRUB installation directory ...
[13:58] <jo___> No GRUB directory found. To create a template run 'mkdir /boot/grub' first. To install grub, install it manually or try the 'grub-install' command. ### Warning, grub-install is used to change your MBR. ###
[13:59] <jo___> ls /boot/grub
[13:59] <jo___> ls: cannot access /boot/grub: No such file or directory
[13:59] <jo___>  lilo
[13:59] <jo___> Fatal: Cannot open: /etc/lilo.conf
[13:59] <heath|work> lilo is not installed by default, looks like you will have to rebuild grub, are you in recovery?
[14:00] <jo___> no - hope not
[14:00] <jo___> how to test that?
[14:02] <mattt> jo___: is it a virtual machine by any chance?
[14:02] <jo___> no, its a real one (I hope)
[14:04] <heath|work> lol... i hope
[14:05] <mattt> jo___: yeah, not sure .. i'd expect grub to be installed, but it could be a xen virtual machine or something similar which doesn't need a boot loader
[14:31] <heath|work> any know the name of the third party mysql table type that replaces InnoDB tables?
[14:32] <Sam-I-Am> myisam?
[14:33] <Sam-I-Am> heap?
[14:33] <Sam-I-Am> google probably knows :)
[14:33] <Sam-I-Am> think it does bdb too...
[14:33] <heath|work> FOUND IT!! XtraDB
[14:34] <VK7HSE> beat me to it I was just about to paste "MyISAM" but I really don't know if that's the right answer!
[14:38] <Sam-I-Am> heh
[14:38] <Sam-I-Am> so many choices...
[14:45] <heath|work> should hostname and hostname -f show the same?
[14:45] <heath|work> the fqdn?
[14:48] <sandstrom_> I get an error when starting the firewall. How can I see what the message means? (ERROR: problem running init script)
[14:48] <didrocks> jdstrand: FYI, I sent the contributor agreement for "quickly". If you want to merge my branch for ufw as we discussed at UDS, the process seems easy (just ask jcastro)
[14:49] <sandstrom_> the firewall == UFW
[14:49] <jdstrand> didrocks: thanks. yeah, I will need a contributor agreement for ufw
[14:49] <bitprophet> heath|work: afaik, hostname prints the value of /etc/hostname, whereas hostname -f prints the FQDN as defined in /etc/hosts (for 127.0.1.1, first mapping)
[14:49] <didrocks> jdstrand: it seems that you have to be listed there: http://www.canonical.com/contributors
[14:49] <heath|work> right, but should I echo full.host.name >> /etc/hostname && /etc/init.d/hostname.sh start?
[14:50] <jdstrand> didrocks: it is:
[14:50] <jdstrand> Uncomplicated Firewall (ufw)
[14:50] <jdstrand> (about a third of the way down)
[14:51] <didrocks> jdstrand: oh yes. I was just looking for ufw ;) I can send it to you now, if you wish
[14:51] <heath|work> bitprophet, the reason I ask is because I tutorial I was reading through said they should match, but I have never done that
[14:51] <jdstrand> didrocks: that would be great. thanks for your patience :)
[14:53] <didrocks> jdstrand: no problem :) It's sent
[14:55]  * jdstrand nods
[15:20] <heath|work> man I love this stuff
[15:24] <sandstrom_> I get an error when running ufw enable (ERROR: problem running init script). How can I see what the message means?
[15:40] <jdstrand> sandstrom: if this is hardy, use '/etc/init.d/ufw 'stop|start'. if that isn't helpful enough, use 'sh -x /etc/init.d/ufw start|stop'
[15:41] <jmedina> good morning
[15:48] <sandstrom> jdstrand: thanks!
[16:02] <oioiii_> hi, I buld a kernel module against an installed kernel (not running) using 'make install BUILD_KERNEL=<kernel version>', works as expected, but after reboot module gets not loaded although being listed in /etc/modules, anyone?
[16:03] <oioiii_> ah, forgot: ubuntu 8.04 LTS server, module is Intel nic driver igb
[16:04] <oioiii_> the module is installed in /lib/modules/<kernel version>/kernel/drivers/net but not in /lib/modules/<kernel version>/ubuntu/net
[16:04] <oioiii_> anyone?
[16:06] <jmedina> oioiii_: can you load it by hand?
[16:06] <jmedina> is there any other driver load instead?
[16:08] <Sam-I-Am> jmedina: did you take a look at any of my PPA packages?
[16:08] <oioiii_> nope, after reboot with new kernel it gives me 'Could not load /lib/modules/<kernel version>/ubuntu/net/igb/igb.ko' although igb.ko is present in /lib/modules/<kernel version>/kernel/drivers/net/igb/ . Doing a rebuild with running kernel and modprobe igb works fine
[16:08] <oioiii_> But hitting the KVM each time is painful
[16:08] <jmedina> Sam-I-Am: not yet, I've been out of office all this days
[16:09] <Sam-I-Am> jmedina: mmmkay
[16:09] <Sam-I-Am> jmedina: almost done populating it with a whole suite of useful backports to hardy
[16:09] <oioiii_> jmedina: no other igb module presemt
[16:09] <jmedina> oioiii_: did you run depmod?
[16:10] <oioiii_> no, I thoutght depmod was for running kernel?
[16:10] <jmedina> nop
[16:10] <oioiii_> ok
[16:10] <Sam-I-Am> usually a kernel install with dpkg runs depmod for you :)
[16:10] <jmedina> you can use depmod -a 2.6.xx
[16:10] <oioiii_> aaah, I see
[16:10] <jmedina> that version shoud match with your kernel dir at /lib/modules
[16:11] <oioiii_> ok, I try (one second)...
[16:16] <jmedina> Sam-I-Am: could you please send me your ppa link to bookmark it
[16:18] <Sam-I-Am> jmedina: https://launchpad.net/~ionosphere80
[16:18] <Sam-I-Am> jmedina: they're all in there... there are PPA dependencies, so you'll have to check them.
[16:19] <jmedina> Sam-I-Am: what you mean with ppa dependencies?
[16:19] <oioiii_> jmedina: works! thanks a lot:-)
[16:19] <jmedina> oioiii_: good!!
[16:22] <Sam-I-Am> jmedina: for example... the samba ppa built against other ppas since i had to backport some libs
[16:22] <Sam-I-Am> jmedina: you'd just need to add the dependent ppas to sources.list as well
[16:22] <Knirgh> What's the best ftp server to start with? must be commandline
[16:22] <jmedina> Knirgh: pure-ftpd it works all by parameters
[16:23] <jmedina> :)
[16:23] <jmedina> or you can use debians wrapper and use a config file
[16:26] <jmedina> Sam-I-Am: so your packages are built agains svn or 2.4.16?
[16:28] <jmedina> I mean openldap packages
[16:29] <Sam-I-Am> jmedina: svn
[16:29] <Sam-I-Am> jmedina: since theres issues with 2.4.16
[16:35] <mattt> anyone here use xen?
[16:35] <jmedina> o/
[16:35] <jmedina> 3.2 in hardy server
[16:37] <bitprophet> 3.1 on 8.04 here
[16:37] <bitprophet> err sorry 7.10
[16:37]  * bitprophet just WISHES that server was on 8.04
[16:38] <ScottK> bitprophet: Well 7.10 is out of support, so you really ought to upgrade it.
[16:38] <bitprophet> no shit :)
[16:38] <ScottK> OK.  Just saying.
[16:38] <bitprophet> "ought to" does not, sadly, translate into "has time to"
[16:38] <bitprophet> I know, thanks :)
[16:38] <jmedina> well xen in 8.04 is not supported afaik, it is in universe
[16:38] <PhotoJim> perfectly fine to keep using it.  just unplug the ethernet connection. ;)
[16:38] <ScottK> I'm one to talk.  I still have a dapper desktop for the same reason.
[16:38] <bitprophet> jmedina: I was wondering about that since I heard of something along those lines. what changed with ubuntu's xen support post 7.10?
[16:39] <bitprophet> in terms of "can install and run it without having to compile from source", I guess.
[16:39] <jmedina> bit I dont know, I only use LTS versions for servers
[16:39] <jmedina> so I have tests tex in dapper and hardy
[16:39] <bitprophet> well, you said you're using 8.04, which is almost definitely what I will upgrade to when I do upgrade
[16:40] <bitprophet> it still installs fine? I thought some packages were removed entirely, like the kernels or something
[16:40] <jmedina> I only  use : apt-get install ubuntu-xen-server and that all
[16:41] <bitprophet> good to know, thanks
[16:41] <jmedina> I even run MS windows in HVM mode :)
[16:41] <bitprophet> you know I'm not sure I've ever actually upgraded a system in place before. almost always it's a super old system that I just backup/wipe/install. (or a VM which just gets retired/replaced by a newer one)
[16:41] <bitprophet> cool
[16:41] <bitprophet> we have a windows server for virtualizing that operating system, thankfully.
[16:43] <Fumoh> I use insmod to load a driver for my NIC, but it is not automatically loaded when I reboot... how can I get it to automatically load during boot?
[16:44] <bitprophet> add it to /etc/modprobe.d somewhere, I think
[16:45] <Fumoh> bitprophet: let me check there real fast.
[16:45] <bitprophet> actually, just /etc/modules looks like it'll do
[16:45] <bitprophet> "Kernel modules to load at boot time" :)
[16:45] <Fumoh> Great, let me try that out :)
[16:45] <bitprophet> all I really know is that /etc/mod* is what you want, ha.
[16:45] <bitprophet> good luck
[16:46] <b3nw> good morning, does anyone have any experience with the Dell RD1000 backup drive line? Either USB or Internal SATA and Ubuntu?
[16:46] <bitprophet> conversely, you can add stuff to /etc/modprobe.d/blacklist to _prevent_ it from loading. very useful to turn off pcspkr, in my experience
[16:47] <jmedina> wujuuuuuuuuuuuuuuuu
[17:11] <uvirtbot`> New bug: #394365 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: le sous-processus post-installation script a retourn? une erreur de sortie d'?tat 1" [Undecided,New] https://launchpad.net/bugs/394365
[17:23] <Fumoh> bitprophet: Yeah couldn't get it to work by modifying the modprobe.d stuff... I just created a startup script that runs the insmod command.  It's dirty, but it works!  Thanks for your help.
[17:28] <heath|work> how do you enable sieve for jaunty dovecot?
[17:29] <bitprophet> Fumoh: for that you could also just add it to /etc/rc.local, I think
[17:29] <bitprophet> you made another init.d script?
[17:36] <jmedina> Fumoh: shy use insmod instead of modprobe, modprobe will take care to load dependencies modules, provided you have run depmod
[17:50] <IRConan> anyone know a good way to prioritise network traffic on a ubuntu-server
[18:01] <jmedina> IRConan: yeap use tc
[18:01] <jmedina> I really like shorewall's way
[18:01] <jmedina> HTB for egress traffic, IFB for ingress traffic
[18:03] <NMR_1122> Do you put all of the sub-domains (wiki.example.com, mail.example.com, www.example.com, etc) in a single Bind9 Zone file, or create separate files for each sub-domain?
[18:05] <Sam-I-Am> NMR_1122: are those hosts or subdomains?
[18:05] <jmedina> same question...
[18:05] <Sam-I-Am> they look like hostsd
[18:05] <Sam-I-Am> s
[18:05] <jmedina> you declare subdomains with new NS records
[18:05] <jmedina> for hosts you use IN, CNAME..
[18:06] <NMR_1122> they should point to different IP addresses
[18:06] <NMR_1122> so i think hosts?
[18:06] <Sam-I-Am> they are hosts
[18:06] <jmedina> usually for both hosts and subdomains you use same zone file, unless you delegate that subdomain admin to someone else
[18:06] <Sam-I-Am> then they're in the example.com zone
[18:07] <IRConan> jmedina: tc?
[18:07] <jmedina> IRConan: yeap
[18:07] <jmedina> Traffic Shapping Tool
[18:07] <jmedina> part of iproute2
[18:07] <jmedina> NMR_1122: I always use this template file
[18:07] <jmedina> http://verde.e-compugraf.com/jm-confs/bind9/db.ejemplo.com.zone-SIMPLE.txt
[18:08] <NMR_1122> the comments are in spanish
[18:09] <jmedina> yeap
[18:09] <jmedina> if you want to know what they mean, read bind's ARM
[18:09] <jmedina> http://ws.edu.isoc.org/workshops/2008/cctld-ams/Documentation/bind-arm/Bv9ARM.html
[18:10] <NMR_1122> ok, Thanks!
[18:12] <IRConan> jmedina: got any good links for how to configure tc well?
[18:15] <jmedina> IRConan: I told you I like shorewalls features
[18:15] <jmedina> http://www.shorewall.net/traffic_shaping.htm
[18:15] <jmedina> it is not that easy
[18:15] <IRConan> "Do not attempt to install Shorewall on a remote system. You are virtually assured to lock yourself out of that system."
[18:15] <IRConan> hmm...
[18:15] <jmedina> you need to correctly understand how packet flows
[18:16] <jmedina> IRConan: what do you want to do?
[18:17] <IRConan> I haven't really worked out exactly which packets need prioritisation yet
[18:17] <jmedina> IRConan: you can start reading lartc.org
[18:18] <jmedina> Linux Advance Routing and Traffic Control
[18:18] <IRConan> cool... thanks for the info
[19:11] <heath|work> my mail server is named mail.company.local, but I have virt domains running on it. For the CA's do I need the Common Name to be mail.company.local?
[19:16] <jmedina> .local ??? what Exchange?
[19:18] <heath|work> it runs local email, but I would like to add virtual domains as well
[19:19] <heath|work> I can move it to a .com if I need to
[19:19] <heath|work> I'm just trying to avoid cert hostname mismatch errors
[19:20] <ScottK> Nothing can see it outside your network if it's on .local
[19:20] <jmedina> heath|work: for mail servers CN should match the hostname your mail clientes use
[19:20] <jmedina> in fact I have MTA rules that rejects mail from .local domains
[19:21] <jmedina> so for local use donesnt matter your FQDN
[19:21] <heath|work> so if the mail clients are using mail.company.com, then the cert should be the same
[19:21] <slangasek> kirkland: what kind of testing have you done with open-iscsi in jaunty/karmic, by chance?  Working with Etienne on bug #236640, he's apparently now running into a kernel oops when running isci_discovery :(
[19:21] <uvirtbot`> Launchpad bug 236640 in open-iscsi "iSCSI install fails under hardy" [High,In progress] https://launchpad.net/bugs/236640
[19:22] <heath|work> I was reading it as it must match the hostname
[19:22] <jmedina> heath|work: yeap
[19:22] <jmedina> and you have to import your CA cert into your mail clients
[19:22] <heath|work> but it's the name the clients will use... cool thanks for clearing that up
[19:22] <heath|work> yeah... thanks jmedina
[19:23] <jmedina> I would rename your domain if you plan to use this mail system outside your local network
[19:23] <kirkland> slangasek: i did some testing in early jaunty, dec/jan timeframe
[19:24] <kirkland> slangasek: as of the upload mathiaz and I made around then, we were able to auto mount an iscsi partition on boot, in a vm
[19:24]  * jmedina uses open-iscsi with ubuntu xen guests for live migration with jaunty iscsi target
[19:24] <kirkland> slangasek: as long as that partition wasn't / or /usr, i think
[19:24] <kirkland> slangasek: that, we had working well as of that upload
[19:24] <kirkland> slangasek: we were using iscsi-target for our testing
[19:26] <slangasek> kirkland: ok
[19:27] <slangasek> so the kernel oops may be a karmic regression
[19:27] <slangasek> hopefully jaunty wasn't like that
[19:28] <kirkland> slangasek: yeah, i didn't see that in jaunty
[19:28] <slangasek> you also said you only tested early in jaunty
[19:28] <slangasek> so the kernel might've changed before release
[19:29] <slangasek> well - the kernel /did/ change before release, but maybe it changed in a way that broke :)
[19:29] <kirkland> slangasek: heh, that's totally true
[19:54] <RoAkSoAx> soren, are you working on cobbler ?
[19:54] <soren> RoAkSoAx: No.
[19:54] <RoAkSoAx> soren, are you gonna package it for karmic?
[19:54] <soren> RoAkSoAx: No.
[19:54] <soren> RoAkSoAx: I want to, I just don't have the time.
[19:55] <RoAkSoAx> soren, ok thanks. I'll try to work on it then :)
[20:06] <jpds> soren: too many phone call meetings? :)
[20:12] <heath|work> can I grep through every file in a dir looking for foo?
[20:13] <heath|work> nevermind that was easy
[20:23] <Nafallo> jpds: soren needs clones. that's his only way to win the mdraid by default crack he's on :-P
[20:30] <henkjan> Nafallo: can i anywhere vote for that?
[20:31] <Nafallo> henkjan: no idea. but it won't happen :-)
[20:33] <henkjan> do default install on a broken raid 1?
[20:36] <Nafallo> henkjan: install every system with software raid1 by default. if there is one disk found, leave it degraded by default.
[20:36] <Nafallo> (as I've understood it)
[20:37] <Nafallo> anyway. nvm. it was a troll to begin with from my part :-P
[20:37] <Nafallo> (obviously)
[20:48] <ajmitch> Nafallo: yes, because we know that soren is not really human, right?
[20:49] <Nafallo> ajmitch: of course. a guy that walks up to the bar, get notified it's last call and walks away with 10 beers is not my definition of normal :-)
[20:49] <ajmitch> haha
[21:43] <bc> would anyone know if the default mail set up for amavis, pyzor, etc, communicates with cloudmark.com? I'm seeing strange traffice two and from there every minute or so.
[21:45] <bc> netcat to the IP on the port of 2703 only produces this a string like this -> sn=C&srl=11088&a=1&a=cg&ep4=7542-10
[21:46] <bc> nevermind, found the answer: http://www.google.com/search?q=sn%3DC+cloudmark