| === Guest46165 is now known as nandemonai | ||
| pwnguin | https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-patch | 00:47 |
|---|---|---|
| pwnguin | is this new? or simply never used? | 00:47 |
| KillMeNow | no idea, first i heard of it | 00:48 |
| KillMeNow | archives are empty so apparently nothing has ever gone out on it | 00:49 |
| pwnguin | im writing out some linux patching policies for work | 00:49 |
| pwnguin | already did the rhel doc | 00:49 |
| pwnguin | now im working on Ubuntu | 00:49 |
| KillMeNow | sounds like too much fun | 00:50 |
| pwnguin | meh, it's interesting | 00:50 |
| pwnguin | beats dealing with users | 00:50 |
| KillMeNow | heh | 00:50 |
| KillMeNow | suppose so | 00:50 |
| pwnguin | looking for a comparable way to email security patch alerts | 00:51 |
| KillMeNow | course, at this point in time, i would be happy to work with users as i'm unemployed at the moment | 00:51 |
| pwnguin | ideally, just the packages we have installed | 00:51 |
| pwnguin | but it kinda looks like traffic on security announce is light | 00:51 |
| KillMeNow | i would say take a look at debian | 00:52 |
| KillMeNow | since Ubuntu mainly gets it's packages from Debian | 00:52 |
| pwnguin | right... | 00:52 |
| KillMeNow | if something needs to be patched @ debian, Ubuntu is likely to follow shortly | 00:52 |
| pwnguin | https://lists.ubuntu.com/archives/ubuntu-security-announce/ | 00:52 |
| pwnguin | there's also a website / rss feed | 00:53 |
| pwnguin | but i was wondering whether there was something installable | 00:53 |
| ice|work | i got a "minor" problem, if anyone have encountered this and know how to fix it please msg me | 00:53 |
| ice|work | iceonnet@homeserver:~$ sudo visudo | 00:53 |
| ice|work | iceonnet is not in the sudoers file. This incident will be reported. | 00:53 |
| pwnguin | like a trigger to apt-get or cron job | 00:53 |
| === ice|work is now known as iceonnet | ||
| pwnguin | ice|work: are you in the sudoers file? | 00:54 |
| iceonnet | no i saved it | 00:54 |
| iceonnet | and exited | 00:54 |
| pwnguin | err | 00:54 |
| iceonnet | kinda sqrewed it up i guess | 00:54 |
| pwnguin | ice|work: is your user in the sudoers file? | 00:54 |
| KillMeNow | yea, so the message is pretty clear Iceonnet | 00:54 |
| iceonnet | pwnguin: no, that is what i realized when i was done and got the message | 00:54 |
| iceonnet | KillMeNow, yeah it is | 00:54 |
| KillMeNow | it means that the username iceonnet isn't in the sudores file or it doesn't have permissions | 00:55 |
| iceonnet | i did add this, | 00:55 |
| iceonnet | apache ALL=NOPASSWD:/usr/sbin/useradd, \ | 00:55 |
| iceonnet | /bin/mkdir, /bin/ln, /bin/chown | 00:55 |
| iceonnet | tho apache doesn't have any passwd | 00:55 |
| KillMeNow | yea, and the command you gave it was sudo visudo | 00:56 |
| pwnguin | KillMeNow: actually, i think something like apticron would suffice | 00:56 |
| pwnguin | !info apticron | 00:56 |
| ubottu | apticron (source: apticron): simple tool to mail about pending package updates. In component universe, is extra. Version 1.1.28 (jaunty), package size 14 kB, installed size 112 kB | 00:56 |
| KillMeNow | hey pwnguin, that looks like a good solution | 00:56 |
| pwnguin | yea, i was hoping people in here would know more than i could find with apt-cache search :P | 00:57 |
| KillMeNow | at least then you would have some type of an idea when something is coming up... however will it cover your security patch issue? | 00:57 |
| pwnguin | well, im comfortable with canonical's turnaround time | 00:57 |
| KillMeNow | yea, they are pretty quick usually | 00:57 |
| pwnguin | as long as i mandate that -security is in soruces.list, we'll be fine I think | 00:58 |
| KillMeNow | iceonnet.. you added the sudo rights of /bin/mkdir /bin/ln /bin/chown and /usr/sbin/useradd | 00:58 |
| iceonnet | yeah its for a apache project | 00:59 |
| KillMeNow | yea, but for the user iceonnet doesn't have /usr/sbin/visudo rights | 00:59 |
| KillMeNow | follow? | 01:00 |
| iceonnet | yup | 01:00 |
| KillMeNow | at least that's what i'm guessing from what you said you added | 01:00 |
| KillMeNow | so add /usr/sbin/visudo for iceonnet in the sudoers file | 01:01 |
| iceonnet | well i can't access the visudo file since i removed admin group rights for sudo | 01:01 |
| iceonnet | i guess i just should reinstall the whole thing | 01:02 |
| KillMeNow | do you have root? | 01:02 |
| iceonnet | root isn't set up from a fresh install is it? | 01:02 |
| KillMeNow | not usually | 01:02 |
| KillMeNow | usually the initial username you create during install has sudo su rights | 01:03 |
| iceonnet | yeah | 01:03 |
| KillMeNow | so you can get to root | 01:03 |
| KillMeNow | but some ppl enable root after the fact | 01:03 |
| iceonnet | how do i enable it? just f.ex do passwd root | set password? | 01:03 |
| KillMeNow | if you didn't do this, and then changed the sudoers file, then yea i can't think of any workaround off the top of my head | 01:04 |
| KillMeNow | lemme think about it for a second | 01:04 |
| KillMeNow | try this... sudo passwd root | 01:05 |
| KillMeNow | if you can change the password, log out and then try logging in as root | 01:05 |
| iceonnet | ok | 01:06 |
| KillMeNow | if you can log in as root, you're saved from a reinstall | 01:06 |
| iceonnet | iceonnet@homeserver:~$ sudo passwd root | 01:06 |
| iceonnet | [sudo] password for iceonnet: | 01:06 |
| iceonnet | iceonnet is not in the sudoers file. This incident will be reported. | 01:06 |
| iceonnet | so i guess reinstall is the next stem | 01:06 |
| iceonnet | *step | 01:06 |
| KillMeNow | hate to say it, yea | 01:08 |
| KillMeNow | think that's the case | 01:08 |
| erichammond | iceonnet: Since apache has "sudo ln" access you might be able to save a copy of /etc/passwd, edit it, and then ln the copy over top of /etc/passwd. | 01:08 |
| erichammond | Not sure if the system checks the ownership of the file. | 01:08 |
| KillMeNow | well, how far in to this are you? | 01:08 |
| erichammond | Give root a password and then log in as root. | 01:09 |
| KillMeNow | if you just installed it and haven't done much to the system, i might just chuck it and start over | 01:09 |
| KillMeNow | otherwise, try Eric's suggestion | 01:09 |
| iceonnet | i just installed the server, apache, mysql, php and vsftpd, just done the basic setup | 01:09 |
| iceonnet | so i guess i just should start over, its about 15-20 mins of installing and setting it up again | 01:10 |
| KillMeNow | yea, that's what i would do | 01:10 |
| erichammond | If the system doesn't like a non-root-owned /etc/passwd, then you could overwrite any file which root runs regularly (after saving a clean copy). | 01:10 |
| KillMeNow | but i would also create a new account to use instead of the initial one you used | 01:10 |
| kees | pwnguin: it's not used yet | 01:10 |
| erichammond | my way is more fun :) | 01:10 |
| KillMeNow | heh | 01:11 |
| KillMeNow | HACKERY! :D | 01:11 |
| erichammond | but yeah, starting over and documenting or automating the correct setup steps is a good idea. | 01:11 |
| erichammond | In case it wasn't clear, I also believe that giving an account sudo access to random commands is almost the same as giving it root access. | 01:12 |
| iceonnet | about the root enabling, should i just do a passwd root, after the installation? | 01:15 |
| KillMeNow | if you want to enable root access via ssh | 01:15 |
| erichammond | I think an attacker could also get root with "useradd" and "chown". I'm still thinking about mkdir. | 01:15 |
| KillMeNow | i would recommend creating a new user besides the elevated user account at install | 01:16 |
| KillMeNow | then i would give that other user account whatever rights you were looking to do... you usually DON"T want to allow root login besides from superuser | 01:17 |
| KillMeNow | AFK for a few | 01:17 |
| neilv | any security-team people around? i was directed here. i have a DoS security bug against ubuntu's packaging apache that appears to be stuck in the process... | 01:20 |
| uvirtbot | New bug: #396813 in mysql-dfsg-5.0 (main) "karmic: file conflict when installing mysql" [Undecided,New] https://launchpad.net/bugs/396813 | 01:21 |
| neilv | https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/394350 | 01:28 |
| uvirtbot | Launchpad bug 394350 in apache2 "RLimitCPU has no effect in Apache" [Undecided,Incomplete] | 01:28 |
| fool_ | hey guys, i've turn ufw logging to full, grep all of /var/log but found no trace of ufw log. what should i do ? | 01:39 |
| KillMeNow | i've never used the Ubuntu Firewall as a frontend, i've always used IPKungfu | 01:43 |
| KillMeNow | try sudo ufw logging on | 01:44 |
| pmatulis | KillMeNow: that's pretty funny | 01:44 |
| KillMeNow | why is that? | 01:44 |
| KillMeNow | yes i know that they are both front ends for iptables | 01:44 |
| pmatulis | KillMeNow: the name (IPKungfu) | 01:44 |
| KillMeNow | ooh | 01:45 |
| KillMeNow | yea, i've used it since like 2001 | 01:45 |
| pmatulis | graphical? | 01:45 |
| KillMeNow | when i got tired of beating my head on the table trying to get IPtables done right | 01:45 |
| KillMeNow | no, it's all cmd line | 01:45 |
| KillMeNow | it has several config files | 01:45 |
| pmatulis | ok | 01:45 |
| pmatulis | yeah, iptables is the dog's breakfast | 01:45 |
| KillMeNow | www.linuxkungfu.org | 01:46 |
| KillMeNow | plus the guy who wrote it is hella nice | 01:46 |
| pmatulis | that helps | 01:47 |
| fool_ | KillMeNow: i tried ufw logging full | 01:47 |
| ruben23 | hi | 01:47 |
| ruben23 | how do i disable the ubuntu server firewall...? | 01:47 |
| KillMeNow | yea, talked to him here on freenode in #ipkungfu | 01:48 |
| pmatulis | come on guys, '$ man ufw' | 01:48 |
| ruben23 | is it builtin installed on the fresh ubuntu installed..? | 01:48 |
| KillMeNow | yea, man ufw shows 'ufw logging on | off | 01:48 |
| pmatulis | yes, ufw is installed by default | 01:48 |
| fool_ | pmatulis: i did | 01:49 |
| pmatulis | well it says on the first few lines: ufw disable | 01:49 |
| pmatulis | sorry, mixing you guys up | 01:50 |
| pmatulis | that was for ruben23 | 01:50 |
| fool_ | # ufw logging on | 01:50 |
| fool_ | Logging enabled | 01:50 |
| KillMeNow | oh hahahhaa... yea 2 ppl here talking about UFW | 01:50 |
| ruben23 | how about already installed openssh but getting network refuse when ssh on the ubuntu server | 01:50 |
| fool_ | ufw status | 01:50 |
| fool_ | Status: active | 01:50 |
| fool_ | To Action From | 01:50 |
| fool_ | -- ------ ---- | 01:50 |
| fool_ | 22 ALLOW Anywhere | 01:50 |
| fool_ | it's active | 01:51 |
| fool_ | it's running | 01:51 |
| fool_ | but i can't find any log anywhere | 01:51 |
| fool_ | lol | 01:51 |
| pmatulis | fool_: looks good but i would disable ufw and then test ssh | 01:51 |
| fool_ | pmatulis: ssh's working | 01:51 |
| pmatulis | fool_: so what's the problem? | 01:52 |
| fool_ | pmatulis: no log anywhere | 01:52 |
| KillMeNow | he's looking for the physical log file in /var/log | 01:52 |
| KillMeNow | it doesn't show allowed connections i think | 01:52 |
| fool_ | pmatulis: when i turned on ufw aptitude couldn't work, and when i tried to look for logs i couldn't find any | 01:52 |
| KillMeNow | only connections rejected correct pmatulis? | 01:52 |
| ruben23 | how about me, ssh not working--> i got network refuse error | 01:53 |
| fool_ | KillMeNow: i turned on full logging and still no log | 01:53 |
| pmatulis | fool_: calm down | 01:53 |
| KillMeNow | hrm... ruben23 | 01:53 |
| KillMeNow | disable ufw and try ssh again | 01:53 |
| ruben23 | i just type command ufw logging off.. | 01:54 |
| fool_ | pmatulis: oh my bad | 01:54 |
| KillMeNow | if you've flushed your iptables and you still can't connect to ssh, is your box behind a firewall and is the firewall forwarding port 22? | 01:54 |
| KillMeNow | ruben type in ufw disable | 01:54 |
| ruben23 | ok | 01:54 |
| KillMeNow | that should turn off the firewall | 01:54 |
| KillMeNow | then try to connect to ssh port 22 | 01:55 |
| KillMeNow | if it works, viola | 01:55 |
| pmatulis | fool_: are you good now? | 01:55 |
| KillMeNow | you need to add the rule in to ufw | 01:55 |
| fool_ | pmatulis: no | 01:55 |
| KillMeNow | have you read the man page for ufw ruben? | 01:55 |
| fool_ | pmatulis: when i turned on ufw aptitude couldn't work, and when i tried to look for logs i couldn't find any <<< | 01:55 |
| fool_ | so i'm stuck on those 2 problems | 01:55 |
| pmatulis | fool_: '$ sudo ufw logging high' | 01:56 |
| pmatulis | fool_: that will give you a 'high' level of logging | 01:56 |
| fool_ | pmatulis: i tried with full w/o any luck | 01:56 |
| pmatulis | fool_: then '$ tail -f /var/log/kern.log' | 01:56 |
| ruben23 | <KillMeNow> no luck---->still getting network refuse | 01:57 |
| pmatulis | ruben23: is ufw disabled? | 01:57 |
| ruben23 | yes | 01:57 |
| ruben23 | disable now | 01:57 |
| pmatulis | ruben23: did you flush your iptables rules? | 01:57 |
| ruben23 | i just disable | 01:58 |
| pmatulis | '$ sudo iptables -F' IIRC | 01:58 |
| ruben23 | no flush | 01:58 |
| pmatulis | please do | 01:58 |
| KillMeNow | iptables --flush | 01:58 |
| fool_ | pmatulis: nothing | 01:58 |
| KillMeNow | oh yea, sudo iptables --flush | 01:58 |
| KillMeNow | then you can type in iptables --list | 01:58 |
| KillMeNow | that should show you all your iptables rules | 01:58 |
| KillMeNow | you shouldn't see any | 01:58 |
| ruben23 | ok in aminute | 01:59 |
| fool_ | pmatulis: i'm looking at syslog/kern.log/messages/dmesg and it shows up nowhere | 01:59 |
| KillMeNow | hey fool_ have you checked in /var/log/messages for any ufw messages? | 01:59 |
| KillMeNow | i'm reading a forum post on ubuntuforums and someone posted that it may be logging in messages | 01:59 |
| fool_ | pmatulis: i'm looking at syslog/kern.log/messages/dmesg and it shows up nowhere << KillMeNow | 02:00 |
| KillMeNow | try sudo cat /var/log/messages | grep -i ufw | 02:00 |
| pmatulis | fool_: and what do you expect to see there? is it blocking stuff? | 02:01 |
| fool_ | pmatulis: there is nothing, no messages | 02:01 |
| fool_ | lol | 02:01 |
| fool_ | say if it's blocking aptitude or something at least there'd be some messages | 02:01 |
| fool_ | but there's nothing | 02:02 |
| fool_ | :/ | 02:02 |
| pmatulis | fool_: why do you think it's blocking aptitude, that makes no sense | 02:02 |
| KillMeNow | does aptitude work now with firewall rules in? | 02:02 |
| pmatulis | fool_: AFAIK, ufw blocks incoming only | 02:02 |
| KillMeNow | if now, disable it and then flush your iptables | 02:02 |
| fool_ | pmatulis: because aptitude works when i disabled ufw and doenst when i enable it | 02:02 |
| KillMeNow | yea, another reason i used IPkungfu | 02:02 |
| pmatulis | very strange | 02:03 |
| KillMeNow | ok, that would make some type of sense... check your rules... did you block a outbound port range? | 02:03 |
| fool_ | pmatulis: yep, that's why i'm hear for help | 02:03 |
| fool_ | lol | 02:03 |
| pmatulis | fool_: did you confirm that there are no other rules active? | 02:03 |
| fool_ | pmatulis: nope | 02:03 |
| fool_ | unless ufw status lie to me | 02:03 |
| ruben23 | guys | 02:04 |
| pmatulis | '$ sudo iptables -L -n' | 02:04 |
| ruben23 | still cant login through ssh | 02:04 |
| ruben23 | network refuse | 02:04 |
| KillMeNow | ok, is the ssh service running? | 02:04 |
| pmatulis | ruben23: so you flushed the rules or not (i'm getting tired) | 02:04 |
| KillMeNow | check your services | 02:04 |
| KillMeNow | sudo netstat -nap | more | 02:04 |
| ruben23 | but when /etc/init.d/ssh restart ------> got this no such file directory | 02:05 |
| KillMeNow | check to see if the ssh daemon is listening to port 22 | 02:05 |
| ruben23 | done already as youve said | 02:05 |
| ruben23 | all done | 02:05 |
| pmatulis | ruben23: guess sshd is not listening then | 02:05 |
| KillMeNow | well, then it sounds like you don't have sshd installed | 02:05 |
| KillMeNow | apt-get install sshd | 02:05 |
| pmatulis | KillMeNow: no | 02:05 |
| KillMeNow | no? | 02:05 |
| pmatulis | package is 'openssh-server' | 02:05 |
| KillMeNow | ooh yea | 02:05 |
| KillMeNow | woulda figured that out soon enough | 02:06 |
| pmatulis | ruben23: did you install this package? | 02:06 |
| ruben23 | doing it now apt-get install openssh-server | 02:06 |
| * pmatulis packs up | 02:07 | |
| ruben23 | ow..this is a fresh install ubuntu... | 02:07 |
| ruben23 | do i need to enable something on the sources list..? | 02:07 |
| ruben23 | before i can do apt-get install packages | 02:07 |
| fool_ | man | 02:08 |
| fool_ | he's gone | 02:08 |
| KillMeNow | you might, but it wasn't broken after i installed ubuntu | 02:08 |
| fool_ | http://pastebin.ca/1487592 << here's the pastebin if anyone care tolook | 02:09 |
| KillMeNow | looking | 02:09 |
| KillMeNow | i'm not sure why you are accept UDP for port 22 and 80 | 02:10 |
| fool_ | uhm that's irrelevant to my problem isn't it ? | 02:11 |
| KillMeNow | yep | 02:11 |
| KillMeNow | most likely | 02:11 |
| KillMeNow | just saying | 02:11 |
| fool_ | well i just enable the ports so it doesn't matter udp or tcp | 02:12 |
| fool_ | unless there's a good reason i should specify | 02:12 |
| KillMeNow | just thinking of flooding maybe... | 02:13 |
| KillMeNow | course it really doesn't matter since there is no udp socket for port 22 | 02:13 |
| KillMeNow | or port 80 | 02:13 |
| ruben23 | guys ssh-server is installed | 02:13 |
| kees | bug 394350 | 02:13 |
| uvirtbot | Launchpad bug 394350 in apache2 "RLimitCPU has no effect in Apache" [Undecided,Invalid] https://launchpad.net/bugs/394350 | 02:13 |
| ruben23 | on the ubuntu server | 02:13 |
| fool_ | KillMeNow: yeah so what should i do about aptitude and no logging problem ? | 02:14 |
| KillMeNow | damn peculiar | 02:14 |
| KillMeNow | your output chain looks ok | 02:14 |
| KillMeNow | and aptitude is all out bound | 02:15 |
| fool_ | lol uh huh | 02:15 |
| fool_ | that's what puzzled me too | 02:15 |
| fool_ | i thought my isp pulled my leg for a min or something | 02:15 |
| KillMeNow | it makes no sense | 02:15 |
| fool_ | then i realized i just turned ufw on | 02:15 |
| ajmitch | kees: only thing I can think of on that one is that the kernel does some of the enforcing, and I saw something on the kernel list a couple of months ago about fixing it | 02:16 |
| KillMeNow | my suggestion, try using ipkungfu | 02:16 |
| KillMeNow | it's hella easy to install and the config files are very self explanatory | 02:16 |
| KillMeNow | what version you running? | 02:16 |
| KillMeNow | latest? | 02:16 |
| fool_ | yes | 02:17 |
| fool_ | jaunty | 02:17 |
| KillMeNow | ok ruben, start it and try to connect to ssh | 02:17 |
| ruben23 | yeah.. | 02:18 |
| ruben23 | still no succes | 02:18 |
| KillMeNow | did it work? | 02:18 |
| ruben23 | no still | 02:18 |
| KillMeNow | leave the firewall turned off | 02:18 |
| ruben23 | i got no such fiel or directory | 02:18 |
| KillMeNow | make sure openssh-server is started | 02:18 |
| kees | ajmitch: nah, it behaved correctly for me on hardy | 02:18 |
| KillMeNow | sudo /etc/init.d/ssh status <--type this in ruben | 02:19 |
| KillMeNow | all i can say is that i can't see really anything broken by your UFW rules fool_ | 02:19 |
| fool_ | KillMeNow: i don't either | 02:20 |
| fool_ | lol | 02:20 |
| fool_ | but things are borken | 02:20 |
| fool_ | brb | 02:20 |
| jmarsden | fool_: Turn on logging and see what gets logged by your UFW rules. | 02:20 |
| KillMeNow | LOL... he has | 02:20 |
| KillMeNow | it's not logging either | 02:20 |
| jmarsden | Then if nothing is logged, it isn't UFW/iptables doing the breaking... | 02:20 |
| KillMeNow | getting nothing in either /var/log/messages | 02:21 |
| KillMeNow | well it works when we turn UFW off | 02:21 |
| jmarsden | Very strange... did you paste the iptables ruleset from when it is turned on somewhere... I just got home from work, have not scrolled back very far... | 02:22 |
| KillMeNow | yea here: http://pastebin.ca/1487592 | 02:22 |
| KillMeNow | nothing in the ruleset that i can tell is limiting the outbound connections | 02:22 |
| KillMeNow | inbound looks ok as well | 02:22 |
| ajmitch | kees: maybe there some some updates which have fixed it, very hard to say for sure :) | 02:24 |
| jmarsden | KillMeNow: Yes, that looks pretty boring... does netstat -ntlp show sshd on port 22? | 02:24 |
| fool_ | jmarsden: ssh is working | 02:25 |
| KillMeNow | i think jmarsden is looking at Ruben23's sshd issue | 02:25 |
| fool_ | oh my bad | 02:25 |
| KillMeNow | two firewall types of rule problems jmarsden... ruben23 and fool_ | 02:25 |
| jmarsden | Oh, I may be confusing the two... OK. | 02:26 |
| KillMeNow | ruben23 is that he didn't have openssh-server installed | 02:26 |
| kees | ajmitch: did it not work for you at some point? | 02:26 |
| jmarsden | So for fool_ when UFW is enabled what exactly breaks -- what is the symptom? | 02:26 |
| KillMeNow | fool_ has all that working, but when IPTables is turned ON - aptitude fails | 02:26 |
| ajmitch | kees: I haven't tried it, but it's something that I should use | 02:27 |
| ajmitch | I just saw the bug earlier & did a little checking since I'd touched apache2 recently | 02:27 |
| jmarsden | KillMeNow/fool_: Does FTP to other sites work with UFW enabled? Does HTTP to other sites work with UFW enabled? | 02:27 |
| fool_ | jmarsden: one sec let me try wget something | 02:28 |
| KillMeNow | sorry, i'm doing about 40 different things at the moment | 02:29 |
| KillMeNow | trying to reimage my wife's laptop from WDS, back up my Ubuntu box for update and watch this too LOL | 02:29 |
| jmarsden | fool_: It might also be good to try ftp to the site you are using in sources.list for apt/aptitude, using wget or a conventional ftp client such as lftp | 02:29 |
| fool_ | jmarsden: ufw on, wget doesn't work | 02:29 |
| jmarsden | fool_: for http, or for ftp, or for both? | 02:30 |
| fool_ | jmarsden: for http | 02:30 |
| fool_ | let me try ftp | 02:30 |
| jmarsden | fool_: OK. Are you set up to use any kind of proxy server, for FTP or for HTTP? Anything like squid or some more proprietary software or hardware "in the way"? | 02:32 |
| fool_ | jmarsden: nope | 02:32 |
| fool_ | say if i do this wget http://mirror.mcs.anl.gov/pub/ubuntu-iso/DVDs/ubuntu/hardy/release/ubuntu-8.04.1-dvd-i386.iso | 02:33 |
| fool_ | then disable ufw | 02:33 |
| fool_ | it'll run | 02:33 |
| fool_ | then enable ufw | 02:33 |
| fool_ | it'll stop | 02:33 |
| fool_ | and so on and so forth | 02:33 |
| fool_ | lol | 02:33 |
| fool_ | no squid no proxy no cache | 02:33 |
| fool_ | i'm on a vps if that changes anything | 02:34 |
| fool_ | kernel 2.6.18-128.1.1.el5.028stab062.3 | 02:34 |
| jmarsden | Do you control the whole physical machine -- or are you renting the VPS from a provider? | 02:34 |
| fool_ | i'm renting the vps | 02:35 |
| KillMeNow | ahhh | 02:35 |
| jmarsden | OK. So we don't really know what the provider does once packets leave your virtual machine... | 02:35 |
| fool_ | but it shouldn't matter should it ? | 02:35 |
| fool_ | since it's working when ufw is turned off ? | 02:35 |
| jmarsden | Well, it means we can't test or run tcpdump on the host OS instance, for example... | 02:35 |
| fool_ | so what should i do ? | 02:36 |
| jmarsden | Your pastebin of the ruleset does not seem to show UFW logging enabled -- are you *sure* it is enabled? | 02:36 |
| KillMeNow | we had him turn it off i think | 02:37 |
| KillMeNow | then disabled the ufw | 02:37 |
| fool_ | jmarsden: cat /etc/ufw/ufw.conf | 02:37 |
| fool_ | # /etc/ufw/ufw.conf | 02:37 |
| fool_ | # | 02:37 |
| fool_ | # set to yes to start on boot | 02:37 |
| fool_ | ENABLED=yes | 02:37 |
| fool_ | # set to one of 'off', 'low', 'medium', 'high' | 02:37 |
| fool_ | LOGLEVEL=full | 02:37 |
| jmarsden | Try sudo ufw logging on and then test again? | 02:37 |
| fool_ | i've been doing tail -f on syslog/kernlog/messages/dmesg since the beginning | 02:39 |
| fool_ | lol | 02:39 |
| fool_ | nothing comes up | 02:39 |
| fool_ | weird as heck :/ | 02:39 |
| jmarsden | No.... sudo ufw logging on # and then grep "UFW BLOCK" /var/log/* | 02:40 |
| fool_ | nothing | 02:41 |
| jmarsden | OK. You did a wget or whatever after enabling the logging, right? Anwyay, I need to go, unfortunately (to eat and then out to play guitar)... back in ~2 hours or so I expect. Hopefully you'll have found and fixed it before that! | 02:42 |
| fool_ | yes | 02:43 |
| fool_ | it's werid as hell | 02:43 |
| KillMeNow | gah, sometimes i really hate M$ crap | 02:43 |
| jmarsden | OK... definitely weird... When you find the asnwer say so here... I'll log the channel so I find out what the answer was :) | 02:44 |
| KillMeNow | i still think you should try ipkungfu | 02:44 |
| KillMeNow | see if that works for you | 02:44 |
| KillMeNow | mainly cause i like ipkungfu | 02:44 |
| fool_ | KillMeNow: this is not M$ crap | 02:45 |
| fool_ | KillMeNow: afaik this ufw is maintained by ubuntu devs | 02:45 |
| KillMeNow | no, i mean myself | 02:45 |
| KillMeNow | been fighting with M$ WDS all afternoon | 02:45 |
| fool_ | jmarsden: sure will , bon appetite | 02:45 |
| KillMeNow | microsofts windows deployment services | 02:45 |
| KillMeNow | it's a pita | 02:45 |
| KillMeNow | yeap... i'm sure UFW is maintained by ubuntu devs | 02:46 |
| KillMeNow | but it's just a frontend for doing IPtables | 02:46 |
| KillMeNow | i don't use UFW, but i also own the server mine is on | 02:46 |
| KillMeNow | but if you think it's UFW, you can install ipkungfu, configure it and see if the problem persists | 02:47 |
| KillMeNow | either way, i'm curious to know what the issue is as well | 02:47 |
| fool_ | haha if i have to get used to ipkungfu again then i might as well learn iptables | 02:49 |
| KillMeNow | it's pretty easy to use, but ok | 02:50 |
| KillMeNow | well it's time for me to go | 02:51 |
| KillMeNow | have a good one | 02:51 |
| jdstrand | fool_: some vps providers don't compile in all the necessary modules for ufw. See http://bazaar.launchpad.net/~jdstrand/ufw/trunk/annotate/head%3A/README | 03:02 |
| * jdstrand is just passing by... | 03:02 | |
| jmarsden | fool_: I'm on my way out the door, but your pastebin also lacks a bunch of rules regarding state RELATED that my UFW setup has... which coudl be highly relevant to your issue... | 03:05 |
| jmarsden | fool_: See http://pastebin.ubuntu.com/212336/ | 03:08 |
| MTecknology | How can I resize LVM partitions? | 03:39 |
| fool_ | it's werid as hell | 03:41 |
| fool_ | jdstrand: http://bazaar.launchpad.net/~jdstrand/ufw/trunk/annotate/headA/README gives me internal server error | 03:43 |
| fool_ | jmarsden: thanks | 03:43 |
| jdstrand | fool_: that is .../head%3A/... | 03:44 |
| fool_ | jdstrand: so addrtype, comment, hl, limit , multiport, recent and state are the only required modules right ? | 04:08 |
| === s_markow_ is now known as s_markow | ||
| nick125 | Other than the server guide, what's another good documentation source for Ubuntu Server-related things? | 05:25 |
| rags | I use an external smtp server to send/receive mail how to configure ubuntu to do the same?? I understand that postfix is the default MTA, should I use that or go for exim?? | 05:50 |
| nick125 | In Ubuntu's networking configuration file, is there a way to either specify that the default kernel route not be added or have it removed? | 05:52 |
| lamont | nick125: "default kernel route"? | 05:52 |
| lamont | do you mean default network route? | 05:53 |
| nick125 | lamont: For instance, if I add the IP address 192.168.1.1/24, it'll add a route from 192.168.1.0/24 to 0.0.0.0 | 05:53 |
| nick125 | Since my server will have two interfaces with IPs in the same subnet, it seems to get confused if both routes are there. | 05:54 |
| jmarsden | nick125: if the two interfaces are set static, then only at a gateway line to one of their declarations... and you should only get one default route. | 05:58 |
| jmarsden | Something like http://pastebin.ubuntu.com/212420/ | 05:58 |
| nick125 | jmarsden: On one interface, there is only one host that I need to communicate to, so on my current setup, I remove the default kernel route and replace it with 192.168.1.24/32 to 192.168.1.24/32. | 05:59 |
| jmarsden | ??? There is no such thing as a "kernel route". And routing from A to A is... pretty useless by definition, you are already *at* A so no need to route to it. Overall it sounds like you are trying to do something you do not fully understand... what are you trying to achieve? pastebin me a little ASCII art diagram, or something? | 06:02 |
| nick125 | sure, one second. | 06:02 |
| nick125 | http://pastebin.ubuntu.com/212427/ | 06:07 |
| nick125 | Sorry, my ASCII diagrams really suck....and that line there didn't break like it should've :( | 06:08 |
| nick125 | http://pastebin.ubuntu.com/212428/ | 06:09 |
| jmarsden | You want two different networks, both 192.168.1.x, connected to the same server, and route between them? The logical answer is don't do that, renumber one of them, or bridge them. | 06:09 |
| nick125 | The problem is that I _can't_ renumber one of them. | 06:10 |
| jmarsden | Then, as far as I know, you need a bridge, not a router to join them. | 06:10 |
| nick125 | Hmmm. | 06:11 |
| jmarsden | Worst case could you make one into 192.168.1.0/25 and the other into 192.168.1.128/25 so they are different? | 06:11 |
| nick125 | Here's the problem: I have a static IP block from my DSL provider, and the modem has a static IP from within the block... | 06:11 |
| nick125 | And they won't give the DSL modem a different IP unless I pay them $50. | 06:12 |
| nick125 | ($50 for another IP block for the DSL modem) | 06:12 |
| jmarsden | The usual approach is to put the "DSL modem" (which is usually a modem/router really) into bridge mode... | 06:12 |
| nick125 | Can't. My provider uses PPPoA. | 06:13 |
| nick125 | So, unless I find a supported USB modem or PCI modem, I'm screwed on that. | 06:13 |
| nick125 | I've asked and begged them to support PPPoE, and they refuse. | 06:14 |
| jmarsden | And you need all 254 IPs? for doing what? | 06:14 |
| ajmitch | there are definitely PPPoA DSL modems that do some form of bridging, I've got a cheap linksys one at home that does that | 06:15 |
| nick125 | Well, it's actually a /28...I made up some numbers :p | 06:15 |
| nick125 | ajmitch: The modem will do bridging, it's just that I can't actually do PPPoA on my server. | 06:15 |
| ajmitch | the modem does 'half-bridging' to use its term - it does the PPPoA | 06:16 |
| nick125 | ajmitch: Well...this modem has a half-bridging feature, it's just that....it doesn't work. | 06:16 |
| ajmitch | heh | 06:16 |
| nick125 | And the vendor doesn't plan on doing a firmware update | 06:16 |
| nick125 | even though there is a _major_ security bug in them that allows anyone to bypass the "password" security..... | 06:17 |
| nick125 | not to mention the bug where it resets the password every time the modem power cycles. | 06:17 |
| jmarsden | Time to buy a new ADSL modem/router ? | 06:17 |
| nick125 | Might not be a bad idea.....but most of them are really......awful. | 06:18 |
| jmarsden | Google for linux pppoa and you'll probably find forums where this is discussed, and pick one with lowest awfullness ?? | 06:18 |
| jmarsden | Or... write a PPPoA driver for Linux :) | 06:19 |
| jmarsden | There may actually be one already? | 06:19 |
| nick125 | You can't do PPPoA over Ethernet ;-) | 06:19 |
| nick125 | I spent hours and hours trying to figure it out before I realized that daunting fact | 06:21 |
| nick125 | I guess I could just drop the line to remove that pesky route into /etc/rc.local | 06:22 |
| jmarsden | Hey, if that works for you, and saves you $50... it's worth a try! | 06:23 |
| nick125 | I was hoping that there was a nicer way to do it, but I'm guessing I'm probably the only one with this screwed up setup :p | 06:24 |
| jmarsden | If you change the local LAN subnet to something else and do NAT on the server, does that not get you what you need? | 06:25 |
| nick125 | jmarsden: I'm already doing NAT....but I still need to assign public IPs to machines in the LAN :( | 06:26 |
| jmarsden | No, you assign all the public IPs to the one server interface on the ADSL modem side of things, and assign local IPs to each machine on the LAN... | 06:27 |
| jmarsden | Then do one to one NAT in the server. | 06:27 |
| nick125 | I've done 1:1 NAT before...but then you get into problems when you try to use the public IPs inside of the network | 06:28 |
| nick125 | So I end up having to setup a separate DNS server somewhere that points to the local IPs....so when I go to nick125.com, instead of getting the public IP, I'll get the local IP. | 06:29 |
| jmarsden | Yes, you probably would... local DNS server can be on your server (the one with 2 NICs) -- you already have that server, so use it... | 06:30 |
| nick125 | Maybe I should just redesign my network to not be so....quirky. | 06:31 |
| jmarsden | Yes. I don't know if the NAT approach is really any cleaner than adding a line to rc.local... just trying to think up alternatives. | 06:31 |
| jmarsden | Or, if the $50 is a one time fee... just pay the $50 :) | 06:32 |
| nick125 | Well, it's $50 plus $1/month....on top of the $80USD I'm paying them a month. | 06:32 |
| jmarsden | OK... now compute what your time is worth redesigning the network and testing odd configurations etc etc... is it work $50 plus $1/month to you to avoid that headache? | 06:33 |
| nick125 | I'm not sure, especially considering that I might switch ISPs next month. | 06:33 |
| jmarsden | Well, if you can switch that easily... drop a line into rc.local for a month, and clean up once you switch ISPs :) | 06:34 |
| \sh | moins | 07:29 |
| uvirtbot | New bug: #393450 in samba (main) "[SRU] pam_winbind Use incorrect value for password expiry calculation" [Undecided,Fix committed] https://launchpad.net/bugs/393450 | 08:21 |
| _ruben | hm .. i thought there was a way to tell cron to not log to syslog only for certain cronjobs .. cant seem to find anything on it though :( | 08:29 |
| atomic__ | yeah, that's been bugging me too | 08:38 |
| atomic__ | you can send a script's output do /dev/null though :) | 08:38 |
| negge | that's what I do as well | 08:40 |
| _ruben | that has nothing to do with cron itself logging to syslog though :) | 08:40 |
| === hito_jp0 is now known as hito_jp | ||
| henkjan_ | i'm thinking about using etckeeper | 09:01 |
| henkjan_ | any good reason to use bzr and not the default git? | 09:01 |
| th0m | any news on the ssh remote exploit rumor . | 09:07 |
| th0m | ? | 09:07 |
| th0m | http://isc.sans.org/diary.html?storyid=6742 | 09:07 |
| === scfh_ is now known as scfh | ||
| socketbind | hi, i have installed ubuntu server 9.04 on a simple desktop machine to act as a file server. i seem to have a network card issue which im unable to fix | 10:53 |
| socketbind | in the middle of large file transfers the ethernet card silently fails. there are no kernel error messages and the machine does not freeze | 10:54 |
| socketbind | bringing down and up the ethernet interface fixes it | 10:54 |
| socketbind | i'm unable to fix it and need some help. it is using the via_rhine driver | 10:55 |
| pixlbox | does anyone know how to set up ftp access to authenticate via mysql, ive tried the vsftp and mysql tutorial on howtoforge but its not working | 11:23 |
| iceonnet | is this command correct? sudo /usr/sbin/useradd <username> -m -p <encrypted password> -s /bin/sh | 11:45 |
| _ruben | i'd put the username last as last parameter to be sure, looks fine otherwise | 11:47 |
| iceonnet | ok, let me try that | 11:47 |
| U2GB | look man useradd and man adduser | 11:48 |
| iceonnet | thank you very much, worked like a charm =) | 11:51 |
| iceonnet | is there any way to force a user to log out? | 11:53 |
| _ruben | kill all of its shells | 11:55 |
| iceonnet | to find the shells i write ps -x? | 11:57 |
| === dantalizh is now known as dantalizing | ||
| cjwatson | th0m: nothing concrete to my knowledge, just rumours | 13:33 |
| cjwatson | th0m: panicking's likely to be unhelpful | 13:33 |
| th0m | how could i find the process which sendmail ? | 13:46 |
| th0m | i'm cleaning a box, cant find the process spamming (think of apache, but cant find in the log) | 13:46 |
| th0m | is there a way to identify the process executing the sendmail cmde ? | 13:46 |
| hito_jp | th0m: I'm beginning to get the picture, please check your situations. 1) Are you in troubles that your server are spaming e-mails without your will? 2) Are you use some web-apps? or not? | 13:57 |
| cjwatson | replace the sendmail process with a shell wrapper that prints its parent process id ($PPID) to a log file and then execs the real sendmail | 13:58 |
| === andreas__ is now known as ahasenack | ||
| uvirtbot | New bug: #397054 in samba (main) "package samba-common 2:3.3.2-1ubuntu3.1 failed to install/upgrade: Unterprozess post-installation script gab den Fehlerwert 1 zur?ck" [Undecided,New] https://launchpad.net/bugs/397054 | 16:41 |
| ruben23____ | hi | 17:23 |
| ruben23____ | how do i check if openssh-server is installed on the ubuntu server | 17:24 |
| bitprophet | dpkg --list | grep openssh | 17:24 |
| bitprophet | (or grep openssh-server to be super specific, but I find a wider net is often more useful in case one has the package name wrong or made a typo) | 17:25 |
| wizardslovak | hello | 17:27 |
| wizardslovak | i need someone to help me set up apache and print server | 17:28 |
| wizardslovak | !print server | 17:28 |
| ubottu | Sorry, I don't know anything about print server | 17:28 |
| wizardslovak | 17:28 | |
| ubottu | Printing in Ubuntu is done with cups. See https://help.ubuntu.com/community/Printers - https://wiki.ubuntu.com/HardwareSupportComponentsPrinters - http://linuxprinting.org - Printer sharing: https://wiki.ubuntu.com/NetworkPrintingFromWindows | 17:28 |
| ruben23____ | <bitprophet>the output is ll client, an rlogin /rsh/rcp repla 1:4.7p1-8ubuntu 1.2 | 17:41 |
| ruben23____ | is my openssh server installed..? | 17:41 |
| ruben23_ | hi i do dpkg --list | grep openssh then -------------> ii open ssh - client ll client, an rlogin /rsh/rcp repla 1:4.7p1-8ubuntu 1.2 | 17:49 |
| ruben23_ | is my openssh server installed..? | 17:49 |
| bitprophet | ruben23_: nope, openssh-client is just the client stuff, you don't seem to have openssh-server | 17:51 |
| bitprophet | Unless the server package name changed drastically after 8.04 | 17:52 |
| ruben23_ | anyone have idea.. | 17:55 |
| bitprophet | can't you just aptitude install openssh-server ? | 17:56 |
| specto | sudo apt-get install openssh-server should work | 17:57 |
| ruben23_ | yes i already do that.. | 17:57 |
| ruben23_ | <specto> should i enable something first on my source.list | 17:58 |
| ruben23_ | this is a fresh install | 17:58 |
| specto | ruben23_: no, its on every installation | 17:59 |
| specto | ruben23_: even jeos | 17:59 |
| ruben23_ | <specto> i cant login through it | 17:59 |
| ruben23_ | remotely | 17:59 |
| specto | ruben23_: that could be other problems | 17:59 |
| specto | ruben23_: ps aux | grep ssh | 18:00 |
| ruben23_ | ssh is installed by default on ubuntu server | 18:00 |
| ruben23_ | ok | 18:00 |
| specto | ruben23_: sudo netstat -natp | grep sshd | 18:00 |
| ruben23_ | ok | 18:01 |
| specto | What does it say? | 18:01 |
| ruben23_ | in a minute got disconnected-need to reboot the server.. | 18:01 |
| ruben23_ | <specto>...? | 18:30 |
| ruben23_ | for my ps aux | grep ssh | 18:30 |
| ruben23_ | 4425 0.0 0.0 5164 800 tty1 s+ 22:42 <-------------------output | 18:31 |
| ruben23_ | netstat -natp | grep sshd | 18:31 |
| ruben23_ | i got emty output | 18:31 |
| ruben23_ | empty | 18:31 |
| alexm | ruben23_: what does this say? sudo lsof -i tcp:ssh | 18:32 |
| ruben23_ | ok | 18:33 |
| alexm | this is what is saying for me: | 18:34 |
| alexm | COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME | 18:34 |
| alexm | sshd 3225 root 3u IPv4 23143 TCP *:ssh (LISTEN) | 18:34 |
| alexm | sshd 3225 root 4u IPv6 23145 TCP *:ssh (LISTEN) | 18:34 |
| ruben23_ | <alexm> sorry getting hard to transfer im not on terninal | 18:35 |
| ruben23_ | writing the details on the server now | 18:35 |
| alexm | ok then, ruben23_ | 18:36 |
| alexm | just look for those LISTEN entries | 18:36 |
| alexm | are they on the lsof output? | 18:36 |
| specto | check if it is running 'ps aux | grep ssh | 18:37 |
| ruben23_ | ps aux | grep ssh------------------------>4425 0.0 0.0 5164 800 tty1 s+ 22:42 | 18:38 |
| ruben23_ | unknow protocol for lsof -i tcp:ssh | 18:39 |
| alexm | what about... sudo lsof -i tcp:22 | 18:40 |
| alexm | specto: i'd suggest to grep for sshd instead | 18:40 |
| alexm | as in ps aux | grep sshd | 18:40 |
| ruben23_ | maybe i guess need to reload the OS server itself | 18:44 |
| ruben23_ | again | 18:44 |
| nick125 | Good morning everyone | 18:45 |
| alexm | ruben23_: no, there's no need to reboot | 18:47 |
| alexm | is lsof -i tcp:22 giving you the same error? | 18:48 |
| cvw | Cheers | 19:17 |
| cvw | Got an issue with networking, our interfaces file is setup properly. when calling "ifup eth0" the interface is brought up properly. However, /etc/init.d/networking (re)start dose not bring the device up as expected. What could we be doing wrong here? | 19:18 |
| ruben23_ | hi guys | 19:47 |
| ruben23_ | i have install ubuntu server 8 | 19:47 |
| ruben23_ | during installation | 19:48 |
| ruben23_ | i was not prompt for network configuration | 19:48 |
| ruben23_ | directly goto hostname and partitioning | 19:48 |
| sommer | ruben23_: by default the installer uses dhcp | 19:48 |
| ruben23_ | ok | 19:48 |
| ruben23_ | on the partition side what would i best select..? | 19:49 |
| sommer | ruben23_: totally depends on what type of server it's going to be | 19:49 |
| ruben23_ | what is the default by it..? | 19:49 |
| ruben23_ | use entire disk | 19:50 |
| sommer | ruben23_: I don't know if there is a hard and fast default, but the most flexible IMHO is LVM entire disk, that is if you don't know exaclty how you want the layout up front | 19:50 |
| ruben23_ | ok | 19:52 |
| alexm | sommer: i usually set up /boot outside LVM, maybe for historical reasons, isn't non-lvm /boot needed anymore? | 19:53 |
| sommer | alexm: nope... at least I've never had a problem putting /boot on LVM | 19:54 |
| sommer | alexm: but I think the automated whole disk lvm will create a seperate /boot so you're probably right that's a safer way to go | 19:55 |
| Edwi1 | hi people | 19:55 |
| alexm | i'm sure i had problems with that in the past with this, so i was just wondering | 19:56 |
| alexm | s/ with this// | 19:56 |
| alexm | sommer: btw, i installed nagios3 and munin following the karmic serverguide and it worked wonders | 19:57 |
| alexm | i just missed a note explaining how to setup munin plugins (i found it in munin docs anyway) | 19:58 |
| Edwi1 | I have a problem installing virtualbox 3, it says that Ther is no enough space in /tmp while it tries to compile a kernel module for virtualbox, how can I change the space of /tmp ? (thanks in advance) | 19:58 |
| sommer | alexm: good to hear :) | 19:58 |
| ivoks | so, what's the deal now? | 19:59 |
| ivoks | we have to submmit bug reports for syncs from debian? :) | 19:59 |
| sommer | isn't that the procedure after debian freeze, or whatever the freeze is? | 19:59 |
| ivoks | https://wiki.ubuntu.com/DebianImportFreeze | 20:00 |
| ivoks | let's read... | 20:00 |
| ivoks | ok... i request a sync from debian :) | 20:01 |
| ivoks | any core dev around? :) | 20:01 |
| Edwi1 | sorry, I don't mentioned that I am using Ubuntu Server 8.04 LTS | 20:01 |
| alexm | Edwi1: is /tmp on lvm? | 20:02 |
| Edwi1 | alexm is /tmp | 20:02 |
| Edwi1 | but I don't see where can I define or resize it | 20:03 |
| alexm | Edwi1: what does df /tmp say? | 20:03 |
| Edwi1 | I was googling for a while and in some site says that it's chageable in /etc/fstab but I could not see anything abount /tmp or /tmpfs | 20:04 |
| alexm | Edwi1: please, can you tell what says df /tmp? | 20:05 |
| Edwi1 | alexm: df -h /tmp/ | 20:06 |
| Edwi1 | Filesystem Used Disp Usage% Mounted | 20:06 |
| Edwi1 | overflow 1.0M 1.0M 0 100% /tmp | 20:06 |
| alexm | overflow? it's the first time i see this | 20:07 |
| Edwi1 | alexm sorry if something is bad translated | 20:07 |
| Edwi1 | yeah, alexm... me too! :O | 20:07 |
| alexm | Edwi1: this is what i get | 20:08 |
| alexm | Filesystem 1K-blocks Used Available Use% Mounted on | 20:08 |
| alexm | /dev/mapper/tleilax-root | 20:08 |
| alexm | 20806268 16389232 3368460 83% / | 20:08 |
| alexm | and /dev/mapper/tleilax-root in that case means logical volume root in volume group tleilax | 20:09 |
| alexm | Edwi1: can you please run... grep /tmp /etc/fstab ? | 20:09 |
| Edwi1 | alexm how you could saw that information (what command) | 20:10 |
| Edwi1 | ok alexm wait a minute... | 20:10 |
| alexm | Edwi1: df /tmp | 20:10 |
| Edwi1 | alexm, grep /tmp /etc/fstab don't showed anything | 20:12 |
| ivoks | mount | grep /tmp | 20:13 |
| Edwi1 | df /tmp/ | 20:13 |
| Edwi1 | S.ficheros Bloques de 1K Usado Dispon Uso% Montado en | 20:13 |
| Edwi1 | overflow 1024 1024 0 100% /tmp | 20:13 |
| Edwi1 | sorry, it is spanish :$ | 20:14 |
| ivoks | i said | 20:14 |
| ivoks | mount | grep /tmp | 20:14 |
| ivoks | just copy paste | 20:14 |
| Edwi1 | ivoks: ~$ mount | grep /tmp | 20:15 |
| Edwi1 | overflow on /tmp type tmpfs (rw,size=1048576,mode=1777) | 20:15 |
| ivoks | so, tmpfs, of 1MB size | 20:15 |
| ivoks | what did that? | 20:16 |
| Edwi1 | yes ivoks, it seems... :-/ | 20:16 |
| Edwi1 | I don't know ivoks, this ubuntu server was installed for another person | 20:17 |
| alexm | but shouldn't it be an entry in fstab for /tmp? | 20:17 |
| ivoks | well, a script could do it | 20:18 |
| Edwi1 | I don'tknow if the problems regarding with virtualbox can get solved resizing that filesystem, and btw how can I change it... | 20:18 |
| alexm | tmpfs means that /tmp is in memory not disk | 20:19 |
| Edwi1 | alexm, unfortunately there is not any entry for /tmp in /etc/fstab :( | 20:19 |
| ivoks | you don't need to resize it | 20:19 |
| ivoks | just umount it :) | 20:19 |
| ivoks | copy the data before that | 20:19 |
| ivoks | maybe there's something valuable | 20:19 |
| Edwi1 | ivoks: really? | 20:19 |
| ivoks | yeah | 20:20 |
| ivoks | mkdir /var/tmp/tmp_tmp | 20:20 |
| ivoks | cp -a /tmp /var/tmp/tmp_tmp/ | 20:20 |
| ivoks | umount /tmp | 20:20 |
| alexm | ivoks: you're right, it's the best way | 20:20 |
| ivoks | and then copy it back | 20:20 |
| Edwi1 | actually there is other people having a session on it server, it server is running an instance of vnc-server | 20:21 |
| Edwi1 | I supose that they (remote people) will lost their session if I made that changes, right? | 20:22 |
| alexm | you could see if there's any file open in /tmp with ... sudo lsof /tmp | 20:22 |
| Edwi1 | alexm, it seems that smeone is using something... please check the output of lsof /tmp | 20:25 |
| Edwi1 | lsof /tmp/ | 20:25 |
| Edwi1 | lsof: WARNING: can't stat() fuse.gvfs-fuse-daemon file system /home/siget/.gvfs | 20:25 |
| Edwi1 | Output information may be incomplete. | 20:25 |
| Edwi1 | COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME | 20:25 |
| Edwi1 | seahorse- 31852 dataguard cwd DIR 0,21 860 11868 /tmp/ | 20:25 |
| alexm | it seems that dataguard has a gnome session on the server | 20:27 |
| alexm | either you tell him to logout for a while or that you'll kill his seahorse-agent | 20:27 |
| alexm | seahorse is the gnome app that deals with passwords and keys | 20:28 |
| ruben23_ | hi can proceed with the installation of ubuntu | 20:30 |
| ruben23_ | got error when formatting partion | 20:30 |
| ruben23_ | what would i do | 20:31 |
| ruben23_ | it stop responding and stay for long | 20:31 |
| Edwi1 | ah ok alexm... but currently I am logged in the server as dataguard | 20:33 |
| alexm | ruben23_: it could be a problem with the disk, what kind of error did you get? | 20:33 |
| Edwi1 | what could happen if I kill that process? | 20:33 |
| ruben23_ | it just freeze for long | 20:33 |
| ruben23_ | how do i reformat my entire disk | 20:34 |
| ruben23_ | might resolve the problem | 20:34 |
| alexm | Edwi1: if you just kill it as in "kill 31852" mot much, seahorse-agent is expected to end ok | 20:34 |
| Edwi1 | ruben23_: you can reformat the entire disk with a livecd | 20:35 |
| alexm | but you can logout, go to a console and then login, perform the copy as ivoks explained, umount /tmp, logout and log back in gnome | 20:35 |
| ruben23_ | <Edwi1>the ubuntu installer itself../ | 20:35 |
| ruben23_ | ? | 20:35 |
| alexm | ruben23_: you're using the ubuntu server installer or any other? | 20:37 |
| Edwi1 | thanks alexm, I'll kill such process... | 20:37 |
| alexm | Edwi1: just remember to logout and login back when finished with /tmp just in case you need seahorse-agent later | 20:38 |
| Edwi1 | I have done a copy of /tmp to /var/tmp/tmp_tmp | 20:39 |
| ruben23_ | ubuntu server 8 | 20:40 |
| Edwi1 | alexm, but in your opinion how much space has to have aUbuntu Server that is used only for backup data from using an application to do that? | 20:40 |
| Edwi1 | will be doing the problem the actual size of /tmp or tmpfs ?? | 20:41 |
| alexm | Edwi1: did umount /tmp work? | 20:42 |
| alexm | what does df /tmp say now? | 20:42 |
| ruben23_ | <alexm>...? | 20:42 |
| Edwi1 | I have did not the changes yet alexm :$ | 20:43 |
| alexm | ruben23_: to perform tests on the disk it'd be better to boot a live cd and run gparted, install smartmontools, etc. | 20:44 |
| Edwi1 | actually I have the irc from the server :-/ | 20:44 |
| Edwi1 | alexm, so I am thinking in just kill the process | 20:45 |
| alexm | ruben23_: otherwise, you should change to a console on the first step of the debian-installer booting from the ubuntu server and proceed from there on the command line | 20:45 |
| ruben23_ | ok | 20:45 |
| ruben23_ | then on the console | 20:45 |
| uvirtbot | New bug: #397143 in drbd8 (universe) "Please merge drbd8 2:8.3.2-1 (main) from Debian unstable" [Medium,Confirmed] https://launchpad.net/bugs/397143 | 20:46 |
| alexm | Edwi1: sure, i thought you had already killed it ;-) | 20:46 |
| Edwi1 | hooray!!! I killed the process and didn't happen ;) | 20:47 |
| Edwi1 | jajaja | 20:47 |
| ivoks | testdisk is the best tool for disks | 20:48 |
| Edwi1 | for mounting again the /tmp I just have to type: mount /tmp to get mounted ??? | 20:48 |
| ivoks | Edwi1: why would you do that at all? | 20:48 |
| ivoks | 1MB is not enough for /tmp | 20:48 |
| alexm | Edwi1: no, you'll be using /tmp from the / partition | 20:49 |
| ivoks | if you want to have /tmp in ram | 20:49 |
| ivoks | add something like this: | 20:49 |
| Edwi1 | sorry, actually /tmp doesn't have its partition, it dependes under / | 20:50 |
| ivoks | tmpfs /tmp tmpfs size=130000000 0 0 | 20:50 |
| Edwi1 | but, wait a minute friends... I can't umount /tmp it says "device is busy" | 20:51 |
| Edwi1 | lsof /tmp/ | 20:51 |
| Edwi1 | lsof: WARNING: can't stat() fuse.gvfs-fuse-daemon file system /home/siget/.gvfs | 20:51 |
| Edwi1 | Output information may be incomplete. | 20:51 |
| alexm | Edwi1: you'll have to logout | 20:53 |
| specto | Edwi1: you'll probably have to boot to another cd.... | 20:53 |
| Edwi1 | please, check this lsof output: | 20:53 |
| Edwi1 | umount /tmp/ | 20:53 |
| Edwi1 | umount: /tmp: dispositivo ocupado | 20:53 |
| Edwi1 | umount: /tmp: dispositivo ocupado | 20:53 |
| specto | !pastbin | 20:53 |
| ubottu | Sorry, I don't know anything about pastbin | 20:53 |
| specto | !pastebin | 20:53 |
| ubottu | pastebin is a service to post multiple-lined texts so you don't flood the channel. Ubuntu pastebin is at http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic | 20:53 |
| alexm | Edwi1: sorry, siget user should logout | 20:54 |
| alexm | or umount /home/siget/.gvfs | 20:54 |
| Edwi1 | "dispositivo ocupado" is similar to "device is busy" | 20:54 |
| Edwi1 | ok alexm, I will try with your last advice | 20:55 |
| Edwi1 | alexm, it says again "device is busy" | 20:56 |
| alexm | Edwi1: please, run sudo lsof /tmp | 20:57 |
| Sam-I-Am | or fuser /tmp | 20:57 |
| Edwi1 | alexm, losf command, now doesn't show anything | 20:58 |
| Edwi1 | Sam-I-Am: fuser /tmp don't show anything, too | 20:59 |
| alexm | Edwi1: now, try to sudo umount /tmp again | 20:59 |
| Edwi1 | alexm, /# umount /tmp/ | 21:00 |
| Edwi1 | umount: /tmp: dispositivo ocupado | 21:00 |
| Edwi1 | umount: /tmp: dispositivo ocupado | 21:00 |
| Edwi1 | alexm, remembering "dispositivo ocupado" is equal to "device is busy" | 21:01 |
| Edwi1 | :-/ | 21:01 |
| Sam-I-Am | lots of stuff writes into tmp | 21:01 |
| alexm | Edwi1: i know | 21:01 |
| Edwi1 | alexm :) | 21:01 |
| alexm | Edwi1: new approach... sudo ls -l /proc/*/fd|grep /tmp | 21:05 |
| Edwi1 | thanks alexm, I'll try that :) | 21:05 |
| Edwi1 | alexm, the output of last advice you gave me is in: http://paste.ubuntu.com/213115/ | 21:09 |
| alexm | so users dataguard and siget should logout from their sessions in order to umount /tmp | 21:10 |
| alexm | you could try to stop tracker et al. but it'll be a lot harder | 21:11 |
| Edwi1 | thanks alexm, but the easy way is killing the session for siget (a remote user connected) and I have to logout | 21:14 |
| Edwi1 | but if I had to do the hard way, how can I stop tracker ? | 21:15 |
| alexm | in preferences > startup applications there's a way to stop tracker | 21:18 |
| alexm | but you won't be able to do so for user siget | 21:18 |
| alexm | unless you kill all tracker processes on the system | 21:19 |
| Edwi1 | alexm, what you can recommend me to do for user "siget" | 21:19 |
| alexm | i'd try to ask him to logout first | 21:20 |
| Edwi1 | alexm, I called him by phone to his office but he is not there, so he gave permission to finish his session | 21:22 |
| Edwi1 | he told me that doesn't left running anything on the server | 21:23 |
| alexm | so you're asking how to finish his session, isn't it? | 21:23 |
| Edwi1 | yes alexm | 21:23 |
| alexm | since he doesn't care or recall having a session open then a "killall -u siget" should do | 21:24 |
| Edwi1 | ok alexm, i'll do that | 21:25 |
| Edwi1 | (btw, thanks for your help alexm) | 21:26 |
| alexm | :-) | 21:26 |
| ivoks | wow | 21:30 |
| ivoks | killall -u | 21:30 |
| ivoks | i always used slay | 21:30 |
| Edwi1 | alexm, i'll back... I'm going to logout (I am logged as dataguard) | 21:33 |
| Edwi1 | and I will try to umount /tmp from the console | 21:38 |
| ruben23_ | hi if my HDD is formatted with ntfs--->can i still used it to install ubuntu...server | 21:45 |
| specto | ruben23_: I wouldn't, while ntfs-3g seems to perform decently compared to a native file system such as ext3 it's not acceptable for a server. Just use a VM? | 21:48 |
| ivoks | ruben23_: that most probably wouldn't work | 21:49 |
| ivoks | you wouldn't have UNIX ACL's | 21:49 |
| ruben23_ | <specto> im formatting the HDD on a windows platform then put it again on my server to installed the default linux setup-but still got freeze during formatting on partition part. | 21:49 |
| ivoks | which would render it useless | 21:50 |
| specto | ruben23_: sounds like there is something wrong with your hard drive | 21:50 |
| ivoks | anyway, good night | 21:50 |
| ruben23_ | how to boot on command pompt in the install cd..of ubuntu server | 22:06 |
| alexm | Alt-F2 | 22:07 |
| ruben23_ | <alexm> on boot up of CD..? | 22:08 |
| alexm | no, you must start the installation process | 22:08 |
| alexm | let the install process to detect your discs, etc. and then press Alt-F2 | 22:09 |
| ruben23_ | then ill press Alt_f2 on what part..? | 22:09 |
| ruben23_ | ok | 22:09 |
| alexm | or Alt-F3 ... there are a few consoles open | 22:09 |
| ruben23_ | <alexm> on the console ill reformat my HDD- with fdisk | 22:10 |
| alexm | the installation process will perform some interesting setup steps for you: loading modules, network settings, etc. | 22:11 |
| alexm | then, once on the console you can change the partition layout with fdisk, if you like to | 22:11 |
| ruben23_ | <alexm>on what part of the installation ill set ALT+f2 | 22:12 |
| ruben23_ | when it prompt me for network setup..? partition? | 22:12 |
| alexm | you can switch consoles anytime | 22:12 |
| alexm | at least wait for the discs to be detected | 22:13 |
| alexm | i don't have an exact picture of the whole d-i screens in my mind right now | 22:13 |
| ruben23_ | ok hope this will work for my HDD now | 22:13 |
| alexm | nevertheless, you should check the disk for defects anyway | 22:14 |
| alexm | one way to do it is with badblocks | 22:14 |
| billybigrigger | hey all | 22:15 |
| alexm | or with dd if=/dev/sda of=/dev/null | 22:15 |
| alexm | or with testdisk | 22:15 |
| billybigrigger | anyone know why i wouldn't be able to bring up eth0? i have it set to dhcp, and i know it works, static doesn't work either | 22:15 |
| ruben23_ | <alexm> whats your location..? | 22:16 |
| ruben23_ | :) | 22:16 |
| billybigrigger | nvm, interfaces had an entry for eth0, and it needed to be eth1 | 22:18 |
| alexm | ruben23_: i'm near barcelona, es | 22:18 |
| ruben23_ | <alexm>---ow nice.. | 22:21 |
| ruben23_ | im in the console now | 22:21 |
| alexm | billybigrigger: check that interface names match the right mac address in /etc/udev/rules.d/70-persistent-net.rules | 22:21 |
| alexm | ruben23_: the uds karmic venue was just 10 minutes away from my home ;) | 22:23 |
| ruben23_ | nice | 22:26 |
| ruben23_ | <alexm> are you a sysadmin..? | 22:26 |
| alexm | yes, i work at the upc university in barcelona | 22:27 |
| alexm | good night | 22:34 |
| ruben23_ | hi can i used cfdisk on ubuntu...? | 22:41 |
| ruben23_ | in the installation process on the console | 22:41 |
| ruben23_ | i got error------------------------------------------------>dos compatibility flag is not set | 22:44 |
| DelphiWorld | hello | 23:08 |
| KillMeNow | Howdy | 23:08 |
| === nandemonai_ is now known as nandemonai | ||
| DelphiWorld | please how i can use static IP unstid of Using DHCP? | 23:08 |
| KillMeNow | you have to edit your interfaces file | 23:08 |
| DelphiWorld | UBUNTU SERVER 8.10 | 23:08 |
| KillMeNow | in /etc/network/interfaces | 23:09 |
| DelphiWorld | ok | 23:09 |
| KillMeNow | make sure you read this: man interfaces | 23:09 |
| KillMeNow | also make sure you are editing the right interface... ifconfig is your friend | 23:09 |
| KillMeNow | ifconfig will show you all network interfaces on the system | 23:10 |
| DelphiWorld | ok | 23:10 |
| ruben23_ | hi-im on ubuntu installation terminal use fdisk on partioning- then now would like to run mkfs -t ext2 /dev/hdb1------> error mksf not found | 23:33 |
| KillMeNow | ruben, why do you want to use ext2 filesystem? | 23:36 |
| KillMeNow | use ext3 | 23:36 |
| KillMeNow | also, if you're installing Ubuntu, it can format and partion your drives for you | 23:37 |
| nick125 | Hmm...when doing RAID/LVM in Ubuntu, where do I put my /boot? Should I create a separate partition? | 23:43 |
| KillMeNow | if all you have is the one RAID drive set w/o a free standing drive, you kinda have to put your /boot partition on the RAID. Otherwise, if you have another drive you can mount that partition on a separate drive | 23:44 |
| KillMeNow | follow? | 23:44 |
| KillMeNow | here is a good article about building raid with Ubuntu: http://advosys.ca/viewpoints/2007/04/setting-up-software-raid-in-ubuntu-server/ | 23:49 |
| KillMeNow | this is a decent looking article as well: http://beginlinux.com/server_training/server-managment-topics/1001-raid-5-with-lvm-on-ubuntu-804 | 23:50 |
| KillMeNow | gotta go get some other things done but i'll be back in a while | 23:54 |
| === KillMeNow is now known as KillMeNow[A] | ||
| * KillMeNow[A] is now away - Reason : Not here right now | 23:54 | |
| ruben23_ | <KillMeNow>sorry got disconnected----> yes i used the installation but during format my HDD freeze in progress | 23:54 |
| jeiworth | saaaaay guys, what would be the best solution to block a machine from communicaating with the internet, i.e. i only want to allow network traffic from and to local machines/IPs? | 23:54 |
| KillMeNow[A] | :jeiworth | 23:55 |
| Reepicheep | jeiworth: don't give the machine a gateway | 23:55 |
| KillMeNow[A] | that was the first suggestion before i accidentally hit enter | 23:55 |
| hggdh | or block it at the router | 23:55 |
| KillMeNow[A] | or if you wanted to be studly and set up your IPTables output chains to block all internet access except for your local networks | 23:56 |
| Reepicheep | or iptables, or even better.. layers are good so do them all | 23:56 |
| KillMeNow[A] | ok, now i am away | 23:56 |
| jeiworth | Reepicheep: hmm but will then be reachable over its hostname or just its ip? | 23:57 |
| Reepicheep | that shouldn't matter | 23:57 |
| KillMeNow[A] | oh yea Ruben... if you're using older hardware (Megaraid scsi for example) I don't think ubuntu supports that anymore | 23:58 |
| jeiworth | <hggdh> or block it at the router <-- i am trying to convince the customer to do that but their linksys doesnt seem to offer that option :-/ | 23:58 |
| Reepicheep | that is dependent on the sources machines DNS settings and the DNS server or host file | 23:58 |
| ruben23_ | <KillMeNow[A]> :) | 23:58 |
| KillMeNow[A] | i had a old megaraid hardware scsi raid controller and Ubuntu installs always failed on about the same place you're describing... wound up pitching the controller for something else | 23:59 |
| hggdh | jeiworth, heh. Being cheap sometimes bites back ;-) But I find surprising that their router does not even provide parental controls | 23:59 |
| ruben23_ | no im using SATA new one | 23:59 |
| KillMeNow[A] | ok now i am REALLY away | 23:59 |
| KillMeNow[A] | check to make sure that the SATA controller is in the supported hardware list | 23:59 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!