[00:47] <pwnguin> https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-patch
[00:47] <pwnguin> is this new? or simply never used?
[00:48] <KillMeNow> no idea, first i heard of it
[00:49] <KillMeNow> archives are empty so apparently nothing has ever gone out on it
[00:49] <pwnguin> im writing out some linux patching policies for work
[00:49] <pwnguin> already did the rhel doc
[00:49] <pwnguin> now im working on Ubuntu
[00:50] <KillMeNow> sounds like too much fun
[00:50] <pwnguin> meh, it's interesting
[00:50] <pwnguin> beats dealing with users
[00:50] <KillMeNow> heh
[00:50] <KillMeNow> suppose so
[00:51] <pwnguin> looking for a comparable way to email security patch alerts
[00:51] <KillMeNow> course, at this point in time, i would be happy to work with users as i'm unemployed at the moment
[00:51] <pwnguin> ideally, just the packages we have installed
[00:51] <pwnguin> but it kinda looks like traffic on security announce is light
[00:52] <KillMeNow> i would say take a look at debian
[00:52] <KillMeNow> since Ubuntu mainly gets it's packages from Debian
[00:52] <pwnguin> right...
[00:52] <KillMeNow> if something needs to be patched @ debian, Ubuntu is likely to follow shortly
[00:52] <pwnguin> https://lists.ubuntu.com/archives/ubuntu-security-announce/
[00:53] <pwnguin> there's also a website / rss feed
[00:53] <pwnguin> but i was wondering whether there was something installable
[00:53] <ice|work> i got a "minor" problem, if anyone have encountered this and know how to fix it please msg me
[00:53] <ice|work> iceonnet@homeserver:~$ sudo visudo
[00:53] <ice|work> iceonnet is not in the sudoers file. This incident will be reported.
[00:53] <pwnguin> like a trigger to apt-get or cron job
[00:54] <pwnguin> ice|work: are you in the sudoers file?
[00:54] <iceonnet> no i saved it
[00:54] <iceonnet> and exited
[00:54] <pwnguin> err
[00:54] <iceonnet> kinda sqrewed it up i guess
[00:54] <pwnguin> ice|work: is your user in the sudoers file?
[00:54] <KillMeNow> yea, so the message is pretty clear Iceonnet
[00:54] <iceonnet> pwnguin: no, that is what i realized when i was done and got the message
[00:54] <iceonnet> KillMeNow, yeah it is
[00:55] <KillMeNow> it means that the username iceonnet isn't in the sudores file or it doesn't have permissions
[00:55] <iceonnet> i did add this,
[00:55] <iceonnet> apache ALL=NOPASSWD:/usr/sbin/useradd, \
[00:55] <iceonnet> /bin/mkdir, /bin/ln, /bin/chown
[00:55] <iceonnet> tho apache doesn't have any passwd
[00:56] <KillMeNow> yea, and the command you gave it was sudo visudo
[00:56] <pwnguin> KillMeNow: actually, i think something like apticron would suffice
[00:56] <pwnguin> !info apticron
[00:56] <KillMeNow> hey pwnguin, that looks like a good solution
[00:57] <pwnguin> yea, i was hoping people in here would know more than i could find with apt-cache search :P
[00:57] <KillMeNow> at least then you would have some type of an idea when something is coming up...  however will it cover your security patch issue?
[00:57] <pwnguin> well, im comfortable with canonical's turnaround time
[00:57] <KillMeNow> yea, they are pretty quick usually
[00:58] <pwnguin> as long as i mandate that -security is in soruces.list, we'll be fine I think
[00:58] <KillMeNow> iceonnet..  you added the sudo rights of /bin/mkdir /bin/ln /bin/chown and /usr/sbin/useradd
[00:59] <iceonnet> yeah its for a apache project
[00:59] <KillMeNow> yea, but for the user iceonnet doesn't have /usr/sbin/visudo rights
[01:00] <KillMeNow> follow?
[01:00] <iceonnet> yup
[01:00] <KillMeNow> at least that's what i'm guessing from what you said you added
[01:01] <KillMeNow> so add /usr/sbin/visudo for iceonnet in the sudoers file
[01:01] <iceonnet> well i can't access the visudo file since i removed admin group rights for sudo
[01:02] <iceonnet> i guess i just should reinstall the whole thing
[01:02] <KillMeNow> do you have root?
[01:02] <iceonnet> root isn't set up from a fresh install is it?
[01:02] <KillMeNow> not usually
[01:03] <KillMeNow> usually the initial username you create during install has sudo su rights
[01:03] <iceonnet> yeah
[01:03] <KillMeNow> so you can get to root
[01:03] <KillMeNow> but some ppl enable root after the fact
[01:03] <iceonnet> how do i enable it? just f.ex do passwd root | set password?
[01:04] <KillMeNow> if you didn't do this, and then changed the sudoers file, then yea i can't think of any workaround off the top of my head
[01:04] <KillMeNow> lemme think about it for a second
[01:05] <KillMeNow> try this...  sudo passwd root
[01:05] <KillMeNow> if you can change the password, log out and then try logging in as root
[01:06] <iceonnet> ok
[01:06] <KillMeNow> if you can log in as root, you're saved from a reinstall
[01:06] <iceonnet> iceonnet@homeserver:~$ sudo passwd root
[01:06] <iceonnet> [sudo] password for iceonnet:
[01:06] <iceonnet> iceonnet is not in the sudoers file. This incident will be reported.
[01:06] <iceonnet> so i guess reinstall is the next stem
[01:06] <iceonnet> *step
[01:08] <KillMeNow> hate to say it, yea
[01:08] <KillMeNow> think that's the case
[01:08] <erichammond> iceonnet: Since apache has "sudo ln" access you might be able to save a copy of /etc/passwd, edit it, and then ln the copy over top of /etc/passwd.
[01:08] <erichammond> Not sure if the system checks the ownership of the file.
[01:08] <KillMeNow> well, how far in to this are you?
[01:09] <erichammond> Give root a password and then log in as root.
[01:09] <KillMeNow> if you just installed it and haven't done much to the system, i might just chuck it and start over
[01:09] <KillMeNow> otherwise, try Eric's suggestion
[01:09] <iceonnet> i just installed the server, apache, mysql, php and vsftpd, just done the basic setup
[01:10] <iceonnet> so i guess i just should start over, its about 15-20 mins of installing and setting it up again
[01:10] <KillMeNow> yea, that's what i would do
[01:10] <erichammond> If the system doesn't like a non-root-owned /etc/passwd, then you could overwrite any file which root runs regularly (after saving a clean copy).
[01:10] <KillMeNow> but i would also create a new account to use instead of the initial one you used
[01:10] <kees> pwnguin: it's not used yet
[01:10] <erichammond> my way is more fun :)
[01:11] <KillMeNow> heh
[01:11] <KillMeNow> HACKERY!  :D
[01:11] <erichammond> but yeah, starting over and documenting or automating the correct setup steps is a good idea.
[01:12] <erichammond> In case it wasn't clear, I also believe that giving an account sudo access to random commands is almost the same as giving it root access.
[01:15] <iceonnet> about the root enabling, should i just do a passwd root, after the installation?
[01:15] <KillMeNow> if you want to enable root access via ssh
[01:15] <erichammond> I think an attacker could also get root with "useradd" and "chown".  I'm still thinking about mkdir.
[01:16] <KillMeNow> i would recommend creating a new user besides the elevated user account at install
[01:17] <KillMeNow> then i would give that other user account whatever rights you were looking to do...  you usually DON"T want to allow root login besides from superuser
[01:17] <KillMeNow> AFK for a few
[01:20] <neilv> any security-team people around?  i was directed here. i have a DoS security bug against ubuntu's packaging apache that appears to be stuck in the process...
[01:28] <neilv> https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/394350
[01:39] <fool_> hey guys, i've turn ufw logging to full, grep all of /var/log but found no trace of ufw log. what should i do ?
[01:43] <KillMeNow> i've never used the Ubuntu Firewall as a frontend, i've always used IPKungfu
[01:44] <KillMeNow> try sudo ufw logging on
[01:44] <pmatulis> KillMeNow: that's pretty funny
[01:44] <KillMeNow> why is that?
[01:44] <KillMeNow> yes i know that they are both front ends for iptables
[01:44] <pmatulis> KillMeNow: the name (IPKungfu)
[01:45] <KillMeNow> ooh
[01:45] <KillMeNow> yea, i've used it since like 2001
[01:45] <pmatulis> graphical?
[01:45] <KillMeNow> when i got tired of beating my head on the table trying to get IPtables done right
[01:45] <KillMeNow> no, it's all cmd line
[01:45] <KillMeNow> it has several config files
[01:45] <pmatulis> ok
[01:45] <pmatulis> yeah, iptables is the dog's breakfast
[01:46] <KillMeNow> www.linuxkungfu.org
[01:46] <KillMeNow> plus the guy who wrote it is hella nice
[01:47] <pmatulis> that helps
[01:47] <fool_> KillMeNow: i tried ufw logging full
[01:47] <ruben23> hi
[01:47] <ruben23> how do i disable the ubuntu server firewall...?
[01:48] <KillMeNow> yea, talked to him here on freenode in #ipkungfu
[01:48] <pmatulis> come on guys, '$ man ufw'
[01:48] <ruben23> is it builtin installed on the fresh ubuntu installed..?
[01:48] <KillMeNow> yea, man ufw shows 'ufw logging on | off
[01:48] <pmatulis> yes, ufw is installed by default
[01:49] <fool_> pmatulis: i did
[01:49] <pmatulis> well it says on the first few lines: ufw disable
[01:50] <pmatulis> sorry, mixing you guys up
[01:50] <pmatulis> that was for ruben23
[01:50] <fool_>  # ufw logging on
[01:50] <fool_> Logging enabled
[01:50] <KillMeNow> oh hahahhaa...  yea 2 ppl here talking about UFW
[01:50] <ruben23> how about already installed openssh but getting network refuse when ssh on the ubuntu server
[01:50] <fool_>  ufw status
[01:50] <fool_> Status: active
[01:50] <fool_> To                         Action  From
[01:50] <fool_> --                         ------  ----
[01:50] <fool_> 22                         ALLOW   Anywhere
[01:51] <fool_> it's active
[01:51] <fool_> it's running
[01:51] <fool_> but i can't find any log anywhere
[01:51] <fool_> lol
[01:51] <pmatulis> fool_: looks good but i would disable ufw and then test ssh
[01:51] <fool_> pmatulis: ssh's working
[01:52] <pmatulis> fool_: so what's the problem?
[01:52] <fool_> pmatulis: no log anywhere
[01:52] <KillMeNow> he's looking for the physical log file in /var/log
[01:52] <KillMeNow> it doesn't show allowed connections i think
[01:52] <fool_> pmatulis: when i turned on ufw aptitude couldn't work, and when i tried to look for logs i couldn't find any
[01:52] <KillMeNow> only connections rejected correct pmatulis?
[01:53] <ruben23> how about me, ssh not working--> i got network refuse error
[01:53] <fool_> KillMeNow: i turned on full logging and still no log
[01:53] <pmatulis> fool_: calm down
[01:53] <KillMeNow> hrm...  ruben23
[01:53] <KillMeNow> disable ufw and try ssh again
[01:54] <ruben23> i just type command ufw logging off..
[01:54] <fool_> pmatulis: oh my bad
[01:54] <KillMeNow> if you've flushed your iptables and you still can't connect to ssh, is your box behind a firewall and is the firewall forwarding port 22?
[01:54] <KillMeNow> ruben type in ufw disable
[01:54] <ruben23> ok
[01:54] <KillMeNow> that should turn off the firewall
[01:55] <KillMeNow> then try to connect to ssh port 22
[01:55] <KillMeNow> if it works, viola
[01:55] <pmatulis> fool_: are you good now?
[01:55] <KillMeNow> you need to add the rule in to ufw
[01:55] <fool_> pmatulis: no
[01:55] <KillMeNow> have you read the man page for ufw ruben?
[01:55] <fool_> pmatulis: when i turned on ufw aptitude couldn't work, and when i tried to look for logs i couldn't find any <<<
[01:55] <fool_> so i'm stuck on those 2 problems
[01:56] <pmatulis> fool_: '$ sudo ufw logging high'
[01:56] <pmatulis> fool_: that will give you a 'high' level of logging
[01:56] <fool_> pmatulis: i tried with full w/o any luck
[01:56] <pmatulis> fool_: then '$ tail -f /var/log/kern.log'
 no luck---->still getting network refuse
[01:57] <pmatulis> ruben23: is ufw disabled?
[01:57] <ruben23> yes
[01:57] <ruben23> disable now
[01:57] <pmatulis> ruben23: did you flush your iptables rules?
[01:58] <ruben23> i just disable
[01:58] <pmatulis> '$ sudo iptables -F' IIRC
[01:58] <ruben23> no flush
[01:58] <pmatulis> please do
[01:58] <KillMeNow> iptables --flush
[01:58] <fool_> pmatulis: nothing
[01:58] <KillMeNow> oh yea, sudo iptables --flush
[01:58] <KillMeNow> then you can type in iptables --list
[01:58] <KillMeNow> that should show you all your iptables rules
[01:58] <KillMeNow> you shouldn't see any
[01:59] <ruben23> ok in aminute
[01:59] <fool_> pmatulis: i'm looking at syslog/kern.log/messages/dmesg and it shows up nowhere
[01:59] <KillMeNow> hey fool_ have you checked in /var/log/messages for any ufw messages?
[01:59] <KillMeNow> i'm reading a forum post on ubuntuforums and someone posted that it may be logging in messages
[02:00] <fool_> pmatulis: i'm looking at syslog/kern.log/messages/dmesg and it shows up nowhere << KillMeNow
[02:00] <KillMeNow> try sudo cat /var/log/messages | grep -i ufw
[02:01] <pmatulis> fool_: and what do you expect to see there?  is it blocking stuff?
[02:01] <fool_> pmatulis: there is nothing, no messages
[02:01] <fool_> lol
[02:01] <fool_> say if it's blocking aptitude or  something at least there'd be some messages
[02:02] <fool_> but there's nothing
[02:02] <fool_> :/
[02:02] <pmatulis> fool_: why do you think it's blocking aptitude, that makes no sense
[02:02] <KillMeNow> does aptitude work now with firewall rules in?
[02:02] <pmatulis> fool_: AFAIK, ufw blocks incoming only
[02:02] <KillMeNow> if now, disable it and then flush your iptables
[02:02] <fool_> pmatulis: because aptitude works when i disabled ufw and doenst when i enable it
[02:02] <KillMeNow> yea, another reason i used IPkungfu
[02:03] <pmatulis> very strange
[02:03] <KillMeNow> ok, that would make some type of sense...  check your rules...  did you block a outbound port range?
[02:03] <fool_> pmatulis: yep, that's why i'm hear for help
[02:03] <fool_> lol
[02:03] <pmatulis> fool_: did you confirm that there are no other rules active?
[02:03] <fool_> pmatulis: nope
[02:03] <fool_> unless ufw status lie to me
[02:04] <ruben23> guys
[02:04] <pmatulis> '$ sudo iptables -L -n'
[02:04] <ruben23> still cant login through ssh
[02:04] <ruben23> network refuse
[02:04] <KillMeNow> ok, is the ssh service running?
[02:04] <pmatulis> ruben23: so you flushed the rules or not (i'm getting tired)
[02:04] <KillMeNow> check your services
[02:04] <KillMeNow> sudo netstat -nap | more
[02:05] <ruben23> but when /etc/init.d/ssh restart ------> got this no such file directory
[02:05] <KillMeNow> check to see if the ssh daemon is listening to port 22
[02:05] <ruben23> done already as youve said
[02:05] <ruben23> all done
[02:05] <pmatulis> ruben23: guess sshd is not listening then
[02:05] <KillMeNow> well, then it sounds like you don't have sshd installed
[02:05] <KillMeNow> apt-get install sshd
[02:05] <pmatulis> KillMeNow: no
[02:05] <KillMeNow> no?
[02:05] <pmatulis> package is 'openssh-server'
[02:05] <KillMeNow> ooh yea
[02:06] <KillMeNow> woulda figured that out soon enough
[02:06] <pmatulis> ruben23: did you install this package?
[02:06] <ruben23> doing it now apt-get install openssh-server
[02:07]  * pmatulis packs up
[02:07] <ruben23> ow..this is a fresh install ubuntu...
[02:07] <ruben23> do i need to enable something on the sources list..?
[02:07] <ruben23> before i can do apt-get install packages
[02:08] <fool_> man
[02:08] <fool_> he's gone
[02:08] <KillMeNow> you might, but it wasn't broken after i installed ubuntu
[02:09] <fool_> http://pastebin.ca/1487592 << here's the pastebin if anyone care tolook
[02:09] <KillMeNow> looking
[02:10] <KillMeNow> i'm not sure why you are accept UDP for port 22 and 80
[02:11] <fool_> uhm that's irrelevant to my problem isn't it ?
[02:11] <KillMeNow> yep
[02:11] <KillMeNow> most likely
[02:11] <KillMeNow> just saying
[02:12] <fool_> well i just enable the ports so it doesn't matter udp or tcp
[02:12] <fool_> unless there's a good reason i should specify
[02:13] <KillMeNow> just thinking of flooding maybe...
[02:13] <KillMeNow> course it really doesn't matter since there is no udp socket for port 22
[02:13] <KillMeNow> or port 80
[02:13] <ruben23> guys ssh-server is installed
[02:13] <kees> bug 394350
[02:13] <ruben23> on the ubuntu server
[02:14] <fool_> KillMeNow: yeah so what should i do about aptitude and no logging problem ?
[02:14] <KillMeNow> damn peculiar
[02:14] <KillMeNow> your output chain looks ok
[02:15] <KillMeNow> and aptitude is all out bound
[02:15] <fool_> lol uh huh
[02:15] <fool_> that's what puzzled me too
[02:15] <fool_> i thought my isp pulled my leg for a min or something
[02:15] <KillMeNow> it makes no sense
[02:15] <fool_> then i realized i just turned ufw on
[02:16] <ajmitch> kees: only thing I can think of on that one is that the kernel does some of the enforcing, and I saw something on the kernel list a couple of months ago about fixing it
[02:16] <KillMeNow> my suggestion, try using ipkungfu
[02:16] <KillMeNow> it's hella easy to install and the config files are very self explanatory
[02:16] <KillMeNow> what version you running?
[02:16] <KillMeNow> latest?
[02:17] <fool_> yes
[02:17] <fool_> jaunty
[02:17] <KillMeNow> ok ruben, start it and try to connect to ssh
[02:18] <ruben23> yeah..
[02:18] <ruben23> still no succes
[02:18] <KillMeNow> did it work?
[02:18] <ruben23> no still
[02:18] <KillMeNow> leave the firewall turned off
[02:18] <ruben23> i got no such fiel or directory
[02:18] <KillMeNow> make sure openssh-server is started
[02:18] <kees> ajmitch: nah, it behaved correctly for me on hardy
[02:19] <KillMeNow> sudo /etc/init.d/ssh status <--type this in ruben
[02:19] <KillMeNow> all i can say is that i can't see really anything broken by your UFW rules fool_
[02:20] <fool_> KillMeNow: i don't either
[02:20] <fool_> lol
[02:20] <fool_> but things are borken
[02:20] <fool_> brb
[02:20] <jmarsden> fool_: Turn on logging and see what gets logged by your UFW rules.
[02:20] <KillMeNow> LOL...  he has
[02:20] <KillMeNow> it's not logging either
[02:20] <jmarsden> Then if nothing is logged, it isn't UFW/iptables doing the breaking...
[02:21] <KillMeNow> getting nothing in either /var/log/messages
[02:21] <KillMeNow> well it works when we turn UFW off
[02:22] <jmarsden> Very strange... did you paste the iptables ruleset from when it is turned on somewhere... I just got home from work, have not scrolled back very far...
[02:22] <KillMeNow> yea here:  http://pastebin.ca/1487592
[02:22] <KillMeNow> nothing in the ruleset that i can tell is limiting the outbound connections
[02:22] <KillMeNow> inbound looks ok as well
[02:24] <ajmitch> kees: maybe there some some updates which have fixed it, very hard to say for sure :)
[02:24] <jmarsden> KillMeNow: Yes, that looks pretty boring... does netstat -ntlp show sshd on port 22?
[02:25] <fool_> jmarsden: ssh is working
[02:25] <KillMeNow> i think jmarsden is looking at Ruben23's sshd issue
[02:25] <fool_> oh my bad
[02:25] <KillMeNow> two firewall types of rule problems jmarsden...  ruben23 and fool_
[02:26] <jmarsden> Oh, I may be confusing the two... OK.
[02:26] <KillMeNow> ruben23 is that he didn't have openssh-server installed
[02:26] <kees> ajmitch: did it not work for you at some point?
[02:26] <jmarsden> So for fool_ when UFW is enabled what exactly breaks -- what is the symptom?
[02:26] <KillMeNow> fool_ has all that working, but when IPTables is turned ON - aptitude fails
[02:27] <ajmitch> kees: I haven't tried it, but it's something that I should use
[02:27] <ajmitch> I just saw the bug earlier & did a little checking since I'd touched apache2 recently
[02:27] <jmarsden> KillMeNow/fool_: Does FTP to other sites work with UFW enabled?  Does HTTP to other sites work with UFW enabled?
[02:28] <fool_> jmarsden: one sec let me try wget something
[02:29] <KillMeNow> sorry, i'm doing about 40 different things at the moment
[02:29] <KillMeNow> trying to reimage my wife's laptop from WDS, back up my Ubuntu box for update and watch this too  LOL
[02:29] <jmarsden> fool_: It might also be good to try ftp to the site you are using in sources.list for apt/aptitude, using wget or a conventional ftp client such as lftp
[02:29] <fool_> jmarsden: ufw on, wget doesn't work
[02:30] <jmarsden> fool_: for http, or for ftp, or for both?
[02:30] <fool_> jmarsden: for http
[02:30] <fool_> let me try ftp
[02:32] <jmarsden> fool_: OK.  Are you set up to use any kind of proxy server, for FTP or for HTTP?  Anything like squid or some more proprietary software or hardware "in the way"?
[02:32] <fool_> jmarsden: nope
[02:33] <fool_> say if i do this  wget http://mirror.mcs.anl.gov/pub/ubuntu-iso/DVDs/ubuntu/hardy/release/ubuntu-8.04.1-dvd-i386.iso
[02:33] <fool_> then disable ufw
[02:33] <fool_> it'll run
[02:33] <fool_> then enable ufw
[02:33] <fool_> it'll stop
[02:33] <fool_> and so on and so forth
[02:33] <fool_> lol
[02:33] <fool_> no squid no proxy no cache
[02:34] <fool_> i'm on a vps if that changes anything
[02:34] <fool_> kernel 2.6.18-128.1.1.el5.028stab062.3
[02:34] <jmarsden> Do you control the whole physical machine -- or are you renting the VPS from a provider?
[02:35] <fool_> i'm renting the vps
[02:35] <KillMeNow> ahhh
[02:35] <jmarsden> OK.  So we don't really know what the provider does once packets leave your virtual machine...
[02:35] <fool_> but it shouldn't matter should it ?
[02:35] <fool_> since it's working when ufw is turned off ?
[02:35] <jmarsden> Well, it means we can't test or run tcpdump on the host OS instance, for example...
[02:36] <fool_> so what should i do ?
[02:36] <jmarsden> Your pastebin of the ruleset does not seem to show UFW logging enabled -- are you *sure* it is enabled?
[02:37] <KillMeNow> we had him turn it off i think
[02:37] <KillMeNow> then disabled the ufw
[02:37] <fool_> jmarsden:  cat /etc/ufw/ufw.conf
[02:37] <fool_> # /etc/ufw/ufw.conf
[02:37] <fool_> #
[02:37] <fool_> # set to yes to start on boot
[02:37] <fool_> ENABLED=yes
[02:37] <fool_> # set to one of 'off', 'low', 'medium', 'high'
[02:37] <fool_> LOGLEVEL=full
[02:37] <jmarsden> Try    sudo ufw logging on     and then test again?
[02:39] <fool_> i've been doing tail -f on syslog/kernlog/messages/dmesg  since the beginning
[02:39] <fool_> lol
[02:39] <fool_> nothing comes up
[02:39] <fool_> weird as heck :/
[02:40] <jmarsden> No....    sudo ufw logging on    # and then grep "UFW BLOCK" /var/log/*
[02:41] <fool_> nothing
[02:42] <jmarsden> OK.  You did a wget or whatever after enabling the logging, right?  Anwyay, I need to go, unfortunately (to eat and then out to play guitar)... back in ~2 hours or so I expect.  Hopefully you'll have found and fixed it before that!
[02:43] <fool_> yes
[02:43] <fool_> it's werid as hell
[02:43] <KillMeNow> gah, sometimes i really hate M$ crap
[02:44] <jmarsden> OK... definitely weird...  When you find the asnwer say so here... I'll log the channel so I find out what the answer was :)
[02:44] <KillMeNow> i still think you should try ipkungfu
[02:44] <KillMeNow> see if that works for you
[02:44] <KillMeNow> mainly cause i like ipkungfu
[02:45] <fool_> KillMeNow: this is not M$ crap
[02:45] <fool_> KillMeNow: afaik this ufw is maintained by ubuntu devs
[02:45] <KillMeNow> no, i mean myself
[02:45] <KillMeNow> been fighting with M$ WDS all afternoon
[02:45] <fool_> jmarsden: sure will , bon appetite
[02:45] <KillMeNow> microsofts windows deployment services
[02:45] <KillMeNow> it's a pita
[02:46] <KillMeNow> yeap...  i'm sure UFW is maintained by ubuntu devs
[02:46] <KillMeNow> but it's just a frontend for doing IPtables
[02:46] <KillMeNow> i don't use UFW, but i also own the server mine is on
[02:47] <KillMeNow> but if you think it's UFW, you can install ipkungfu, configure it and see if the problem persists
[02:47] <KillMeNow> either way, i'm curious to know what the issue is as well
[02:49] <fool_> haha if i have to get used to ipkungfu again then i might as well learn iptables
[02:50] <KillMeNow> it's pretty easy to use, but ok
[02:51] <KillMeNow> well it's time for me to go
[02:51] <KillMeNow> have a good one
[03:02] <jdstrand> fool_: some vps providers don't compile in all the necessary modules for ufw. See http://bazaar.launchpad.net/~jdstrand/ufw/trunk/annotate/head%3A/README
[03:02]  * jdstrand is just passing by...
[03:05] <jmarsden> fool_: I'm on my way out the door, but your pastebin also lacks a bunch of rules regarding state RELATED that my UFW setup has... which coudl be highly relevant to your issue...
[03:08] <jmarsden> fool_: See http://pastebin.ubuntu.com/212336/
[03:39] <MTecknology> How can I resize LVM partitions?
[03:41] <fool_> it's werid as hell
[03:43] <fool_> jdstrand: http://bazaar.launchpad.net/~jdstrand/ufw/trunk/annotate/headA/README gives me internal server error
[03:43] <fool_> jmarsden: thanks
[03:44] <jdstrand> fool_: that is .../head%3A/...
[04:08] <fool_> jdstrand: so addrtype, comment, hl, limit , multiport, recent and state are the only required modules right ?
[05:25] <nick125> Other than the server guide, what's another good documentation source for Ubuntu Server-related things?
[05:50] <rags> I use an external smtp server to send/receive mail how to configure ubuntu to do the same?? I understand that postfix is the default MTA, should I use that or go for exim??
[05:52] <nick125> In Ubuntu's networking configuration file, is there a way to either specify that the default kernel route not be added or have it removed?
[05:52] <lamont> nick125: "default kernel route"?
[05:53] <lamont> do you mean default network route?
[05:53] <nick125> lamont: For instance, if I add the IP address 192.168.1.1/24, it'll add a route from 192.168.1.0/24 to 0.0.0.0
[05:54] <nick125> Since my server will have two interfaces with IPs in the same subnet, it seems to get confused if both routes are there.
[05:58] <jmarsden> nick125: if the two interfaces are set static, then only at a gateway line to one of their declarations... and you should only get one default route.
[05:58] <jmarsden> Something like http://pastebin.ubuntu.com/212420/
[05:59] <nick125> jmarsden: On one interface, there is only one host that I need to communicate to, so on my current setup, I remove the default kernel route and replace it with 192.168.1.24/32 to 192.168.1.24/32.
[06:02] <jmarsden> ??? There is no such thing as a "kernel route".  And routing from A to A is... pretty useless by definition, you are already *at* A so no need to route to it.  Overall it sounds like you are trying to do something you do not fully understand... what are you trying to achieve?  pastebin me a little ASCII art diagram, or something?
[06:02] <nick125> sure, one second.
[06:07] <nick125> http://pastebin.ubuntu.com/212427/
[06:08] <nick125> Sorry, my ASCII diagrams really suck....and that line there didn't break like it should've :(
[06:09] <nick125> http://pastebin.ubuntu.com/212428/
[06:09] <jmarsden> You want two different networks, both 192.168.1.x, connected to the same server, and route between them?  The logical answer is don't do that, renumber one of them, or bridge them.
[06:10] <nick125> The problem is that I _can't_ renumber one of them.
[06:10] <jmarsden> Then, as far as I know, you need a bridge, not a router to join them.
[06:11] <nick125> Hmmm.
[06:11] <jmarsden> Worst case could you make one into 192.168.1.0/25 and the other into 192.168.1.128/25 so they are different?
[06:11] <nick125> Here's the problem: I have a static IP block from my DSL provider, and the modem has a static IP from within the block...
[06:12] <nick125> And they won't give the DSL modem a different IP unless I pay them $50.
[06:12] <nick125> ($50 for another IP block for the DSL modem)
[06:12] <jmarsden> The usual approach is to put the "DSL modem" (which is usually a modem/router really) into bridge mode...
[06:13] <nick125> Can't. My provider uses PPPoA.
[06:13] <nick125> So, unless I find a supported USB modem or PCI modem, I'm screwed on that.
[06:14] <nick125> I've asked and begged them to support PPPoE, and they refuse.
[06:14] <jmarsden> And you need all 254 IPs?  for doing what?
[06:15] <ajmitch> there are definitely PPPoA DSL modems that do some form of bridging, I've got a cheap linksys one at home that does that
[06:15] <nick125> Well, it's actually a /28...I made up some numbers :p
[06:15] <nick125> ajmitch: The modem will do bridging, it's just that I can't actually do PPPoA on my server.
[06:16] <ajmitch> the modem does 'half-bridging' to use its term - it does the PPPoA
[06:16] <nick125> ajmitch: Well...this modem has a half-bridging feature, it's just that....it doesn't work.
[06:16] <ajmitch> heh
[06:16] <nick125> And the vendor doesn't plan on doing a firmware update
[06:17] <nick125> even though there is a _major_ security bug in them that allows anyone to bypass the "password" security.....
[06:17] <nick125> not to mention the bug where it resets the password every time the modem power cycles.
[06:17] <jmarsden> Time to buy a new ADSL modem/router ?
[06:18] <nick125> Might not be a bad idea.....but most of them are really......awful.
[06:18] <jmarsden> Google for linux pppoa and you'll probably find forums where this is discussed, and pick one with lowest awfullness ??
[06:19] <jmarsden> Or... write a PPPoA driver for Linux :)
[06:19] <jmarsden> There may actually be one already?
[06:19] <nick125> You can't do PPPoA over Ethernet ;-)
[06:21] <nick125> I spent hours and hours trying to figure it out before I realized that daunting fact
[06:22] <nick125> I guess I could just drop the line to remove that pesky route into /etc/rc.local
[06:23] <jmarsden> Hey, if that works for you, and saves you $50... it's worth a try!
[06:24] <nick125> I was hoping that there was a nicer way to do it, but I'm guessing I'm probably the only one with this screwed up setup :p
[06:25] <jmarsden> If you change the local LAN subnet to something else and do NAT on the server, does that not get you what you need?
[06:26] <nick125> jmarsden: I'm already doing NAT....but I still need to assign public IPs to machines in the LAN :(
[06:27] <jmarsden> No, you assign all the public IPs to the one server interface on the ADSL modem side of things, and assign local IPs to each machine on the LAN...
[06:27] <jmarsden> Then do one to one NAT in the server.
[06:28] <nick125> I've done 1:1 NAT before...but then you get into problems when you try to use the public IPs inside of the network
[06:29] <nick125> So I end up having to setup a separate DNS server somewhere that points to the local IPs....so when I go to nick125.com, instead of getting the public IP, I'll get the local IP.
[06:30] <jmarsden> Yes, you probably would... local DNS server can be on your server (the one with 2 NICs) -- you already have that server, so use it...
[06:31] <nick125> Maybe I should just redesign my network to not be so....quirky.
[06:31] <jmarsden> Yes.  I don't know if the NAT approach is really any cleaner than adding a line to rc.local... just trying to think up alternatives.
[06:32] <jmarsden> Or, if the $50 is a one time fee... just pay the $50 :)
[06:32] <nick125> Well, it's $50 plus $1/month....on top of the $80USD I'm paying them a month.
[06:33] <jmarsden> OK... now compute what your time is worth redesigning the network and testing odd configurations etc etc... is it work $50 plus $1/month to you to avoid that headache?
[06:33] <nick125> I'm not sure, especially considering that I might switch ISPs next month.
[06:34] <jmarsden> Well, if you can switch that easily... drop a line into rc.local for a month, and clean up once you switch ISPs :)
[07:29] <\sh> moins
[08:29] <_ruben> hm .. i thought there was a way to tell cron to not log to syslog only for certain cronjobs .. cant seem to find anything on it though :(
[08:38] <atomic__> yeah, that's been bugging me too
[08:38] <atomic__> you can send a script's output do /dev/null though :)
[08:40] <negge> that's what I do as well
[08:40] <_ruben> that has nothing to do with cron itself logging to syslog though :)
[09:01] <henkjan_> i'm thinking about using etckeeper
[09:01] <henkjan_> any good reason to use bzr and not the default git?
[09:07] <th0m> any news on the ssh remote exploit rumor .
[09:07] <th0m> ?
[09:07] <th0m> http://isc.sans.org/diary.html?storyid=6742
[10:53] <socketbind> hi, i have installed ubuntu server 9.04 on a simple desktop machine to act as a file server. i seem to have a network card issue which im unable to fix
[10:54] <socketbind> in the middle of large file transfers the ethernet card silently fails. there are no kernel error messages and the machine does not freeze
[10:54] <socketbind> bringing down and up the ethernet interface fixes it
[10:55] <socketbind> i'm unable to fix it and need some help. it is using the via_rhine driver
[11:23] <pixlbox> does anyone know how to set up ftp access to authenticate via mysql, ive tried the vsftp and mysql tutorial on howtoforge but its not working
[11:45] <iceonnet> is this command correct? sudo /usr/sbin/useradd <username> -m -p <encrypted password> -s /bin/sh
[11:47] <_ruben> i'd put the username last as last parameter to be sure, looks fine otherwise
[11:47] <iceonnet> ok, let me try that
[11:48] <U2GB> look man useradd and man adduser
[11:51] <iceonnet> thank you very much, worked like a charm =)
[11:53] <iceonnet> is there any way to force a user to log out?
[11:55] <_ruben> kill all of its shells
[11:57] <iceonnet> to find the shells i write ps -x?
[13:33] <cjwatson> th0m: nothing concrete to my knowledge, just rumours
[13:33] <cjwatson> th0m: panicking's likely to be unhelpful
[13:46] <th0m> how could i find the process which sendmail ?
[13:46] <th0m> i'm cleaning a box, cant find the process spamming (think of apache, but cant find in the log)
[13:46] <th0m> is there a way to identify the process executing the sendmail cmde ?
[13:57] <hito_jp> th0m: I'm beginning to get the picture, please check your situations. 1) Are you in troubles that your server are spaming e-mails without your will?  2) Are you use some web-apps? or not?
[13:58] <cjwatson> replace the sendmail process with a shell wrapper that prints its parent process id ($PPID) to a log file and then execs the real sendmail
[17:23] <ruben23____> hi
[17:24] <ruben23____> how do i check if openssh-server is installed on the ubuntu server
[17:24] <bitprophet> dpkg --list | grep openssh
[17:25] <bitprophet> (or grep openssh-server to be super specific, but I find a wider net is often more useful in case one has the package name wrong or made a typo)
[17:27] <wizardslovak> hello
[17:28] <wizardslovak> i need someone to help me set up apache and print server
[17:28] <wizardslovak> !print server
[17:28] <wizardslovak> !print
the output is  ll client, an rlogin /rsh/rcp repla       1:4.7p1-8ubuntu 1.2
[17:41] <ruben23____> is my openssh server installed..?
[17:49] <ruben23_> hi i do dpkg --list | grep openssh then -------------> ii open ssh - client ll client, an rlogin /rsh/rcp repla       1:4.7p1-8ubuntu 1.2
[17:49] <ruben23_> is my openssh server installed..?
[17:51] <bitprophet> ruben23_: nope, openssh-client is just the client stuff, you don't seem to have openssh-server
[17:52] <bitprophet> Unless the server package name changed drastically after 8.04
[17:55] <ruben23_> anyone have idea..
[17:56] <bitprophet> can't you just aptitude install openssh-server ?
[17:57] <specto> sudo apt-get install openssh-server should work
[17:57] <ruben23_> yes i already do that..
 should i enable something first on my source.list
[17:58] <ruben23_> this is a fresh install
[17:59] <specto> ruben23_: no, its on every installation
[17:59] <specto> ruben23_: even jeos
 i cant login through it
[17:59] <ruben23_> remotely
[17:59] <specto> ruben23_: that could be other problems
[18:00] <specto> ruben23_: ps aux | grep ssh
[18:00] <ruben23_> ssh is installed by default on ubuntu server
[18:00] <ruben23_> ok
[18:00] <specto> ruben23_: sudo netstat -natp | grep sshd
[18:01] <ruben23_> ok
[18:01] <specto> What does it say?
[18:01] <ruben23_> in a minute got disconnected-need to reboot the server..
...?
[18:30] <ruben23_> for my ps aux | grep ssh
[18:31] <ruben23_> 4425 0.0 0.0 5164 800 tty1 s+ 22:42 <-------------------output
[18:31] <ruben23_> netstat -natp | grep sshd
[18:31] <ruben23_> i got emty output
[18:31] <ruben23_> empty
[18:32] <alexm> ruben23_: what does this say? sudo lsof -i tcp:ssh
[18:33] <ruben23_> ok
[18:34] <alexm> this is what is saying for me:
[18:34] <alexm> COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
[18:34] <alexm> sshd    3225 root    3u  IPv4  23143       TCP *:ssh (LISTEN)
[18:34] <alexm> sshd    3225 root    4u  IPv6  23145       TCP *:ssh (LISTEN)
 sorry getting hard to transfer im not on terninal
[18:35] <ruben23_> writing the details on the server now
[18:36] <alexm> ok then, ruben23_
[18:36] <alexm> just look for those LISTEN entries
[18:36] <alexm> are they on the lsof output?
[18:37] <specto> check if it is running 'ps aux | grep ssh
[18:38] <ruben23_> ps aux | grep ssh------------------------>4425 0.0 0.0 5164 800 tty1 s+ 22:42
[18:39] <ruben23_> unknow protocol for  lsof -i tcp:ssh
[18:40] <alexm> what about... sudo lsof -i tcp:22
[18:40] <alexm> specto: i'd suggest to grep for sshd instead
[18:40] <alexm> as in ps aux | grep sshd
[18:44] <ruben23_> maybe i guess need to reload the OS server itself
[18:44] <ruben23_> again
[18:45] <nick125> Good morning everyone
[18:47] <alexm> ruben23_: no, there's no need to reboot
[18:48] <alexm> is lsof -i tcp:22 giving you the same error?
[19:17] <cvw> Cheers
[19:18] <cvw> Got an issue with networking, our interfaces file is setup properly.  when calling "ifup eth0" the interface is brought up properly.  However, /etc/init.d/networking (re)start dose not bring the device up as expected.  What could we be doing wrong here?
[19:47] <ruben23_> hi guys
[19:47] <ruben23_> i have install ubuntu server 8
[19:48] <ruben23_> during installation
[19:48] <ruben23_> i was not prompt for network configuration
[19:48] <ruben23_> directly goto hostname and partitioning
[19:48] <sommer> ruben23_: by default the installer uses dhcp
[19:48] <ruben23_> ok
[19:49] <ruben23_> on the partition side what would i best select..?
[19:49] <sommer> ruben23_: totally depends on what type of server it's going to be
[19:49] <ruben23_> what is the default by it..?
[19:50] <ruben23_> use entire disk
[19:50] <sommer> ruben23_: I don't know if there is a hard and fast default, but the most flexible IMHO is LVM entire disk, that is if you don't know exaclty how you want the layout up front
[19:52] <ruben23_> ok
[19:53] <alexm> sommer: i usually set up /boot outside LVM, maybe for historical reasons, isn't non-lvm /boot needed anymore?
[19:54] <sommer> alexm: nope... at least I've never had a problem putting /boot on LVM
[19:55] <sommer> alexm: but I think the automated whole disk lvm will create a seperate /boot so you're probably right that's a safer way to go
[19:55] <Edwi1> hi people
[19:56] <alexm> i'm sure i had problems with that in the past with this, so i was just wondering
[19:56] <alexm> s/ with this//
[19:57] <alexm> sommer: btw, i installed nagios3 and munin following the karmic serverguide and it worked wonders
[19:58] <alexm> i just missed a note explaining how to setup munin plugins (i found it in munin docs anyway)
[19:58] <Edwi1> I have a problem installing virtualbox 3, it says that Ther is no enough space in /tmp while it tries to compile a kernel module for virtualbox, how can I change the space of /tmp ? (thanks in advance)
[19:58] <sommer> alexm: good to hear :)
[19:59] <ivoks> so, what's the deal now?
[19:59] <ivoks> we have to submmit bug reports for syncs from debian? :)
[19:59] <sommer> isn't that the procedure after debian freeze, or whatever the freeze is?
[20:00] <ivoks> https://wiki.ubuntu.com/DebianImportFreeze
[20:00] <ivoks> let's read...
[20:01] <ivoks> ok... i request a sync from debian :)
[20:01] <ivoks> any core dev around? :)
[20:01] <Edwi1> sorry, I don't mentioned that I am using Ubuntu Server 8.04 LTS
[20:02] <alexm> Edwi1: is /tmp on lvm?
[20:02] <Edwi1> alexm is /tmp
[20:03] <Edwi1> but I don't see where can I define or resize it
[20:03] <alexm> Edwi1: what does df /tmp say?
[20:04] <Edwi1> I was googling for a while and in some site says that it's chageable in /etc/fstab but I could not see anything abount /tmp or /tmpfs
[20:05] <alexm> Edwi1: please, can you tell what says df /tmp?
[20:06] <Edwi1> alexm: df -h /tmp/
[20:06] <Edwi1> Filesystem                    Used  Disp Usage% Mounted
[20:06] <Edwi1> overflow              1.0M  1.0M     0     100%         /tmp
[20:07] <alexm> overflow? it's the first time i see this
[20:07] <Edwi1> alexm sorry if something is bad translated
[20:07] <Edwi1> yeah, alexm... me too!  :O
[20:08] <alexm> Edwi1: this is what i get
[20:08] <alexm> Filesystem           1K-blocks      Used Available Use% Mounted on
[20:08] <alexm> /dev/mapper/tleilax-root
[20:08] <alexm>                       20806268  16389232   3368460  83% /
[20:09] <alexm> and /dev/mapper/tleilax-root in that case means logical volume root in volume group tleilax
[20:09] <alexm> Edwi1: can you please run... grep /tmp /etc/fstab ?
[20:10] <Edwi1> alexm how you could saw that information (what command)
[20:10] <Edwi1> ok alexm wait a minute...
[20:10] <alexm> Edwi1: df /tmp
[20:12] <Edwi1> alexm, grep /tmp /etc/fstab   don't showed anything
[20:13] <ivoks> mount | grep /tmp
[20:13] <Edwi1>  df /tmp/
[20:13] <Edwi1> S.ficheros         Bloques de 1K   Usado    Dispon Uso% Montado en
[20:13] <Edwi1> overflow                  1024             1024         0      100%     /tmp
[20:14] <Edwi1> sorry, it is spanish :$
[20:14] <ivoks> i said
[20:14] <ivoks> mount | grep /tmp
[20:14] <ivoks> just copy paste
[20:15] <Edwi1> ivoks: ~$ mount | grep /tmp
[20:15] <Edwi1> overflow on /tmp type tmpfs (rw,size=1048576,mode=1777)
[20:15] <ivoks> so, tmpfs, of 1MB size
[20:16] <ivoks> what did that?
[20:16] <Edwi1> yes ivoks, it seems... :-/
[20:17] <Edwi1> I don't know ivoks, this ubuntu server was installed for another person
[20:17] <alexm> but shouldn't it be an entry in fstab for /tmp?
[20:18] <ivoks> well, a script could do it
[20:18] <Edwi1> I don'tknow if the problems regarding with virtualbox can get solved resizing that filesystem, and btw how can I change it...
[20:19] <alexm> tmpfs means that /tmp is in memory not disk
[20:19] <Edwi1> alexm, unfortunately there is not any entry for /tmp in /etc/fstab  :(
[20:19] <ivoks> you don't need to resize it
[20:19] <ivoks> just umount it :)
[20:19] <ivoks> copy the data before that
[20:19] <ivoks> maybe there's something valuable
[20:19] <Edwi1> ivoks:  really?
[20:20] <ivoks> yeah
[20:20] <ivoks> mkdir /var/tmp/tmp_tmp
[20:20] <ivoks> cp -a /tmp /var/tmp/tmp_tmp/
[20:20] <ivoks> umount /tmp
[20:20] <alexm> ivoks: you're right, it's the best way
[20:20] <ivoks> and then copy it back
[20:21] <Edwi1> actually there is other people having a session on it server, it server is running an instance of vnc-server
[20:22] <Edwi1> I supose that they (remote people) will lost their session if I made that changes, right?
[20:22] <alexm> you could see if there's any file open in /tmp with ... sudo lsof /tmp
[20:25] <Edwi1> alexm, it seems that smeone is using something... please check the output of  lsof /tmp
[20:25] <Edwi1> lsof /tmp/
[20:25] <Edwi1> lsof: WARNING: can't stat() fuse.gvfs-fuse-daemon file system /home/siget/.gvfs
[20:25] <Edwi1>       Output information may be incomplete.
[20:25] <Edwi1> COMMAND     PID      USER   FD   TYPE DEVICE SIZE  NODE NAME
[20:25] <Edwi1> seahorse- 31852 dataguard  cwd    DIR   0,21  860 11868 /tmp/
[20:27] <alexm> it seems that dataguard has a gnome session on the server
[20:27] <alexm> either you tell him to logout for a while or that you'll kill his seahorse-agent
[20:28] <alexm> seahorse is the gnome app that deals with passwords and keys
[20:30] <ruben23_> hi can proceed with the installation of ubuntu
[20:30] <ruben23_> got error when formatting partion
[20:31] <ruben23_> what would i do
[20:31] <ruben23_> it stop responding and stay for long
[20:33] <Edwi1> ah ok alexm... but currently I am logged in the server as dataguard
[20:33] <alexm> ruben23_: it could be a problem with the disk, what kind of error did you get?
[20:33] <Edwi1> what could happen if I kill that process?
[20:33] <ruben23_> it just freeze for long
[20:34] <ruben23_> how do i reformat my entire disk
[20:34] <ruben23_> might resolve the problem
[20:34] <alexm> Edwi1: if you just kill it as in "kill 31852" mot much, seahorse-agent is expected to end ok
[20:35] <Edwi1> ruben23_:  you can reformat the entire disk with a livecd
[20:35] <alexm> but you can logout, go to a console and then login, perform the copy as ivoks explained, umount /tmp, logout and log back in gnome
the ubuntu installer itself../
[20:35] <ruben23_> ?
[20:37] <alexm> ruben23_: you're using the ubuntu server installer or any other?
[20:37] <Edwi1> thanks alexm, I'll kill such process...
[20:38] <alexm> Edwi1: just remember to logout and login back when finished with /tmp just in case you need seahorse-agent later
[20:39] <Edwi1> I have done a copy of /tmp to /var/tmp/tmp_tmp
[20:40] <ruben23_> ubuntu server 8
[20:40] <Edwi1> alexm, but in your opinion how much space has to have aUbuntu Server that is used only for backup data from using an application to do that?
[20:41] <Edwi1> will be doing the problem the actual size of /tmp or tmpfs ??
[20:42] <alexm> Edwi1: did umount /tmp work?
[20:42] <alexm> what does df /tmp say now?
...?
[20:43] <Edwi1> I have did not the changes yet alexm :$
[20:44] <alexm> ruben23_: to perform tests on the disk it'd be better to boot a live cd and run gparted, install smartmontools, etc.
[20:44] <Edwi1> actually I have the irc from the server  :-/
[20:45] <Edwi1> alexm, so I am thinking in just kill the process
[20:45] <alexm> ruben23_: otherwise, you should change to a console on the first step of the debian-installer booting from the ubuntu server and proceed from there on the command line
[20:45] <ruben23_> ok
[20:45] <ruben23_> then on the console
[20:46] <alexm> Edwi1: sure, i thought you had already killed it ;-)
[20:47] <Edwi1> hooray!!! I killed the process and didn't happen ;)
[20:47] <Edwi1> jajaja
[20:48] <ivoks> testdisk is the best tool for disks
[20:48] <Edwi1> for mounting again the /tmp  I just have to type: mount /tmp  to get mounted ???
[20:48] <ivoks> Edwi1: why would you do that at all?
[20:48] <ivoks> 1MB is not enough for /tmp
[20:49] <alexm> Edwi1: no, you'll be using /tmp from the / partition
[20:49] <ivoks> if you want to have /tmp in ram
[20:49] <ivoks> add something like this:
[20:50] <Edwi1> sorry, actually /tmp doesn't have its partition, it dependes under  /
[20:50] <ivoks> tmpfs /tmp tmpfs size=130000000 0 0
[20:51] <Edwi1> but, wait a minute friends... I can't umount /tmp  it says "device is busy"
[20:51] <Edwi1> lsof /tmp/
[20:51] <Edwi1> lsof: WARNING: can't stat() fuse.gvfs-fuse-daemon file system /home/siget/.gvfs
[20:51] <Edwi1>       Output information may be incomplete.
[20:53] <alexm> Edwi1: you'll have to logout
[20:53] <specto> Edwi1: you'll probably have to boot to another cd....
[20:53] <Edwi1> please, check this lsof output:
[20:53] <Edwi1> umount /tmp/
[20:53] <Edwi1> umount: /tmp: dispositivo ocupado
[20:53] <Edwi1> umount: /tmp: dispositivo ocupado
[20:53] <specto> !pastbin
[20:53] <specto> !pastebin
[20:54] <alexm> Edwi1: sorry, siget user should logout
[20:54] <alexm> or umount /home/siget/.gvfs
[20:54] <Edwi1> "dispositivo ocupado" is similar to "device is busy"
[20:55] <Edwi1> ok alexm, I will try with your last advice
[20:56] <Edwi1> alexm, it says again "device is busy"
[20:57] <alexm> Edwi1: please, run sudo lsof /tmp
[20:57] <Sam-I-Am> or fuser /tmp
[20:58] <Edwi1> alexm, losf command, now doesn't show anything
[20:59] <Edwi1> Sam-I-Am: fuser /tmp don't show anything, too
[20:59] <alexm> Edwi1: now, try to sudo umount /tmp again
[21:00] <Edwi1> alexm, /# umount /tmp/
[21:00] <Edwi1> umount: /tmp: dispositivo ocupado
[21:00] <Edwi1> umount: /tmp: dispositivo ocupado
[21:01] <Edwi1> alexm, remembering "dispositivo ocupado" is equal to "device is busy"
[21:01] <Edwi1> :-/
[21:01] <Sam-I-Am> lots of stuff writes into tmp
[21:01] <alexm> Edwi1: i know
[21:01] <Edwi1> alexm :)
[21:05] <alexm> Edwi1: new approach... sudo ls -l /proc/*/fd|grep /tmp
[21:05] <Edwi1> thanks alexm, I'll try that :)
[21:09] <Edwi1> alexm, the output of last advice you gave me is in: http://paste.ubuntu.com/213115/
[21:10] <alexm> so users dataguard and siget should logout from their sessions in order to umount /tmp
[21:11] <alexm> you could try to stop tracker et al. but it'll be a lot harder
[21:14] <Edwi1> thanks alexm, but the easy way is killing the session for siget (a remote user connected) and I have to logout
[21:15] <Edwi1> but if I had to do the hard way, how can I stop tracker ?
[21:18] <alexm> in preferences > startup applications there's a way to stop tracker
[21:18] <alexm> but you won't be able to do so for user siget
[21:19] <alexm> unless you kill all tracker processes on the system
[21:19] <Edwi1> alexm, what you can recommend me to do for user "siget"
[21:20] <alexm> i'd try to ask him to logout first
[21:22] <Edwi1> alexm, I called him by phone to his office but he is not there, so he gave permission to finish his session
[21:23] <Edwi1> he told me that doesn't left running anything on the server
[21:23] <alexm> so you're asking how to finish his session, isn't it?
[21:23] <Edwi1> yes alexm
[21:24] <alexm> since he doesn't care or recall having a session open then a "killall -u siget" should do
[21:25] <Edwi1> ok alexm, i'll do that
[21:26] <Edwi1> (btw, thanks for your help alexm)
[21:26] <alexm> :-)
[21:30] <ivoks> wow
[21:30] <ivoks> killall -u
[21:30] <ivoks> i always used slay
[21:33] <Edwi1> alexm, i'll back... I'm going to logout (I am logged as dataguard)
[21:38] <Edwi1> and I will try to umount /tmp from the console
[21:45] <ruben23_> hi if my HDD is formatted with ntfs--->can i still used it to install ubuntu...server
[21:48] <specto> ruben23_: I wouldn't, while ntfs-3g seems to perform decently compared to a native file system such as ext3 it's not acceptable for a server.  Just use a VM?
[21:49] <ivoks> ruben23_: that most probably wouldn't work
[21:49] <ivoks> you wouldn't have UNIX ACL's
 im formatting the HDD on a windows platform then put it again on my server to installed the default linux setup-but still got freeze during formatting on partition part.
[21:50] <ivoks> which would render it useless
[21:50] <specto> ruben23_: sounds like there is something wrong with your hard drive
[21:50] <ivoks> anyway, good night
[22:06] <ruben23_> how to boot on command pompt in the install cd..of ubuntu server
[22:07] <alexm> Alt-F2
 on boot up of CD..?
[22:08] <alexm> no, you must start the installation process
[22:09] <alexm> let the install process to detect your discs, etc. and then press Alt-F2
[22:09] <ruben23_> then ill press Alt_f2 on what part..?
[22:09] <ruben23_> ok
[22:09] <alexm> or Alt-F3 ... there are a few consoles open
 on the console ill reformat my HDD- with fdisk
[22:11] <alexm> the installation process will perform some interesting setup steps for you: loading modules, network settings, etc.
[22:11] <alexm> then, once on the console you can change the partition layout with fdisk, if you like to
on what part of the installation ill set ALT+f2
[22:12] <ruben23_> when it prompt me for network setup..? partition?
[22:12] <alexm> you can switch consoles anytime
[22:13] <alexm> at least wait for the discs to be detected
[22:13] <alexm> i don't have an exact picture of the whole d-i screens in my mind right now
[22:13] <ruben23_> ok hope this will work for my HDD now
[22:14] <alexm> nevertheless, you should check the disk for defects anyway
[22:14] <alexm> one way to do it is with badblocks
[22:15] <billybigrigger> hey all
[22:15] <alexm> or with dd if=/dev/sda of=/dev/null
[22:15] <alexm> or with testdisk
[22:15] <billybigrigger> anyone know why i wouldn't be able to bring up eth0? i have it set to dhcp, and i know it works, static doesn't work either
 whats your location..?
[22:16] <ruben23_> :)
[22:18] <billybigrigger> nvm, interfaces had an entry for eth0, and it needed to be eth1
[22:18] <alexm> ruben23_: i'm near barcelona, es
---ow nice..
[22:21] <ruben23_> im in the console now
[22:21] <alexm> billybigrigger: check that interface names match the right mac address in /etc/udev/rules.d/70-persistent-net.rules
[22:23] <alexm> ruben23_: the uds karmic venue was just 10 minutes away from my home ;)
[22:26] <ruben23_> nice
 are you a sysadmin..?
[22:27] <alexm> yes, i work at the upc university in barcelona
[22:34] <alexm> good night
[22:41] <ruben23_> hi can i used cfdisk on ubuntu...?
[22:41] <ruben23_> in the installation process on the console
[22:44] <ruben23_> i got error------------------------------------------------>dos compatibility flag is not set
[23:08] <DelphiWorld> hello
[23:08] <KillMeNow> Howdy
[23:08] <DelphiWorld> please how i can use static IP unstid of Using DHCP?
[23:08] <KillMeNow> you have to edit your interfaces file
[23:08] <DelphiWorld> UBUNTU SERVER 8.10
[23:09] <KillMeNow> in /etc/network/interfaces
[23:09] <DelphiWorld> ok
[23:09] <KillMeNow> make sure you read this:  man interfaces
[23:09] <KillMeNow> also make sure you are editing the right interface...  ifconfig is your friend
[23:10] <KillMeNow> ifconfig will show you all network interfaces on the system
[23:10] <DelphiWorld> ok
[23:33] <ruben23_> hi-im on ubuntu installation terminal use fdisk on partioning- then now would like to run mkfs -t ext2 /dev/hdb1------> error mksf not found
[23:36] <KillMeNow> ruben, why do you want to use ext2 filesystem?
[23:36] <KillMeNow> use ext3
[23:37] <KillMeNow> also, if you're installing Ubuntu, it can format and partion your drives for you
[23:43] <nick125> Hmm...when doing RAID/LVM in Ubuntu, where do I put my /boot? Should I create a separate partition?
[23:44] <KillMeNow> if all you have is the one RAID drive set w/o a free standing drive, you kinda have to put your /boot partition on the RAID.  Otherwise, if you have another drive you can mount that partition on a separate drive
[23:44] <KillMeNow> follow?
[23:49] <KillMeNow> here is a good article about building raid with Ubuntu:  http://advosys.ca/viewpoints/2007/04/setting-up-software-raid-in-ubuntu-server/
[23:50] <KillMeNow> this is a decent looking article as well:  http://beginlinux.com/server_training/server-managment-topics/1001-raid-5-with-lvm-on-ubuntu-804
[23:54] <KillMeNow> gotta go get some other things done but i'll be back in a while
[23:54]  * KillMeNow[A] is now away - Reason : Not here right now
sorry got disconnected----> yes i used the installation but during format my HDD freeze in progress
[23:54] <jeiworth> saaaaay guys, what would be the best solution to block a machine from communicaating with the internet, i.e. i only want to allow network traffic from and to local machines/IPs?
[23:55] <KillMeNow[A]> :jeiworth
[23:55] <Reepicheep> jeiworth: don't give the machine a gateway
[23:55] <KillMeNow[A]> that was the first suggestion before i accidentally hit enter
[23:55] <hggdh> or block it at the router
[23:56] <KillMeNow[A]> or if you wanted to be studly and set up your IPTables output chains to block all internet access except for your local networks
[23:56] <Reepicheep> or iptables, or even better.. layers are good so do them all
[23:56] <KillMeNow[A]> ok, now i am away
[23:57] <jeiworth> Reepicheep: hmm but will then be reachable over its hostname or just its ip?
[23:57] <Reepicheep> that shouldn't matter
[23:58] <KillMeNow[A]> oh yea Ruben...  if you're using older hardware (Megaraid scsi for example) I don't think ubuntu supports that anymore
 or block it at the router <-- i am trying to convince the customer to do that but their linksys doesnt seem to offer that option :-/
[23:58] <Reepicheep> that is dependent on the sources machines DNS settings and the DNS server or host file
 :)
[23:59] <KillMeNow[A]> i had a old megaraid hardware scsi raid controller and Ubuntu installs always failed on about the same place you're describing...  wound up pitching the controller for something else
[23:59] <hggdh> jeiworth, heh. Being cheap sometimes bites back ;-) But I find surprising that their router does not even provide parental controls
[23:59] <ruben23_> no im using SATA new one
[23:59] <KillMeNow[A]> ok now i am REALLY away
[23:59] <KillMeNow[A]> check to make sure that the SATA controller is in the supported hardware list