=== Guest46165 is now known as nandemonai [00:47] https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-patch [00:47] is this new? or simply never used? [00:48] no idea, first i heard of it [00:49] archives are empty so apparently nothing has ever gone out on it [00:49] im writing out some linux patching policies for work [00:49] already did the rhel doc [00:49] now im working on Ubuntu [00:50] sounds like too much fun [00:50] meh, it's interesting [00:50] beats dealing with users [00:50] heh [00:50] suppose so [00:51] looking for a comparable way to email security patch alerts [00:51] course, at this point in time, i would be happy to work with users as i'm unemployed at the moment [00:51] ideally, just the packages we have installed [00:51] but it kinda looks like traffic on security announce is light [00:52] i would say take a look at debian [00:52] since Ubuntu mainly gets it's packages from Debian [00:52] right... [00:52] if something needs to be patched @ debian, Ubuntu is likely to follow shortly [00:52] https://lists.ubuntu.com/archives/ubuntu-security-announce/ [00:53] there's also a website / rss feed [00:53] but i was wondering whether there was something installable [00:53] i got a "minor" problem, if anyone have encountered this and know how to fix it please msg me [00:53] iceonnet@homeserver:~$ sudo visudo [00:53] iceonnet is not in the sudoers file. This incident will be reported. [00:53] like a trigger to apt-get or cron job === ice|work is now known as iceonnet [00:54] ice|work: are you in the sudoers file? [00:54] no i saved it [00:54] and exited [00:54] err [00:54] kinda sqrewed it up i guess [00:54] ice|work: is your user in the sudoers file? [00:54] yea, so the message is pretty clear Iceonnet [00:54] pwnguin: no, that is what i realized when i was done and got the message [00:54] KillMeNow, yeah it is [00:55] it means that the username iceonnet isn't in the sudores file or it doesn't have permissions [00:55] i did add this, [00:55] apache ALL=NOPASSWD:/usr/sbin/useradd, \ [00:55] /bin/mkdir, /bin/ln, /bin/chown [00:55] tho apache doesn't have any passwd [00:56] yea, and the command you gave it was sudo visudo [00:56] KillMeNow: actually, i think something like apticron would suffice [00:56] !info apticron [00:56] apticron (source: apticron): simple tool to mail about pending package updates. In component universe, is extra. Version 1.1.28 (jaunty), package size 14 kB, installed size 112 kB [00:56] hey pwnguin, that looks like a good solution [00:57] yea, i was hoping people in here would know more than i could find with apt-cache search :P [00:57] at least then you would have some type of an idea when something is coming up... however will it cover your security patch issue? [00:57] well, im comfortable with canonical's turnaround time [00:57] yea, they are pretty quick usually [00:58] as long as i mandate that -security is in soruces.list, we'll be fine I think [00:58] iceonnet.. you added the sudo rights of /bin/mkdir /bin/ln /bin/chown and /usr/sbin/useradd [00:59] yeah its for a apache project [00:59] yea, but for the user iceonnet doesn't have /usr/sbin/visudo rights [01:00] follow? [01:00] yup [01:00] at least that's what i'm guessing from what you said you added [01:01] so add /usr/sbin/visudo for iceonnet in the sudoers file [01:01] well i can't access the visudo file since i removed admin group rights for sudo [01:02] i guess i just should reinstall the whole thing [01:02] do you have root? [01:02] root isn't set up from a fresh install is it? [01:02] not usually [01:03] usually the initial username you create during install has sudo su rights [01:03] yeah [01:03] so you can get to root [01:03] but some ppl enable root after the fact [01:03] how do i enable it? just f.ex do passwd root | set password? [01:04] if you didn't do this, and then changed the sudoers file, then yea i can't think of any workaround off the top of my head [01:04] lemme think about it for a second [01:05] try this... sudo passwd root [01:05] if you can change the password, log out and then try logging in as root [01:06] ok [01:06] if you can log in as root, you're saved from a reinstall [01:06] iceonnet@homeserver:~$ sudo passwd root [01:06] [sudo] password for iceonnet: [01:06] iceonnet is not in the sudoers file. This incident will be reported. [01:06] so i guess reinstall is the next stem [01:06] *step [01:08] hate to say it, yea [01:08] think that's the case [01:08] iceonnet: Since apache has "sudo ln" access you might be able to save a copy of /etc/passwd, edit it, and then ln the copy over top of /etc/passwd. [01:08] Not sure if the system checks the ownership of the file. [01:08] well, how far in to this are you? [01:09] Give root a password and then log in as root. [01:09] if you just installed it and haven't done much to the system, i might just chuck it and start over [01:09] otherwise, try Eric's suggestion [01:09] i just installed the server, apache, mysql, php and vsftpd, just done the basic setup [01:10] so i guess i just should start over, its about 15-20 mins of installing and setting it up again [01:10] yea, that's what i would do [01:10] If the system doesn't like a non-root-owned /etc/passwd, then you could overwrite any file which root runs regularly (after saving a clean copy). [01:10] but i would also create a new account to use instead of the initial one you used [01:10] pwnguin: it's not used yet [01:10] my way is more fun :) [01:11] heh [01:11] HACKERY! :D [01:11] but yeah, starting over and documenting or automating the correct setup steps is a good idea. [01:12] In case it wasn't clear, I also believe that giving an account sudo access to random commands is almost the same as giving it root access. [01:15] about the root enabling, should i just do a passwd root, after the installation? [01:15] if you want to enable root access via ssh [01:15] I think an attacker could also get root with "useradd" and "chown". I'm still thinking about mkdir. [01:16] i would recommend creating a new user besides the elevated user account at install [01:17] then i would give that other user account whatever rights you were looking to do... you usually DON"T want to allow root login besides from superuser [01:17] AFK for a few [01:20] any security-team people around? i was directed here. i have a DoS security bug against ubuntu's packaging apache that appears to be stuck in the process... [01:21] New bug: #396813 in mysql-dfsg-5.0 (main) "karmic: file conflict when installing mysql" [Undecided,New] https://launchpad.net/bugs/396813 [01:28] https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/394350 [01:28] Launchpad bug 394350 in apache2 "RLimitCPU has no effect in Apache" [Undecided,Incomplete] [01:39] hey guys, i've turn ufw logging to full, grep all of /var/log but found no trace of ufw log. what should i do ? [01:43] i've never used the Ubuntu Firewall as a frontend, i've always used IPKungfu [01:44] try sudo ufw logging on [01:44] KillMeNow: that's pretty funny [01:44] why is that? [01:44] yes i know that they are both front ends for iptables [01:44] KillMeNow: the name (IPKungfu) [01:45] ooh [01:45] yea, i've used it since like 2001 [01:45] graphical? [01:45] when i got tired of beating my head on the table trying to get IPtables done right [01:45] no, it's all cmd line [01:45] it has several config files [01:45] ok [01:45] yeah, iptables is the dog's breakfast [01:46] www.linuxkungfu.org [01:46] plus the guy who wrote it is hella nice [01:47] that helps [01:47] KillMeNow: i tried ufw logging full [01:47] hi [01:47] how do i disable the ubuntu server firewall...? [01:48] yea, talked to him here on freenode in #ipkungfu [01:48] come on guys, '$ man ufw' [01:48] is it builtin installed on the fresh ubuntu installed..? [01:48] yea, man ufw shows 'ufw logging on | off [01:48] yes, ufw is installed by default [01:49] pmatulis: i did [01:49] well it says on the first few lines: ufw disable [01:50] sorry, mixing you guys up [01:50] that was for ruben23 [01:50] # ufw logging on [01:50] Logging enabled [01:50] oh hahahhaa... yea 2 ppl here talking about UFW [01:50] how about already installed openssh but getting network refuse when ssh on the ubuntu server [01:50] ufw status [01:50] Status: active [01:50] To Action From [01:50] -- ------ ---- [01:50] 22 ALLOW Anywhere [01:51] it's active [01:51] it's running [01:51] but i can't find any log anywhere [01:51] lol [01:51] fool_: looks good but i would disable ufw and then test ssh [01:51] pmatulis: ssh's working [01:52] fool_: so what's the problem? [01:52] pmatulis: no log anywhere [01:52] he's looking for the physical log file in /var/log [01:52] it doesn't show allowed connections i think [01:52] pmatulis: when i turned on ufw aptitude couldn't work, and when i tried to look for logs i couldn't find any [01:52] only connections rejected correct pmatulis? [01:53] how about me, ssh not working--> i got network refuse error [01:53] KillMeNow: i turned on full logging and still no log [01:53] fool_: calm down [01:53] hrm... ruben23 [01:53] disable ufw and try ssh again [01:54] i just type command ufw logging off.. [01:54] pmatulis: oh my bad [01:54] if you've flushed your iptables and you still can't connect to ssh, is your box behind a firewall and is the firewall forwarding port 22? [01:54] ruben type in ufw disable [01:54] ok [01:54] that should turn off the firewall [01:55] then try to connect to ssh port 22 [01:55] if it works, viola [01:55] fool_: are you good now? [01:55] you need to add the rule in to ufw [01:55] pmatulis: no [01:55] have you read the man page for ufw ruben? [01:55] pmatulis: when i turned on ufw aptitude couldn't work, and when i tried to look for logs i couldn't find any <<< [01:55] so i'm stuck on those 2 problems [01:56] fool_: '$ sudo ufw logging high' [01:56] fool_: that will give you a 'high' level of logging [01:56] pmatulis: i tried with full w/o any luck [01:56] fool_: then '$ tail -f /var/log/kern.log' [01:57] no luck---->still getting network refuse [01:57] ruben23: is ufw disabled? [01:57] yes [01:57] disable now [01:57] ruben23: did you flush your iptables rules? [01:58] i just disable [01:58] '$ sudo iptables -F' IIRC [01:58] no flush [01:58] please do [01:58] iptables --flush [01:58] pmatulis: nothing [01:58] oh yea, sudo iptables --flush [01:58] then you can type in iptables --list [01:58] that should show you all your iptables rules [01:58] you shouldn't see any [01:59] ok in aminute [01:59] pmatulis: i'm looking at syslog/kern.log/messages/dmesg and it shows up nowhere [01:59] hey fool_ have you checked in /var/log/messages for any ufw messages? [01:59] i'm reading a forum post on ubuntuforums and someone posted that it may be logging in messages [02:00] pmatulis: i'm looking at syslog/kern.log/messages/dmesg and it shows up nowhere << KillMeNow [02:00] try sudo cat /var/log/messages | grep -i ufw [02:01] fool_: and what do you expect to see there? is it blocking stuff? [02:01] pmatulis: there is nothing, no messages [02:01] lol [02:01] say if it's blocking aptitude or something at least there'd be some messages [02:02] but there's nothing [02:02] :/ [02:02] fool_: why do you think it's blocking aptitude, that makes no sense [02:02] does aptitude work now with firewall rules in? [02:02] fool_: AFAIK, ufw blocks incoming only [02:02] if now, disable it and then flush your iptables [02:02] pmatulis: because aptitude works when i disabled ufw and doenst when i enable it [02:02] yea, another reason i used IPkungfu [02:03] very strange [02:03] ok, that would make some type of sense... check your rules... did you block a outbound port range? [02:03] pmatulis: yep, that's why i'm hear for help [02:03] lol [02:03] fool_: did you confirm that there are no other rules active? [02:03] pmatulis: nope [02:03] unless ufw status lie to me [02:04] guys [02:04] '$ sudo iptables -L -n' [02:04] still cant login through ssh [02:04] network refuse [02:04] ok, is the ssh service running? [02:04] ruben23: so you flushed the rules or not (i'm getting tired) [02:04] check your services [02:04] sudo netstat -nap | more [02:05] but when /etc/init.d/ssh restart ------> got this no such file directory [02:05] check to see if the ssh daemon is listening to port 22 [02:05] done already as youve said [02:05] all done [02:05] ruben23: guess sshd is not listening then [02:05] well, then it sounds like you don't have sshd installed [02:05] apt-get install sshd [02:05] KillMeNow: no [02:05] no? [02:05] package is 'openssh-server' [02:05] ooh yea [02:06] woulda figured that out soon enough [02:06] ruben23: did you install this package? [02:06] doing it now apt-get install openssh-server [02:07] * pmatulis packs up [02:07] ow..this is a fresh install ubuntu... [02:07] do i need to enable something on the sources list..? [02:07] before i can do apt-get install packages [02:08] man [02:08] he's gone [02:08] you might, but it wasn't broken after i installed ubuntu [02:09] http://pastebin.ca/1487592 << here's the pastebin if anyone care tolook [02:09] looking [02:10] i'm not sure why you are accept UDP for port 22 and 80 [02:11] uhm that's irrelevant to my problem isn't it ? [02:11] yep [02:11] most likely [02:11] just saying [02:12] well i just enable the ports so it doesn't matter udp or tcp [02:12] unless there's a good reason i should specify [02:13] just thinking of flooding maybe... [02:13] course it really doesn't matter since there is no udp socket for port 22 [02:13] or port 80 [02:13] guys ssh-server is installed [02:13] bug 394350 [02:13] Launchpad bug 394350 in apache2 "RLimitCPU has no effect in Apache" [Undecided,Invalid] https://launchpad.net/bugs/394350 [02:13] on the ubuntu server [02:14] KillMeNow: yeah so what should i do about aptitude and no logging problem ? [02:14] damn peculiar [02:14] your output chain looks ok [02:15] and aptitude is all out bound [02:15] lol uh huh [02:15] that's what puzzled me too [02:15] i thought my isp pulled my leg for a min or something [02:15] it makes no sense [02:15] then i realized i just turned ufw on [02:16] kees: only thing I can think of on that one is that the kernel does some of the enforcing, and I saw something on the kernel list a couple of months ago about fixing it [02:16] my suggestion, try using ipkungfu [02:16] it's hella easy to install and the config files are very self explanatory [02:16] what version you running? [02:16] latest? [02:17] yes [02:17] jaunty [02:17] ok ruben, start it and try to connect to ssh [02:18] yeah.. [02:18] still no succes [02:18] did it work? [02:18] no still [02:18] leave the firewall turned off [02:18] i got no such fiel or directory [02:18] make sure openssh-server is started [02:18] ajmitch: nah, it behaved correctly for me on hardy [02:19] sudo /etc/init.d/ssh status <--type this in ruben [02:19] all i can say is that i can't see really anything broken by your UFW rules fool_ [02:20] KillMeNow: i don't either [02:20] lol [02:20] but things are borken [02:20] brb [02:20] fool_: Turn on logging and see what gets logged by your UFW rules. [02:20] LOL... he has [02:20] it's not logging either [02:20] Then if nothing is logged, it isn't UFW/iptables doing the breaking... [02:21] getting nothing in either /var/log/messages [02:21] well it works when we turn UFW off [02:22] Very strange... did you paste the iptables ruleset from when it is turned on somewhere... I just got home from work, have not scrolled back very far... [02:22] yea here: http://pastebin.ca/1487592 [02:22] nothing in the ruleset that i can tell is limiting the outbound connections [02:22] inbound looks ok as well [02:24] kees: maybe there some some updates which have fixed it, very hard to say for sure :) [02:24] KillMeNow: Yes, that looks pretty boring... does netstat -ntlp show sshd on port 22? [02:25] jmarsden: ssh is working [02:25] i think jmarsden is looking at Ruben23's sshd issue [02:25] oh my bad [02:25] two firewall types of rule problems jmarsden... ruben23 and fool_ [02:26] Oh, I may be confusing the two... OK. [02:26] ruben23 is that he didn't have openssh-server installed [02:26] ajmitch: did it not work for you at some point? [02:26] So for fool_ when UFW is enabled what exactly breaks -- what is the symptom? [02:26] fool_ has all that working, but when IPTables is turned ON - aptitude fails [02:27] kees: I haven't tried it, but it's something that I should use [02:27] I just saw the bug earlier & did a little checking since I'd touched apache2 recently [02:27] KillMeNow/fool_: Does FTP to other sites work with UFW enabled? Does HTTP to other sites work with UFW enabled? [02:28] jmarsden: one sec let me try wget something [02:29] sorry, i'm doing about 40 different things at the moment [02:29] trying to reimage my wife's laptop from WDS, back up my Ubuntu box for update and watch this too LOL [02:29] fool_: It might also be good to try ftp to the site you are using in sources.list for apt/aptitude, using wget or a conventional ftp client such as lftp [02:29] jmarsden: ufw on, wget doesn't work [02:30] fool_: for http, or for ftp, or for both? [02:30] jmarsden: for http [02:30] let me try ftp [02:32] fool_: OK. Are you set up to use any kind of proxy server, for FTP or for HTTP? Anything like squid or some more proprietary software or hardware "in the way"? [02:32] jmarsden: nope [02:33] say if i do this wget http://mirror.mcs.anl.gov/pub/ubuntu-iso/DVDs/ubuntu/hardy/release/ubuntu-8.04.1-dvd-i386.iso [02:33] then disable ufw [02:33] it'll run [02:33] then enable ufw [02:33] it'll stop [02:33] and so on and so forth [02:33] lol [02:33] no squid no proxy no cache [02:34] i'm on a vps if that changes anything [02:34] kernel 2.6.18-128.1.1.el5.028stab062.3 [02:34] Do you control the whole physical machine -- or are you renting the VPS from a provider? [02:35] i'm renting the vps [02:35] ahhh [02:35] OK. So we don't really know what the provider does once packets leave your virtual machine... [02:35] but it shouldn't matter should it ? [02:35] since it's working when ufw is turned off ? [02:35] Well, it means we can't test or run tcpdump on the host OS instance, for example... [02:36] so what should i do ? [02:36] Your pastebin of the ruleset does not seem to show UFW logging enabled -- are you *sure* it is enabled? [02:37] we had him turn it off i think [02:37] then disabled the ufw [02:37] jmarsden: cat /etc/ufw/ufw.conf [02:37] # /etc/ufw/ufw.conf [02:37] # [02:37] # set to yes to start on boot [02:37] ENABLED=yes [02:37] # set to one of 'off', 'low', 'medium', 'high' [02:37] LOGLEVEL=full [02:37] Try sudo ufw logging on and then test again? [02:39] i've been doing tail -f on syslog/kernlog/messages/dmesg since the beginning [02:39] lol [02:39] nothing comes up [02:39] weird as heck :/ [02:40] No.... sudo ufw logging on # and then grep "UFW BLOCK" /var/log/* [02:41] nothing [02:42] OK. You did a wget or whatever after enabling the logging, right? Anwyay, I need to go, unfortunately (to eat and then out to play guitar)... back in ~2 hours or so I expect. Hopefully you'll have found and fixed it before that! [02:43] yes [02:43] it's werid as hell [02:43] gah, sometimes i really hate M$ crap [02:44] OK... definitely weird... When you find the asnwer say so here... I'll log the channel so I find out what the answer was :) [02:44] i still think you should try ipkungfu [02:44] see if that works for you [02:44] mainly cause i like ipkungfu [02:45] KillMeNow: this is not M$ crap [02:45] KillMeNow: afaik this ufw is maintained by ubuntu devs [02:45] no, i mean myself [02:45] been fighting with M$ WDS all afternoon [02:45] jmarsden: sure will , bon appetite [02:45] microsofts windows deployment services [02:45] it's a pita [02:46] yeap... i'm sure UFW is maintained by ubuntu devs [02:46] but it's just a frontend for doing IPtables [02:46] i don't use UFW, but i also own the server mine is on [02:47] but if you think it's UFW, you can install ipkungfu, configure it and see if the problem persists [02:47] either way, i'm curious to know what the issue is as well [02:49] haha if i have to get used to ipkungfu again then i might as well learn iptables [02:50] it's pretty easy to use, but ok [02:51] well it's time for me to go [02:51] have a good one [03:02] fool_: some vps providers don't compile in all the necessary modules for ufw. See http://bazaar.launchpad.net/~jdstrand/ufw/trunk/annotate/head%3A/README [03:02] * jdstrand is just passing by... [03:05] fool_: I'm on my way out the door, but your pastebin also lacks a bunch of rules regarding state RELATED that my UFW setup has... which coudl be highly relevant to your issue... [03:08] fool_: See http://pastebin.ubuntu.com/212336/ [03:39] How can I resize LVM partitions? [03:41] it's werid as hell [03:43] jdstrand: http://bazaar.launchpad.net/~jdstrand/ufw/trunk/annotate/headA/README gives me internal server error [03:43] jmarsden: thanks [03:44] fool_: that is .../head%3A/... [04:08] jdstrand: so addrtype, comment, hl, limit , multiport, recent and state are the only required modules right ? === s_markow_ is now known as s_markow [05:25] Other than the server guide, what's another good documentation source for Ubuntu Server-related things? [05:50] I use an external smtp server to send/receive mail how to configure ubuntu to do the same?? I understand that postfix is the default MTA, should I use that or go for exim?? [05:52] In Ubuntu's networking configuration file, is there a way to either specify that the default kernel route not be added or have it removed? [05:52] nick125: "default kernel route"? [05:53] do you mean default network route? [05:53] lamont: For instance, if I add the IP address 192.168.1.1/24, it'll add a route from 192.168.1.0/24 to 0.0.0.0 [05:54] Since my server will have two interfaces with IPs in the same subnet, it seems to get confused if both routes are there. [05:58] nick125: if the two interfaces are set static, then only at a gateway line to one of their declarations... and you should only get one default route. [05:58] Something like http://pastebin.ubuntu.com/212420/ [05:59] jmarsden: On one interface, there is only one host that I need to communicate to, so on my current setup, I remove the default kernel route and replace it with 192.168.1.24/32 to 192.168.1.24/32. [06:02] ??? There is no such thing as a "kernel route". And routing from A to A is... pretty useless by definition, you are already *at* A so no need to route to it. Overall it sounds like you are trying to do something you do not fully understand... what are you trying to achieve? pastebin me a little ASCII art diagram, or something? [06:02] sure, one second. [06:07] http://pastebin.ubuntu.com/212427/ [06:08] Sorry, my ASCII diagrams really suck....and that line there didn't break like it should've :( [06:09] http://pastebin.ubuntu.com/212428/ [06:09] You want two different networks, both 192.168.1.x, connected to the same server, and route between them? The logical answer is don't do that, renumber one of them, or bridge them. [06:10] The problem is that I _can't_ renumber one of them. [06:10] Then, as far as I know, you need a bridge, not a router to join them. [06:11] Hmmm. [06:11] Worst case could you make one into 192.168.1.0/25 and the other into 192.168.1.128/25 so they are different? [06:11] Here's the problem: I have a static IP block from my DSL provider, and the modem has a static IP from within the block... [06:12] And they won't give the DSL modem a different IP unless I pay them $50. [06:12] ($50 for another IP block for the DSL modem) [06:12] The usual approach is to put the "DSL modem" (which is usually a modem/router really) into bridge mode... [06:13] Can't. My provider uses PPPoA. [06:13] So, unless I find a supported USB modem or PCI modem, I'm screwed on that. [06:14] I've asked and begged them to support PPPoE, and they refuse. [06:14] And you need all 254 IPs? for doing what? [06:15] there are definitely PPPoA DSL modems that do some form of bridging, I've got a cheap linksys one at home that does that [06:15] Well, it's actually a /28...I made up some numbers :p [06:15] ajmitch: The modem will do bridging, it's just that I can't actually do PPPoA on my server. [06:16] the modem does 'half-bridging' to use its term - it does the PPPoA [06:16] ajmitch: Well...this modem has a half-bridging feature, it's just that....it doesn't work. [06:16] heh [06:16] And the vendor doesn't plan on doing a firmware update [06:17] even though there is a _major_ security bug in them that allows anyone to bypass the "password" security..... [06:17] not to mention the bug where it resets the password every time the modem power cycles. [06:17] Time to buy a new ADSL modem/router ? [06:18] Might not be a bad idea.....but most of them are really......awful. [06:18] Google for linux pppoa and you'll probably find forums where this is discussed, and pick one with lowest awfullness ?? [06:19] Or... write a PPPoA driver for Linux :) [06:19] There may actually be one already? [06:19] You can't do PPPoA over Ethernet ;-) [06:21] I spent hours and hours trying to figure it out before I realized that daunting fact [06:22] I guess I could just drop the line to remove that pesky route into /etc/rc.local [06:23] Hey, if that works for you, and saves you $50... it's worth a try! [06:24] I was hoping that there was a nicer way to do it, but I'm guessing I'm probably the only one with this screwed up setup :p [06:25] If you change the local LAN subnet to something else and do NAT on the server, does that not get you what you need? [06:26] jmarsden: I'm already doing NAT....but I still need to assign public IPs to machines in the LAN :( [06:27] No, you assign all the public IPs to the one server interface on the ADSL modem side of things, and assign local IPs to each machine on the LAN... [06:27] Then do one to one NAT in the server. [06:28] I've done 1:1 NAT before...but then you get into problems when you try to use the public IPs inside of the network [06:29] So I end up having to setup a separate DNS server somewhere that points to the local IPs....so when I go to nick125.com, instead of getting the public IP, I'll get the local IP. [06:30] Yes, you probably would... local DNS server can be on your server (the one with 2 NICs) -- you already have that server, so use it... [06:31] Maybe I should just redesign my network to not be so....quirky. [06:31] Yes. I don't know if the NAT approach is really any cleaner than adding a line to rc.local... just trying to think up alternatives. [06:32] Or, if the $50 is a one time fee... just pay the $50 :) [06:32] Well, it's $50 plus $1/month....on top of the $80USD I'm paying them a month. [06:33] OK... now compute what your time is worth redesigning the network and testing odd configurations etc etc... is it work $50 plus $1/month to you to avoid that headache? [06:33] I'm not sure, especially considering that I might switch ISPs next month. [06:34] Well, if you can switch that easily... drop a line into rc.local for a month, and clean up once you switch ISPs :) [07:29] <\sh> moins [08:21] New bug: #393450 in samba (main) "[SRU] pam_winbind Use incorrect value for password expiry calculation" [Undecided,Fix committed] https://launchpad.net/bugs/393450 [08:29] <_ruben> hm .. i thought there was a way to tell cron to not log to syslog only for certain cronjobs .. cant seem to find anything on it though :( [08:38] yeah, that's been bugging me too [08:38] you can send a script's output do /dev/null though :) [08:40] that's what I do as well [08:40] <_ruben> that has nothing to do with cron itself logging to syslog though :) === hito_jp0 is now known as hito_jp [09:01] i'm thinking about using etckeeper [09:01] any good reason to use bzr and not the default git? [09:07] any news on the ssh remote exploit rumor . [09:07] ? [09:07] http://isc.sans.org/diary.html?storyid=6742 === scfh_ is now known as scfh [10:53] hi, i have installed ubuntu server 9.04 on a simple desktop machine to act as a file server. i seem to have a network card issue which im unable to fix [10:54] in the middle of large file transfers the ethernet card silently fails. there are no kernel error messages and the machine does not freeze [10:54] bringing down and up the ethernet interface fixes it [10:55] i'm unable to fix it and need some help. it is using the via_rhine driver [11:23] does anyone know how to set up ftp access to authenticate via mysql, ive tried the vsftp and mysql tutorial on howtoforge but its not working [11:45] is this command correct? sudo /usr/sbin/useradd -m -p -s /bin/sh [11:47] <_ruben> i'd put the username last as last parameter to be sure, looks fine otherwise [11:47] ok, let me try that [11:48] look man useradd and man adduser [11:51] thank you very much, worked like a charm =) [11:53] is there any way to force a user to log out? [11:55] <_ruben> kill all of its shells [11:57] to find the shells i write ps -x? === dantalizh is now known as dantalizing [13:33] th0m: nothing concrete to my knowledge, just rumours [13:33] th0m: panicking's likely to be unhelpful [13:46] how could i find the process which sendmail ? [13:46] i'm cleaning a box, cant find the process spamming (think of apache, but cant find in the log) [13:46] is there a way to identify the process executing the sendmail cmde ? [13:57] th0m: I'm beginning to get the picture, please check your situations. 1) Are you in troubles that your server are spaming e-mails without your will? 2) Are you use some web-apps? or not? [13:58] replace the sendmail process with a shell wrapper that prints its parent process id ($PPID) to a log file and then execs the real sendmail === andreas__ is now known as ahasenack [16:41] New bug: #397054 in samba (main) "package samba-common 2:3.3.2-1ubuntu3.1 failed to install/upgrade: Unterprozess post-installation script gab den Fehlerwert 1 zur?ck" [Undecided,New] https://launchpad.net/bugs/397054 [17:23] hi [17:24] how do i check if openssh-server is installed on the ubuntu server [17:24] dpkg --list | grep openssh [17:25] (or grep openssh-server to be super specific, but I find a wider net is often more useful in case one has the package name wrong or made a typo) [17:27] hello [17:28] i need someone to help me set up apache and print server [17:28] !print server [17:28] Sorry, I don't know anything about print server [17:28] !print [17:28] Printing in Ubuntu is done with cups. See https://help.ubuntu.com/community/Printers - https://wiki.ubuntu.com/HardwareSupportComponentsPrinters - http://linuxprinting.org - Printer sharing: https://wiki.ubuntu.com/NetworkPrintingFromWindows [17:41] the output is ll client, an rlogin /rsh/rcp repla 1:4.7p1-8ubuntu 1.2 [17:41] is my openssh server installed..? [17:49] hi i do dpkg --list | grep openssh then -------------> ii open ssh - client ll client, an rlogin /rsh/rcp repla 1:4.7p1-8ubuntu 1.2 [17:49] is my openssh server installed..? [17:51] ruben23_: nope, openssh-client is just the client stuff, you don't seem to have openssh-server [17:52] Unless the server package name changed drastically after 8.04 [17:55] anyone have idea.. [17:56] can't you just aptitude install openssh-server ? [17:57] sudo apt-get install openssh-server should work [17:57] yes i already do that.. [17:58] should i enable something first on my source.list [17:58] this is a fresh install [17:59] ruben23_: no, its on every installation [17:59] ruben23_: even jeos [17:59] i cant login through it [17:59] remotely [17:59] ruben23_: that could be other problems [18:00] ruben23_: ps aux | grep ssh [18:00] ssh is installed by default on ubuntu server [18:00] ok [18:00] ruben23_: sudo netstat -natp | grep sshd [18:01] ok [18:01] What does it say? [18:01] in a minute got disconnected-need to reboot the server.. [18:30] ...? [18:30] for my ps aux | grep ssh [18:31] 4425 0.0 0.0 5164 800 tty1 s+ 22:42 <-------------------output [18:31] netstat -natp | grep sshd [18:31] i got emty output [18:31] empty [18:32] ruben23_: what does this say? sudo lsof -i tcp:ssh [18:33] ok [18:34] this is what is saying for me: [18:34] COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME [18:34] sshd 3225 root 3u IPv4 23143 TCP *:ssh (LISTEN) [18:34] sshd 3225 root 4u IPv6 23145 TCP *:ssh (LISTEN) [18:35] sorry getting hard to transfer im not on terninal [18:35] writing the details on the server now [18:36] ok then, ruben23_ [18:36] just look for those LISTEN entries [18:36] are they on the lsof output? [18:37] check if it is running 'ps aux | grep ssh [18:38] ps aux | grep ssh------------------------>4425 0.0 0.0 5164 800 tty1 s+ 22:42 [18:39] unknow protocol for lsof -i tcp:ssh [18:40] what about... sudo lsof -i tcp:22 [18:40] specto: i'd suggest to grep for sshd instead [18:40] as in ps aux | grep sshd [18:44] maybe i guess need to reload the OS server itself [18:44] again [18:45] Good morning everyone [18:47] ruben23_: no, there's no need to reboot [18:48] is lsof -i tcp:22 giving you the same error? [19:17] Cheers [19:18] Got an issue with networking, our interfaces file is setup properly. when calling "ifup eth0" the interface is brought up properly. However, /etc/init.d/networking (re)start dose not bring the device up as expected. What could we be doing wrong here? [19:47] hi guys [19:47] i have install ubuntu server 8 [19:48] during installation [19:48] i was not prompt for network configuration [19:48] directly goto hostname and partitioning [19:48] ruben23_: by default the installer uses dhcp [19:48] ok [19:49] on the partition side what would i best select..? [19:49] ruben23_: totally depends on what type of server it's going to be [19:49] what is the default by it..? [19:50] use entire disk [19:50] ruben23_: I don't know if there is a hard and fast default, but the most flexible IMHO is LVM entire disk, that is if you don't know exaclty how you want the layout up front [19:52] ok [19:53] sommer: i usually set up /boot outside LVM, maybe for historical reasons, isn't non-lvm /boot needed anymore? [19:54] alexm: nope... at least I've never had a problem putting /boot on LVM [19:55] alexm: but I think the automated whole disk lvm will create a seperate /boot so you're probably right that's a safer way to go [19:55] hi people [19:56] i'm sure i had problems with that in the past with this, so i was just wondering [19:56] s/ with this// [19:57] sommer: btw, i installed nagios3 and munin following the karmic serverguide and it worked wonders [19:58] i just missed a note explaining how to setup munin plugins (i found it in munin docs anyway) [19:58] I have a problem installing virtualbox 3, it says that Ther is no enough space in /tmp while it tries to compile a kernel module for virtualbox, how can I change the space of /tmp ? (thanks in advance) [19:58] alexm: good to hear :) [19:59] so, what's the deal now? [19:59] we have to submmit bug reports for syncs from debian? :) [19:59] isn't that the procedure after debian freeze, or whatever the freeze is? [20:00] https://wiki.ubuntu.com/DebianImportFreeze [20:00] let's read... [20:01] ok... i request a sync from debian :) [20:01] any core dev around? :) [20:01] sorry, I don't mentioned that I am using Ubuntu Server 8.04 LTS [20:02] Edwi1: is /tmp on lvm? [20:02] alexm is /tmp [20:03] but I don't see where can I define or resize it [20:03] Edwi1: what does df /tmp say? [20:04] I was googling for a while and in some site says that it's chageable in /etc/fstab but I could not see anything abount /tmp or /tmpfs [20:05] Edwi1: please, can you tell what says df /tmp? [20:06] alexm: df -h /tmp/ [20:06] Filesystem Used Disp Usage% Mounted [20:06] overflow 1.0M 1.0M 0 100% /tmp [20:07] overflow? it's the first time i see this [20:07] alexm sorry if something is bad translated [20:07] yeah, alexm... me too! :O [20:08] Edwi1: this is what i get [20:08] Filesystem 1K-blocks Used Available Use% Mounted on [20:08] /dev/mapper/tleilax-root [20:08] 20806268 16389232 3368460 83% / [20:09] and /dev/mapper/tleilax-root in that case means logical volume root in volume group tleilax [20:09] Edwi1: can you please run... grep /tmp /etc/fstab ? [20:10] alexm how you could saw that information (what command) [20:10] ok alexm wait a minute... [20:10] Edwi1: df /tmp [20:12] alexm, grep /tmp /etc/fstab don't showed anything [20:13] mount | grep /tmp [20:13] df /tmp/ [20:13] S.ficheros Bloques de 1K Usado Dispon Uso% Montado en [20:13] overflow 1024 1024 0 100% /tmp [20:14] sorry, it is spanish :$ [20:14] i said [20:14] mount | grep /tmp [20:14] just copy paste [20:15] ivoks: ~$ mount | grep /tmp [20:15] overflow on /tmp type tmpfs (rw,size=1048576,mode=1777) [20:15] so, tmpfs, of 1MB size [20:16] what did that? [20:16] yes ivoks, it seems... :-/ [20:17] I don't know ivoks, this ubuntu server was installed for another person [20:17] but shouldn't it be an entry in fstab for /tmp? [20:18] well, a script could do it [20:18] I don'tknow if the problems regarding with virtualbox can get solved resizing that filesystem, and btw how can I change it... [20:19] tmpfs means that /tmp is in memory not disk [20:19] alexm, unfortunately there is not any entry for /tmp in /etc/fstab :( [20:19] you don't need to resize it [20:19] just umount it :) [20:19] copy the data before that [20:19] maybe there's something valuable [20:19] ivoks: really? [20:20] yeah [20:20] mkdir /var/tmp/tmp_tmp [20:20] cp -a /tmp /var/tmp/tmp_tmp/ [20:20] umount /tmp [20:20] ivoks: you're right, it's the best way [20:20] and then copy it back [20:21] actually there is other people having a session on it server, it server is running an instance of vnc-server [20:22] I supose that they (remote people) will lost their session if I made that changes, right? [20:22] you could see if there's any file open in /tmp with ... sudo lsof /tmp [20:25] alexm, it seems that smeone is using something... please check the output of lsof /tmp [20:25] lsof /tmp/ [20:25] lsof: WARNING: can't stat() fuse.gvfs-fuse-daemon file system /home/siget/.gvfs [20:25] Output information may be incomplete. [20:25] COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME [20:25] seahorse- 31852 dataguard cwd DIR 0,21 860 11868 /tmp/ [20:27] it seems that dataguard has a gnome session on the server [20:27] either you tell him to logout for a while or that you'll kill his seahorse-agent [20:28] seahorse is the gnome app that deals with passwords and keys [20:30] hi can proceed with the installation of ubuntu [20:30] got error when formatting partion [20:31] what would i do [20:31] it stop responding and stay for long [20:33] ah ok alexm... but currently I am logged in the server as dataguard [20:33] ruben23_: it could be a problem with the disk, what kind of error did you get? [20:33] what could happen if I kill that process? [20:33] it just freeze for long [20:34] how do i reformat my entire disk [20:34] might resolve the problem [20:34] Edwi1: if you just kill it as in "kill 31852" mot much, seahorse-agent is expected to end ok [20:35] ruben23_: you can reformat the entire disk with a livecd [20:35] but you can logout, go to a console and then login, perform the copy as ivoks explained, umount /tmp, logout and log back in gnome [20:35] the ubuntu installer itself../ [20:35] ? [20:37] ruben23_: you're using the ubuntu server installer or any other? [20:37] thanks alexm, I'll kill such process... [20:38] Edwi1: just remember to logout and login back when finished with /tmp just in case you need seahorse-agent later [20:39] I have done a copy of /tmp to /var/tmp/tmp_tmp [20:40] ubuntu server 8 [20:40] alexm, but in your opinion how much space has to have aUbuntu Server that is used only for backup data from using an application to do that? [20:41] will be doing the problem the actual size of /tmp or tmpfs ?? [20:42] Edwi1: did umount /tmp work? [20:42] what does df /tmp say now? [20:42] ...? [20:43] I have did not the changes yet alexm :$ [20:44] ruben23_: to perform tests on the disk it'd be better to boot a live cd and run gparted, install smartmontools, etc. [20:44] actually I have the irc from the server :-/ [20:45] alexm, so I am thinking in just kill the process [20:45] ruben23_: otherwise, you should change to a console on the first step of the debian-installer booting from the ubuntu server and proceed from there on the command line [20:45] ok [20:45] then on the console [20:46] New bug: #397143 in drbd8 (universe) "Please merge drbd8 2:8.3.2-1 (main) from Debian unstable" [Medium,Confirmed] https://launchpad.net/bugs/397143 [20:46] Edwi1: sure, i thought you had already killed it ;-) [20:47] hooray!!! I killed the process and didn't happen ;) [20:47] jajaja [20:48] testdisk is the best tool for disks [20:48] for mounting again the /tmp I just have to type: mount /tmp to get mounted ??? [20:48] Edwi1: why would you do that at all? [20:48] 1MB is not enough for /tmp [20:49] Edwi1: no, you'll be using /tmp from the / partition [20:49] if you want to have /tmp in ram [20:49] add something like this: [20:50] sorry, actually /tmp doesn't have its partition, it dependes under / [20:50] tmpfs /tmp tmpfs size=130000000 0 0 [20:51] but, wait a minute friends... I can't umount /tmp it says "device is busy" [20:51] lsof /tmp/ [20:51] lsof: WARNING: can't stat() fuse.gvfs-fuse-daemon file system /home/siget/.gvfs [20:51] Output information may be incomplete. [20:53] Edwi1: you'll have to logout [20:53] Edwi1: you'll probably have to boot to another cd.... [20:53] please, check this lsof output: [20:53] umount /tmp/ [20:53] umount: /tmp: dispositivo ocupado [20:53] umount: /tmp: dispositivo ocupado [20:53] !pastbin [20:53] Sorry, I don't know anything about pastbin [20:53] !pastebin [20:53] pastebin is a service to post multiple-lined texts so you don't flood the channel. Ubuntu pastebin is at http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic [20:54] Edwi1: sorry, siget user should logout [20:54] or umount /home/siget/.gvfs [20:54] "dispositivo ocupado" is similar to "device is busy" [20:55] ok alexm, I will try with your last advice [20:56] alexm, it says again "device is busy" [20:57] Edwi1: please, run sudo lsof /tmp [20:57] or fuser /tmp [20:58] alexm, losf command, now doesn't show anything [20:59] Sam-I-Am: fuser /tmp don't show anything, too [20:59] Edwi1: now, try to sudo umount /tmp again [21:00] alexm, /# umount /tmp/ [21:00] umount: /tmp: dispositivo ocupado [21:00] umount: /tmp: dispositivo ocupado [21:01] alexm, remembering "dispositivo ocupado" is equal to "device is busy" [21:01] :-/ [21:01] lots of stuff writes into tmp [21:01] Edwi1: i know [21:01] alexm :) [21:05] Edwi1: new approach... sudo ls -l /proc/*/fd|grep /tmp [21:05] thanks alexm, I'll try that :) [21:09] alexm, the output of last advice you gave me is in: http://paste.ubuntu.com/213115/ [21:10] so users dataguard and siget should logout from their sessions in order to umount /tmp [21:11] you could try to stop tracker et al. but it'll be a lot harder [21:14] thanks alexm, but the easy way is killing the session for siget (a remote user connected) and I have to logout [21:15] but if I had to do the hard way, how can I stop tracker ? [21:18] in preferences > startup applications there's a way to stop tracker [21:18] but you won't be able to do so for user siget [21:19] unless you kill all tracker processes on the system [21:19] alexm, what you can recommend me to do for user "siget" [21:20] i'd try to ask him to logout first [21:22] alexm, I called him by phone to his office but he is not there, so he gave permission to finish his session [21:23] he told me that doesn't left running anything on the server [21:23] so you're asking how to finish his session, isn't it? [21:23] yes alexm [21:24] since he doesn't care or recall having a session open then a "killall -u siget" should do [21:25] ok alexm, i'll do that [21:26] (btw, thanks for your help alexm) [21:26] :-) [21:30] wow [21:30] killall -u [21:30] i always used slay [21:33] alexm, i'll back... I'm going to logout (I am logged as dataguard) [21:38] and I will try to umount /tmp from the console [21:45] hi if my HDD is formatted with ntfs--->can i still used it to install ubuntu...server [21:48] ruben23_: I wouldn't, while ntfs-3g seems to perform decently compared to a native file system such as ext3 it's not acceptable for a server. Just use a VM? [21:49] ruben23_: that most probably wouldn't work [21:49] you wouldn't have UNIX ACL's [21:49] im formatting the HDD on a windows platform then put it again on my server to installed the default linux setup-but still got freeze during formatting on partition part. [21:50] which would render it useless [21:50] ruben23_: sounds like there is something wrong with your hard drive [21:50] anyway, good night [22:06] how to boot on command pompt in the install cd..of ubuntu server [22:07] Alt-F2 [22:08] on boot up of CD..? [22:08] no, you must start the installation process [22:09] let the install process to detect your discs, etc. and then press Alt-F2 [22:09] then ill press Alt_f2 on what part..? [22:09] ok [22:09] or Alt-F3 ... there are a few consoles open [22:10] on the console ill reformat my HDD- with fdisk [22:11] the installation process will perform some interesting setup steps for you: loading modules, network settings, etc. [22:11] then, once on the console you can change the partition layout with fdisk, if you like to [22:12] on what part of the installation ill set ALT+f2 [22:12] when it prompt me for network setup..? partition? [22:12] you can switch consoles anytime [22:13] at least wait for the discs to be detected [22:13] i don't have an exact picture of the whole d-i screens in my mind right now [22:13] ok hope this will work for my HDD now [22:14] nevertheless, you should check the disk for defects anyway [22:14] one way to do it is with badblocks [22:15] hey all [22:15] or with dd if=/dev/sda of=/dev/null [22:15] or with testdisk [22:15] anyone know why i wouldn't be able to bring up eth0? i have it set to dhcp, and i know it works, static doesn't work either [22:16] whats your location..? [22:16] :) [22:18] nvm, interfaces had an entry for eth0, and it needed to be eth1 [22:18] ruben23_: i'm near barcelona, es [22:21] ---ow nice.. [22:21] im in the console now [22:21] billybigrigger: check that interface names match the right mac address in /etc/udev/rules.d/70-persistent-net.rules [22:23] ruben23_: the uds karmic venue was just 10 minutes away from my home ;) [22:26] nice [22:26] are you a sysadmin..? [22:27] yes, i work at the upc university in barcelona [22:34] good night [22:41] hi can i used cfdisk on ubuntu...? [22:41] in the installation process on the console [22:44] i got error------------------------------------------------>dos compatibility flag is not set [23:08] hello [23:08] Howdy === nandemonai_ is now known as nandemonai [23:08] please how i can use static IP unstid of Using DHCP? [23:08] you have to edit your interfaces file [23:08] UBUNTU SERVER 8.10 [23:09] in /etc/network/interfaces [23:09] ok [23:09] make sure you read this: man interfaces [23:09] also make sure you are editing the right interface... ifconfig is your friend [23:10] ifconfig will show you all network interfaces on the system [23:10] ok [23:33] hi-im on ubuntu installation terminal use fdisk on partioning- then now would like to run mkfs -t ext2 /dev/hdb1------> error mksf not found [23:36] ruben, why do you want to use ext2 filesystem? [23:36] use ext3 [23:37] also, if you're installing Ubuntu, it can format and partion your drives for you [23:43] Hmm...when doing RAID/LVM in Ubuntu, where do I put my /boot? Should I create a separate partition? [23:44] if all you have is the one RAID drive set w/o a free standing drive, you kinda have to put your /boot partition on the RAID. Otherwise, if you have another drive you can mount that partition on a separate drive [23:44] follow? [23:49] here is a good article about building raid with Ubuntu: http://advosys.ca/viewpoints/2007/04/setting-up-software-raid-in-ubuntu-server/ [23:50] this is a decent looking article as well: http://beginlinux.com/server_training/server-managment-topics/1001-raid-5-with-lvm-on-ubuntu-804 [23:54] gotta go get some other things done but i'll be back in a while === KillMeNow is now known as KillMeNow[A] [23:54] * KillMeNow[A] is now away - Reason : Not here right now [23:54] sorry got disconnected----> yes i used the installation but during format my HDD freeze in progress [23:54] saaaaay guys, what would be the best solution to block a machine from communicaating with the internet, i.e. i only want to allow network traffic from and to local machines/IPs? [23:55] :jeiworth [23:55] jeiworth: don't give the machine a gateway [23:55] that was the first suggestion before i accidentally hit enter [23:55] or block it at the router [23:56] or if you wanted to be studly and set up your IPTables output chains to block all internet access except for your local networks [23:56] or iptables, or even better.. layers are good so do them all [23:56] ok, now i am away [23:57] Reepicheep: hmm but will then be reachable over its hostname or just its ip? [23:57] that shouldn't matter [23:58] oh yea Ruben... if you're using older hardware (Megaraid scsi for example) I don't think ubuntu supports that anymore [23:58] or block it at the router <-- i am trying to convince the customer to do that but their linksys doesnt seem to offer that option :-/ [23:58] that is dependent on the sources machines DNS settings and the DNS server or host file [23:58] :) [23:59] i had a old megaraid hardware scsi raid controller and Ubuntu installs always failed on about the same place you're describing... wound up pitching the controller for something else [23:59] jeiworth, heh. Being cheap sometimes bites back ;-) But I find surprising that their router does not even provide parental controls [23:59] no im using SATA new one [23:59] ok now i am REALLY away [23:59] check to make sure that the SATA controller is in the supported hardware list