/srv/irclogs.ubuntu.com/2009/07/26/#ubuntu-server.txt

artillerytxanyone have experience with setting up name servers?00:24
pmatulis!search sensors00:25
ubottuFound: sensors, lm-sensors, lmsensors00:25
artillerytx... so if im setting up a server and dns ... how exactly does the domain mydomain.com know that the name servers are hosted as ns1.mydomain.com00:52
artillerytxbecause i don't think it will take ns1.mydomain.com as a dns server00:52
jmarsdenIt works fine.  As an example do    dig computeroptions.net ns    and notice that both nameservers are with the domain concerned.00:53
artillerytxi followed this - http://beer.org.uk/bsacdns/00:54
artillerytxand when i try to change the name servers on my domain it says that the one i created is invalid00:54
artillerytxor am trying to use00:54
jmarsdenYou need to tell your domain registrar what machines are nameservers for your domain.  if it says they are invalid, then most likely your newly created nameserver is not working right, and when the registrar check it they discover that and so won't let you set your DNS servers to a non-working server.00:55
artillerytxoh okay...00:55
artillerytxi did everything in that tutorial except to see if its working which i don't know how he did that00:56
jmarsdenDo you need to troubleshoot your new server and make sure it works and believes itself to be authoritative for the domain concerned.00:56
jmarsdenEver heard of the dig command? :)00:56
artillerytxnever00:56
jmarsdenman dig00:56
artillerytxum00:57
artillerytxwell maybe you can tell me if what im doing is completely wrong or not... I want to host a couple domains off my ubuntu server00:58
artillerytxso im creating a dns server00:58
jmarsdenSounds fine as long as you know enough to run a DNS server :)00:59
artillerytxI want to learn but it seems like i can't grasp exactly how it works00:59
jmarsdenDNS is just a global tree of databases so you can look up names and get numbers (IP addresses) back, and look up Ip addresses and get names back.01:00
artillerytxright... So if i have a domain lets say apples.com and i want that one to be the one that has the name servers associated with it like ns1.apples.com ... i added a master zone and then the name servers01:01
artillerytxand than what do i do domain side01:01
pmatulisartillerytx: who will be using this dns server to look up your domains?01:01
artillerytxpmatulis: what registrar ?01:01
artillerytxi just thought anytime you want to host a domain on a certain server you have to enter in the name servers and tell the hosting service this domain should look in this virtual folder01:02
jmarsdenartillerytx: Does that newly created nameserver *work* ?  Can you query it (with dig) and get the answers you expect?01:02
jmarsdenUntil it works, telling your registrar to use it as a master DNS server is not a good idea...01:03
artillerytxjmarsden: when i do digg @apples.com it says no server could be reached01:03
jmarsdenartillerytx: Use the Ip address sicne it is not yet registered :)  dig @12.34.56.78 apples.com01:04
artillerytxk01:04
artillerytxim behind a router i should probly open the ports01:05
giovaniartillerytx: apples.com is the domain, not the address of the server, I imagine01:05
giovanithere's no need to forward ports if you're testing internally01:05
artillerytxokay01:05
jmarsdenWhat does    dig @12.34.56.78  apples.com   do when 12.34.56.78 is the local IP on your LAN of the DNS server machine?01:06
artillerytxi tried dig @xx.xx.xx.78 longhornpcrepair.com and it says connection timed out01:06
artillerytxoh lol01:07
jmarsdenWhere xx.xx.xx.78 is a local IP address?01:07
artillerytxokay i'm seeing the name servers01:07
jmarsdenYou are testing internally...01:07
giovaniartillerytx: then either your DNS daemon isn't running, or there's a firewall in the way01:07
jmarsdenSo, now use dig to check all the info you expect (MX records, A records, etc).  When you know they are all there, you'll need to straighten out your router/firewall so the rest of the world can see this DNs server.01:08
artillerytxalright im seeing the name servers i created earlier01:08
giovaniwhere are you seeing them?01:08
artillerytxon the local ip01:08
giovaniyou said dig failed and said connection timed out01:08
artillerytxi was using the public ip01:08
artillerytxits been a long day01:09
artillerytxnow i can open the ports01:09
giovaniok, well if you have an A record for that domain ... then the answer should've been printed01:09
artillerytxoh where is says SERVER:192.168.1.2#82(192.168.1.2)01:10
artillerytxwoops01:10
artillerytxthe #number is the port i open01:11
giovanino01:11
giovaniDNS is run over port 5301:12
artillerytxforgive me if i sound super idiotic this is just very new and strange01:12
artillerytxOkay so what do i need to do so that my registrar will let me use ns1.apples.com01:13
giovaniwell you're in the middle of a topic you haven't really learned yet, so it's normal for it to be new and strange01:13
jmarsdenartillerytx: Straighten out your firewall so the world can see your DNS server on TCP and UDP port 53.01:13
giovaniartillerytx: you need to register your nameservers with your registrar, each registrar has different ways of doing this01:13
jmarsdenThen ask your registrar to use your server as the master DNS server for your domain.01:13
jmarsdenUntil your newly created DNS server exists (and works) on the Internet, your registrar is unlikely to let you use it, because for everyone except you, it does not yet really exist :)01:14
giovaniI don't know of registrars that prevent you from using inactive DNS servers01:15
giovanibut he'll need to register his nameservers first if he wants them to be referenced as nsX.apples.com01:15
artillerytxokay well i opened the port 5301:16
jmarsdenartillerytx: Do you have a way to test frm the outside?  ssh to a remote machine and dig from there to @yy.yy.yy.yy apples.com where that is your public Internet Ip of the DNS server?01:17
artillerytxhow do i check and see if the world can see it01:17
artillerytxjmarsden: no i don't01:17
jmarsdenOr tell me what the IP and apples.com are and I can test it from here... :)01:18
artillerytxcan i PM you ?01:18
jmarsdenSure.01:18
giovaniartillerytx: this isn't a secret, you've already pasted your domain name into the channel01:18
giovaniand your nameserver's IP can't be private01:18
artillerytxthats true01:18
artillerytxwell my domain isn't apples.com01:19
giovaniI'm aware01:19
giovaniyou pasted it earlier01:19
artillerytxOh okay01:19
artillerytxhaha sorry i trust you guys01:19
giovaniwell trust us or not, the channel is logged on the internet01:19
artillerytxk01:20
artillerytxso it would be @75.43.20.78  dns1.longhornpcrepair.com01:20
artillerytxi guess01:20
giovanino ...01:20
giovaniwe're not looking for an A record for dns1.01:21
giovanibut yes, your DNS server is reachable from the internet01:21
giovaniso you can continue setting things up01:22
artillerytxhooray01:22
artillerytxargg still not taking it01:22
artillerytxis there something special i need to do to get them to take it01:23
giovaniartillerytx: I told you that you need to *register* your name servers first02:32
artillerytxhow do you do that02:32
ballkirkland: ping04:55
ballGoodnight everyone05:02
uvirtbot`New bug: #404768 in bacula (universe) "package bacula-director-mysql 2.4.4-1ubuntu5 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/40476807:36
Skaaghow do I get pure-ftpd to recognize a symlink?09:11
=== NCommand` is now known as NCommander
nai1sirkHas anyone enabled SELinux on a ubuntu server?13:11
andy1234124hi13:19
andy1234124I can't setup apache2 mod_rewrite properly under ubuntu(it works well under windows, but not ubuntu).13:20
andy1234124anyone there?13:21
RoyKandy1234124: works for me (tm)13:32
RoyKhave you enabled it?13:32
andy1234124yes.13:38
andy1234124Royk: yes13:38
andy1234124it works for some pattern13:39
RoyKerm13:39
RoyKok?13:39
RoyKit's still only apache - the code is the same13:40
andy1234124under windows, all the patterns are ok. but under ubuntu, some are ok, some don't work.13:40
RoyKwhat versions of apache?13:40
andy1234124apache2.213:41
andy1234124there are apache2.conf, http.conf, sites-enabled/000-default, i am not sure which file should I add the rules?13:42
giovaniandy1234124: this is probably much more relevant for #apache (they probably know more definitively)14:06
andy1234124giovani: thanks14:07
andy1234124RoyK: thanks14:08
giovanimy initial guess is either your rules are for a different version syntax, or they weren't written to spec initially, and now they're broken in the newer version, or there are some minor differences between the *nix/windows versions14:09
andy1234124ah, interesting. I moved the rules into that specific directory, then it works14:12
giovaniyou said some were working, some weren't14:12
giovanithat doesn't really make sense if they were in the wrong directory14:12
andy1234124no. i put those things globally inside apache2.conf14:13
andy1234124sorry for the confusion. now i moved them to sites-enabled/000-default, then everything is ok14:14
andy1234124but still don't understand why can't put things at the end of apache2.conf.14:17
giovaninobody said you can't -- it's just messy, and definitely not scalable14:17
giovaniyou'll appreciate one-config-per-site when you have a few hundred/thousand of them, trust me :)14:20
andy1234124:) thanks a lot. i don't know much about apache, i'll definitely read the apache manual ag.14:21
=== giovani|work is now known as cubision|somewhe
=== cubision|somewhe is now known as giovani|notwork
uvirtbot`New bug: #404905 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 [modified: /var/lib/dpkg/info/mysql-server-5.0.list] failed to install/upgrade: subproces pre-installation script gaf een foutwaarde 1 terug" [Undecided,New] https://launchpad.net/bugs/40490516:46
artillerytxis there no apache module for ebox19:09
fightskillzhi, is there a log that shows ssh user actions?19:49
giovani|notworkfightskillz: you mean shell commands?  That's up to the shell to record20:11
fightskillzmy server got hacked this morning, I wanted to see what they did after they ssh-ed in.. assuming they didn't delete their tracks20:13
giovani|notworkfightskillz: do you know which user they logged in as?20:14
fightskillznot yet, i'm gonna boot up and grab the logs and then decide what to do.. just want to make sure i get them all20:17
giovani|notworkwell there's no need to "get" them all -- whatever's there is there20:17
giovani|notworkpresuming the users use the bash shell, they'll have a file in their home directory named .bash_history20:18
artillerytxwoo i registered my name servers20:18
artillerytxhow do i remove ebox ?20:18
giovani|notworkartillerytx: sudo apt-get remove ebox20:18
artillerytxi didn't know ebox wasn't really for web servers20:19
fightskillzi'm concerned that they'll ssh in again and delete the log files. but thanks i'll download the home directories too20:19
giovani|notworkfightskillz: if the system has been compromised, you shouldn't be placing it back on the network at all, so that shouldn't be a concern20:20
=== artillerytx__ is now known as chrislabeard
fightskillzcatch 22?20:22
giovani|notworkthat's not a catch-2220:22
giovani|notworkthat's incident response 10120:23
giovani|notworkunless you're *trying* to get the attacker to log back in20:23
fightskillzya but how do i look at the log files without putting it on the network20:23
giovani|notworkyou connect via keyboard, serial console, IPMI, KVMoIP, whatever20:24
chrislabeardis there an alternative to webmin thats not ebox20:24
giovani|notworkchrislabeard: there are others ... none are supported here20:25
chrislabeardgiovani|notwork: the only one that is supported is ebox ?20:25
fightskillz ipmi20:25
giovani|notworkchrislabeard: yes20:26
fightskillzsorry, ignore that20:26
chrislabeardgiovani|notwork: why ebox sucks20:26
chrislabeardgiovani|notwork: wait it doesn't suck just takes more time to set up20:26
giovani|notworkchrislabeard: because ebox is the only one that works with debian/ubuntu properly20:26
chrislabeardexcuse me20:26
giovani|notworkif it were up to me, none of them (including ebox) would be supported20:26
giovani|notworkbut clearly there's too much demand to say no20:26
chrislabeardyeah20:27
chrislabeardcause people like me will just use the web panel instead of actually know whats going on20:27
giovani|notworkwhich leads to many problems down the road20:27
chrislabeardyeah20:28
giovani|notworkyeah, so I advise against using any kind of "web panel"20:28
giovani|notworkfor sever administration20:28
chrislabeardalright what about like phpmyadmin ?20:28
chrislabeardthat shouldn't be that bad20:29
chrislabeardjust mysql20:29
giovani|notworkit's bloat, it opens up a host of security risks, and it keeps you from learning how to actually use mysql20:29
giovani|notworkbut you're clearly free to use it20:30
=== giovani|notwork is now known as giovani
chrislabeardman i'm getting a syntax error when i try to start apache20:42
giovanichrislabeard: presumably you mean a syntax error in your config files -- you should check them with "apachectl configtest"20:44
chrislabeardmmk20:45
giovani(this is in the apache manual, and all over google)20:45
fightskillzlol, so instead of taking your advice, I booted my server and downloaded the log files before shutting it down again..  within 10 seconds iftop was showing a bunch of ssh connections from other ips. i'm still looking through the logs but looks like they never actually got in. one set of hackers were brute forcing usernames and the other brute forcing passwords, what's funny is it's been going on for days and i only noticed it or t21:06
fightskillzhought to look after seeing suspicious apache log. i've gotta get on top of this21:06
giovaniyeah ...21:07
giovanithis is why IDSes are useful21:08
giovaniyou would've seen it instantly21:08
fightskillzagreed i've been a fool. a FOOL!21:10
giovanior even just log monitoring21:17
chrislabeardyou guys know of any way to be able to see my webserver inside my network .. it works fine outside my network but i can't go to the live url and see it21:22
giovanichrislabeard: you can use its internal ip21:22
chrislabeardgiovani: true21:23
giovanior have your internal dns resolve the external domain to your internal ip21:23
chrislabeardis this working http://75.43.20.78:80/ for you guys21:43
fightskillzIt works!21:44
chrislabeardhooray21:44
chrislabeardwhat about http://longhornpcrepair.com21:44
giovanichrislabeard: yep, it works21:44
chrislabeardgreat21:44
fightskillzditto21:45
chrislabeardno i need to figure out how exactly virtual hosts work21:45
giovaniapache has great docs on the subject21:45
chrislabeardyeah im reading it right now21:45
chrislabeardso whenever i want to host another domain i create another virtual server add a new record to my dns server and that should be good21:46
chrislabeardim still reading thats just what im assuming right now21:46
chrislabeardso each domain has its own virtual server21:49
fightskillzdns will direct requests to your ip address, vhosts will direct those incoming requests based on port and requested domain/subdomain to a folder21:50
giovanichrislabeard: no, there's no "virtual server"21:52
giovanijust a virtual name host21:52
chrislabeardgiovani: yeah sorry21:52
giovanipresuming you want all of your sites to be on the same IP21:53
giovaniif not, then you use ip-based virtual hosts21:53
chrislabeardalright.. so i have a new domain i assign my dns servers to it... they will look on my server to see if i have created a host for this domain21:54
giovaniok21:58
chrislabeardalright i think i understand how it works now22:00
Acshello22:09
AcsI have this entry in my crontab22:10
Acs30 * * * * /home/acs/update.php22:10
Acsshouldn't this run every 30minutes?22:10
Acsevery time the script is ran it writes to a log file and I have log dates an hour apart instead of 30m22:10
Acsanyone?22:11
Acsis there something wrong with how I set up the time??22:13
giovaniAcs: no, that's incorrect22:14
giovanithe first field should be "*/30" to get the job to run every 30 minutes22:14
giovaniputting 30 in there means that it will run every hour at the 30 minute mark22:16
Acsoooohh of course22:16
Acsgiovani thanks22:16
giovaniif you know specific minute-marks you want it to run at, you can specify them22:17
Acsgiovani I really just want this to run every 30 m22:17
giovaniok22:17
giovanithen */30 will be what you want22:17
Acsso it will be like22:17
Acs*/30 * * * * /home/acs/update.php22:17
Acsthanks giovani22:17
giovaniAcs: yep22:18
chrislabeardanyone ever setup proftpd?22:37

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!