[00:05] <TimReichhart> alright I got a other question how to I know if my modem is linked to tty port because right now its on /dev/536ep0
[00:08] <jmedina> ls -l /dev/ | grep 536?
[00:09] <TimReichhart> alright here is the output crw-rw---- 1 root   dialout 240,   1 2009-08-13 19:04 536ep0
[00:12] <CppIsWeird> qman__: [16:06] <qman__> CppIsWeird, amd64 is the common, modern 64-bit architecture -- modern xeons and core 2s and i7s use the amd64 architecture
[00:12] <CppIsWeird> interesting, i did not know that.
[00:12] <giovani> really?
[00:12] <giovani> heh
[00:13] <giovani> technically its name is x86-64
[00:13] <giovani> but amd branded it amd64
[00:15] <jmedina> yea, amd owns sparc developers
[00:22] <TimReichhart> is there anyway that I can sym link my modem from /dev/536ep0 to a ttyS0?
[00:23] <giovani> TimReichhart: I'd recommend making it /dev/modem instead
[00:24] <giovani> as /dev/ttyS0 probably refers to an actual port
[00:24] <giovani> you can do this with udev rules
[00:27] <TimReichhart> giovani can you tell me how to sym link it to /dev/modem
[00:27] <giovani> TimReichhart: which release of ubuntu are you using?
[00:27] <TimReichhart> 8.04.3 TLS
[00:30] <giovani> TimReichhart: adding something along the lines of KERNEL=="536ep0", SYMLINK+="modem" to /etc/udev/rules.d/60-symlinks.rules should do the trick
[00:30] <giovani> you may or may not have to add some permissions in the permissions rules file
[00:31] <giovani> experiment, and use google
[00:31] <giovani> if you have problems
[00:32] <giovani> then issuing a "sudo /etc/init.d/udev restart" should put that into place
[00:32] <TimReichhart> giovani: the problems I am having is IM trying to get the modem to come on online on hylafax but when I do faxstat its just saying waiting for modem to come ready
[00:32] <HellMind> how can I remove the rules That I added here before.rules
[00:32] <giovani> TimReichhart: that's unrelated to symlinking, but alright
[00:32] <HellMind> cuz my server is portforwarding
[00:32] <giovani> HellMind: I don't understand your question
[00:33] <HellMind> I forwarded a port adding rules to before.rules
[00:33] <HellMind> Now, i removed that rule
[00:33] <HellMind> I restarted ufw
[00:33] <HellMind> I flushed every iptables table
[00:33] <TimReichhart> giovani: but see my modem is in a different loaction then what hyalfax is looking for my modem is listed as 536ep0 instead of ttyS0
[00:33] <HellMind> but the port is still being forwarded
[00:33] <giovani> HellMind: sorry, I'm not familiar with ufw
[00:34] <giovani> TimReichhart: you can tell hylafax to look anywhere you like
[00:35] <HellMind> argh why damn UFW it blacklisted a port :@ I cant use it anymore
[00:36]  * jmedina loves shorewall
[00:37] <jmedina> real firewall
[00:37] <giovani> haha
[00:37] <giovani> shorewall is not a firewall
[00:37] <giovani> it's a configuration tool
[00:37] <jmedina> :)
[00:37] <jmedina> I know
[00:37] <giovani> so let's not give it any credit beyond that
[00:37] <jmedina> ok
[00:38] <HellMind> what were they thinking bring ubuntu server with that damn ufw
[00:38] <stainer> most people firewall long before the server
[00:38] <jmedina> HellMind: whate are you using something that you dont understan?
[00:39] <jmedina> dnot blame ubuntu developers, if you have problems report a bug
[00:40] <TimReichhart> giovani: it seems like I dont have a /dev/modem listed
[00:40] <jmedina> well time to go offline
[00:40] <TimReichhart> giovani: so I cant do the sym linking
[00:43] <giovani> TimReichhart: you absolutely can ... I've told you how to do it
[00:43] <giovani> however, there's no need to make a symlink just for hylafax
[00:43] <giovani> it'd just be for aesthetics
[00:44] <TimReichhart> well im trying to get hylafax to work
[00:44] <TimReichhart> its just the modem im trying to get online
[00:44] <giovani> right, and I've explained
[00:45] <giovani> that hylafax can be told to use any device name, so you don't need a symlink
[00:45] <giovani> however, if you'd like to create a symlink, I told you how to go about that as well
[00:49] <clusty> hey
[00:49] <clusty> i did a usermod -a -G vboxusers <my user> to allow myself to use VirtualBox, but this wont work
[00:50] <clusty> afterwords when i doa  groups, i do not see the vboxusers listed
[00:50] <clusty> clues on what can be going on?
[00:50] <giovani> clusty: you need to log out and log back in
[00:50] <giovani> for groups to apply
[00:51] <clusty> no difference
[00:51] <giovani> heh
[00:51] <giovani> then you didn't run the command properly
[00:51] <clusty> /etc/groups contains:
[00:51] <clusty> vboxusers:x:135:j.dittmer,vlazar
[00:52] <clusty> i am second
[00:52] <giovani> you need to log out
[00:52] <giovani> and log back in
[00:52] <giovani> period
[00:52] <giovani> it will work
[00:52] <clusty> i am in a VNC session
[00:52] <clusty> kill vnc?
[01:15] <faileas> I'm running an IRC/Web server for personal use, and i'm looking for a easy solution to back it up. My hardware's a little old, so i'd like something that'd backup the whole system, and restore it to a bare metal system, without needing to take it down for backups. Any suggestions i should look at?
[01:48] <gop> hi
[01:48] <gop> in joomla, I am getting "he FTP settings are not valid or your FTP server is not compatible with Joomla!:
[01:48] <gop> The function "STOR" failed
[01:48] <gop> anyone here on ubuntu got joomla to work with ubuntu server
[01:57] <mathiaz> jtimberman: hey
[01:58] <mathiaz> jtimberman: I've acked a couple of your sync requests (see my email)
[01:58] <mathiaz> jtimberman: what is left on REVU? merb and chef?
[01:59] <foxbuntu> faileas, the only thing I know that can do bare metal restores in Linux on a live server atm is Acronis, its not OSS and not free, but I have worked with their products for a long time and love them, however if you are looking for something free and OSS then you might consider looking at CloneZilla (can't image the server live) or using dd (also requires being offline), if you don't need bare metal restores a cron job and tarballs will
[01:59] <foxbuntu> do the trick
[02:01] <faileas> foxbuntu: i got acronis home. I've done a tarball of the whole system, and plan on doing periodic database dumps, and home directory dumps (since a lot of things run as a normal user at the moment)
[02:02] <foxbuntu> faileas, that should about cover it, although there is no need for whole system backups
[02:02] <foxbuntu> faileas, whole system tarballs that is
[02:03] <foxbuntu> faileas, I personally just grab /home /etc usually
[02:03] <faileas> foxbuntu: lol, yeah, i'm still trying things
[02:03]  * faileas thinks between /var/www, /home/ircd/ and the database i should be covered
[02:03] <foxbuntu> faileas, yeah
[02:04] <foxbuntu> faileas, sorry, wasnt thinking about web
[02:04] <foxbuntu> faileas, the other thing you might was to grab is the package list
[02:04] <faileas> i run web and irc (unreal/anope, a jbouncer bnc (i don't like psybnc) and qwebirc
[02:04] <faileas> lol
[02:04] <faileas> i know what i installed.. pretty much nothing non standard but java
[02:05] <foxbuntu> faileas, yeah...I usually grab one after I get a server deployed and then again after any major change
[02:05] <foxbuntu> seems to work for my needs, but thats me
[02:05] <foxbuntu> :)
[02:06] <faileas> i got it deployed (again) last week. Its been up and down since i'm running on junk hardware ;p
[02:06] <foxbuntu> lol
[02:06] <foxbuntu> I understand that
[02:06]  * faileas does note a tarball is only 620 mb ;p
[02:06] <faileas> *full
[02:06] <foxbuntu> yea
[02:06] <foxbuntu> the system is pretty light weightttt
[02:07] <faileas> it isn't even running ubuntu server. its running minimal, with the necessary things
[02:07] <foxbuntu> ah
[02:07] <foxbuntu> Ubuntu JeOS eh?
[02:07] <faileas> (screen/screen profiles, java, lamp stack)
[02:07] <faileas> no, ubuntu minimal
[02:07] <foxbuntu> ah
[02:07] <foxbuntu> right
[02:07] <foxbuntu> JeOS is VM optimized
[02:08] <faileas> this is live hardware. PIII 450, 640 mb ram, 40 gb hard disk space
[02:08] <foxbuntu> nice
[02:08] <faileas> I'm not sure, but i'm told its a bad idea to run an irc server on a VM if you intend to link it
[02:08] <faileas> (which i might)
[02:08] <foxbuntu> I think my cable box has more power ;P
[02:08] <faileas> passively cooled, only fan is in the PSU ;p
[02:09] <foxbuntu> irc server or proxy?
[02:09] <faileas> (i have a atom box which i use as a 'loaner' desktop, which'll replace this when i goes down
[02:09] <faileas> both
[02:09] <foxbuntu> Im on my proxy right now (have been for a year) and its a vm
[02:10] <foxbuntu> but I do run VMWare ESX, not the freebie VM
[02:10] <faileas> oh, for the VM?
[02:10] <faileas> server - since lots of VMs don't have accurate clocks, and IRC linking is VERY dependant on accurate clocks
[02:11] <foxbuntu> oh, the clocks are easy nuff to fix
[02:12] <foxbuntu> I hoestly havent worked much with KVM but would assume the same of it
[02:15] <jtimberman> mathiaz: hey there, i was eating.
[02:16] <mathiaz> jtimberman: hey - my dinner is almost ready here ;)
[02:16] <jtimberman> mathiaz: also added in REVU are coderay (http://revu.ubuntuwire.com/p/coderay), stompserver (http://revu.ubuntuwire.com/p/stompserver), and libsystemu-ruby (http://revu.ubuntuwire.com/p/libsystemu-ruby)
[02:17] <jtimberman> with those others ack'd in launchpad, how long until they sync into karmic?
[02:17] <mathiaz> jtimberman: I'll ping an archive admin so that we can get them done before the end of the week
[02:18] <jtimberman> Sweet
[02:18] <mathiaz> jtimberman: are the syncs required for building the packages on REVU?
[02:18] <jtimberman> for installing
[02:18] <jtimberman> chef requires the mixlib
[02:18] <jtimberman> Chef packages taht is, require the mixlibs
[02:18] <jtimberman> we wrote the mixlibs too :)
[02:19] <mathiaz> jtimberman: ok
[02:19] <jtimberman> mathiaz: since there was overlap in functionality for those in ohai and chef, we split them out to be useful libraries for other ruby developers too.
[02:22] <jtimberman> mathiaz: by 'end of the week', do you mean tomorrow? :D
[02:22] <mathiaz> jtimberman: what about libsyntax-ruby  ?
[02:22] <mathiaz> jtimberman: yes
[02:22] <jtimberman> unneeded with chef 078, we switched to coderay
[02:22] <mathiaz> jtimberman: ok
[02:22] <jtimberman> Debian didn't want syntax because its 'unmaintained' per the author of the library himself.
[02:22] <mathiaz> jtimberman: I'll nuke http://revu.ubuntuwire.com/p/libsyntax-ruby then
[02:22] <jtimberman> who also suggested coderay to replace it, as thats what he's using.
[02:23] <jtimberman> thanks, i thoguht i did that but it might not like me.
[02:24] <mathiaz> jtimberman: right - it doesn't seem to have work for me either
[02:24] <mathiaz> jtimberman: anyway everything is upload to REVU now
[02:24] <mathiaz> jtimberman: I'll give it a look next week
[02:25] <mathiaz> jtimberman: if you can find another ubuntu dev to sponsor it the better ;)
[02:25] <jtimberman> Thom said he would back up on that. and per my email, ScottK had talked to btm about it some time ago but I haven't heard anything from him yet.
[02:27] <jtimberman> mathiaz: fwiw, i've set up an apt repo and tested that 'apt-get install {chef,chef-server}' gets the desired functionality. :)
[02:31] <mathiaz> jtimberman: Have you looked at PPAs to publish your own chef packages?
[02:32] <mathiaz> jtimberman: https://help.launchpad.net/Packaging/PPA
[02:33] <jtimberman> this was on my internal testing VM and LAN
[02:44] <randy_> Can anyone help me setup 2 nic cards in ubuntu server 9.04. One for the internet with static ips and the other one for the intranet with dynamic ips (192.168.1.2/50).
[02:45] <giovani> haha
[02:51] <twb> randy_: what is there to set up?
[02:54] <giovani> randy_: man interfaces
[03:07] <randy_> My setup right now isn't working so I am trying to fix it.
[03:08] <twb> randy_: what part isn't working?
[03:09] <randy_> I have a cox modem with a switch between it and the router. The router is set as dhcp server. The nic card with the static ip addresses on it is connected to the switch. The other nic card is connected to the router with "automatically get ip and dns"
[03:09] <twb> Incidentally, /50 doesn't make sense.
[03:09] <twb> You can only go up to /32, which specifies a single IP
[03:10] <randy_> yeah, the /50 means the ip address range that is leased from dhcp.
[03:10] <twb> I don't think I like your router, then
[03:11] <randy_> It doesn't have the /50 in it. that is just the way I wrote it to say that I have it set up to lease 48 addresses.
[03:11] <randy_> 59
[03:11] <randy_> 49 I mean
[03:13] <twb> That's still retarded
[03:14] <twb> a.b.c.d/e by convention means a CIDR block
[03:16] <giovani> randy_: so anyway ... what's the actual problem?
[03:20] <randy_> I can't reach the server from the outside world nor can I ping the other computers on the router. They can ping each other but not the server.
[03:22] <randy_> I setup the /etc/network/interfaces file with the correct ip address, netmask, and gateway given to me by cox. I set them up as eth0 and the intranet I setup as eth1 and dhcp.
[03:25] <randy_> from my home I can ping the gateway which is 24.249.166.129 but not the first of 5 ip addresses 24.249.166.138 through 142.
[03:29] <twb> randy_: are there machines using those IPs?
[03:30] <randy_> The 5 static ips are all going to be on one nic card on the server. Right now only one is setup and it is 24.249.166.138.
[03:30] <twb> Does the server know that it owns those five IPs?
[03:31] <twb> It will not respond to pings for IPs it doesn't care about.
[03:31] <randy_> Right now, no. I was going to setup the other four with webmin after I can reach it on the static ip that is already set just not working.
[03:32] <twb> Sorry, I will not help webmin users.
[03:32] <giovani> webmin is officially unsupported here
[03:32] <twb> Plus, I really hate it
[03:32] <randy_> I understand. I just need to get the one address working. Can you help me?
[03:34] <randy_> I would rather not use webmin either, is there another way to administer a web site from remote?
[03:34] <twb> randy_: sure: ssh.
[03:35] <randy_> I use putty too. Sometimes I need the help of a gui. I am somewhat of a newbie to linux. I am trying to learn how to do it all from the command line, but it takes a while. Please help me with my current challenge then we can talk about the mistakes I've made.
[03:36] <randy_> I can only use ssh when I can reach the machine remotely and right now I can't.
[03:36] <twb> OK, I need to draw a network diagram.
[03:37] <randy_> Okay, thank you very much.
[03:38] <twb> So your router is doing NAT?
[03:38] <twb> I'm confused as to why you have a second NIC in the ubuntu server at all.
[03:38] <randy_> It is a netgear and it has been setup with defaults.
[03:39] <twb> Unfortunately, I am not chief architect at Netgear.  I do not know what the default setup is for arbitrary netgear kit.
[03:41] <randy_> One for the intranet and one for the internet. If one card can do it, I'll remove the other one. One card is 192.168.0.2-50 with the gateway set at 192.168.0.1 and the network mask at 255.255.255.0. the other nic is for the internet setup as 24.249.166.138-142 with netmask set as 255.255.255.240 and gateway 24.249.166.129. I hope that helps.
[03:42] <twb> 192.168.0.0/24 is the network used by the router's DHCP server?
[03:42] <randy_> Obviously I don't have the 138-142 in the interfaces file, that is just the ip address range that was given to me from cox.
[03:42] <randy_> Yes.
[03:43] <twb> Cox is an ISP?
[03:43] <randy_> Yes.
[03:43] <twb> And they have given you a bunch of public IP addresses, 24.249.166.138 through .142?
[03:43] <randy_> Yes.
[03:44] <twb> What is doing the PPPoE or PPPoA?
[03:44] <twb> (I'm assuming an ADSL modem.)
[03:45] <randy_> It is a cable modem. I don't know much else about it.
[03:45] <randy_> Sorry.
[03:46] <randy_> It's not dsl if that helps.
[03:48] <twb> Hm.
[03:49] <twb> What is the interface name (e.g. eth2) of the NIC you're currently configuring statically?
[03:49] <twb> For that matter, how do you login to the router?
[03:49] <twb> For that matter, how do you login to the MODEM?
[03:49] <randy_> eth1
[03:50] <twb> I mean, does the modem have an IP address?  If so, what is it?
[03:51] <randy_> The modem address is 24.249.166.129 you can ping it but I haven't been able to reach it with a browser.
[03:52] <twb> Do you have physical access to the ubuntu server?
[03:55] <randy_> I don't right now. I'm at home, it is at the office.
[03:55] <twb> OK, then I won't try that.
[03:56] <twb> So what is the process you're using to ssh into it from the office?
[03:56] <randy_> I am computer savy, I have setup quite a few windows networks, I am trying to break away from windows and go exclusively to linux. I just have some more learning to do.
[03:57] <randy_> I am not able to ssh into it at all. I can only access it physically, not from any other machines on the network.
[03:58] <twb> This is probably the wrong time to ask for help configuring it, then, if you can't configure it until you get home...
[04:00] <randy_> I'm sorry, I will try to contact you tomorrow during the day when I'm setting in front of it. I will have to setup irc on the vista box next to it in the office. I was just trying to use my new ubuntu-desktop computer at home.
[04:01] <twb> If you need irc you can just install irssi on the server; that doesn't need a GUI.
[04:01] <randy_> How do I do that?
[04:01] <twb> "apt-get install irssi"
[04:01] <twb> Then "irssi -c irc.freenode.net" and type /join #ubuntu-server
[04:02] <twb> It's pretty straightforward.
[04:02] <randy_> I was just typing that. Okay, I will. Thank you so much for your time.
[04:02] <randy_> I have copied that line and will do it from the server tomorrow. Thank you
[04:03] <twb> No worrise.
[06:29] <ScottK> jtimberman: What did I do/say I'd do?  It's not clear to me from the backscroll.
[06:57] <psi-jack> Oi! This is fscking annoying!
[06:57] <psi-jack> The OpenLDAP guide is broken on Ubuntu docs.
[07:16] <twb> Report it as a bug
[07:16] <twb> And I think you mean "Oy" ;-)
[07:57] <psi-jack> No, I meant Oi, as I said Oi. :p
[07:57] <psi-jack> Anyway, the apparent bug in the community documentation on for openldap is the SASL stuff.. It covers nothing on SASL, and openldap defaults always to use SASL auth binding.
[07:58] <psi-jack> And I'm not 100% familiar with how to fix it exactly.
[08:48] <acalvo> I've a working mail server on my LAN, and I'm setting up a new mail server with dovecot plus postfix. But when I try to send a new mail from the new server, it gets relayed to the old server. How can I avoid that?
[09:21] <stefan__> aloha
[09:22] <stefan__> do you guys know what package is updating the motd in 9.04 with the packages that need upgraded ?
[09:25] <_ruben> combination of update-motd and update-notifier-common
[09:26] <stefan__> thanks _ruben
[09:26] <twb> Cute
[09:27] <twb> Sticking to 8.04, I didn't know about that new feature
[09:29] <stefan__> twb: depends on the hardware you use, if you use new hardware 804 won't work
[09:29] <stefan__> so sometimes you have to go with 904
[09:29] <twb> Believe me, NEWness of hardware is never a concern for me
[09:30] <twb> My hardware problems are mainly due to kit being chinese knock-offs or fifteen years old.
[09:30] <stefan__> i believe you :), I was just saying that sometimes you have to use a different version other than LTS
[09:30] <twb> Granted.
[09:48] <RoyK> we use LTS on important servers and 9.04/latest on workstations and development servers
[09:52] <stefan__> I know , we have LTS on most servers , but newest hardware doesn't work with 804
[09:53] <RoyK> common problem :)
[09:55] <maswan> Same here, but I run 9.10 on that. ;)
[09:59] <stefan__> maswan: didn't had the guts to run 9.10 yet :)
[10:10] <maswan> karmic also has postgres 8.4, which is a significant point in favour for us. so since we don't need to take this set into production until october, we might as well start out with karmic. especially since it was closest to netboot properly into the installer, just missing some module dependancies. :)
[10:16] <stefan__> if it's not going in production than it all for the best to go with the newest
[10:16] <stefan__> version
[10:18] <foolano> guys, do you know if ubuntu-vm-builder is capable of creating karmic images already?
[10:18] <soren> It is.
[10:18] <soren> If you grab the latest version from Bazaar, at least.
[10:19] <soren> bzr co lp:~vmbuilder
[10:19] <foolano> soren: thanks :)  in that case i wasted my time adding a karmic puglin and getting ride of chpasswd -e :P
[10:24] <acalvo> can I use DNS when setting up a DHCP3 server?
[10:24] <acalvo> for the wins, dns servers?
[10:24] <acalvo> instead of using their ip address?
[10:40] <stochastic> Hi, I'm trying to mount a fat32 external harddrive on my Ubuntu Hardy install but no matter what options I put into /etc/fstab it mounts it only readable by root
[10:42] <ravindu> Urgent help ,Is there any cases that ubuntu server has implemented in IBM Tower server with clustering support
[10:43] <th0mz> stochastic: mount -o,rw /xxx ?
[10:45] <ravindu> Urgent help ,Is there any cases that ubuntu server has implemented in IBM Tower server with clustering support
[10:45] <stochastic> th0mz, nope the rw option doesn't help
[10:46] <th0mz> is it fat32 or ntfs ?
[10:46] <stochastic> fat32
[10:46] <th0mz> idont know why then, sorry
[10:46] <stochastic> I've even specified the gid and uid in /etc/fstab
[10:48] <ravindu> how to implement ubuntu server on IBM Tower server with clustering support any resources?
[10:52] <_ruben> acalvo: you want specify your dns server by hostname .. how do you think that would work? :)
[10:52] <acalvo> _ruben: you're right, too much hours working make me buzz my head
[12:28] <garymc>  Hi peeps, everytime i click on my launchers when logged in as a particular user, it loads opens it in text editor and not firefox. I want it to open in firefox? When i right click it there is no option to open with other program. When i goto /var/www/ and right click on insert.php it says open with firefox. So i pressume thats all correct. Now when I log in with another user it all works fine??? whats happening here and how
[12:28] <garymc> can i fix it
[12:30] <StrangeCharm_> is sysklogd the program that i should  be using to recieve system logs from another machine?
[12:34] <stefan__> StrangeCharm_: no , if you want that use syslog-ng
[12:35] <StrangeCharm_> thanks, stefan__
[12:35] <stefan__> no probs
[12:36] <StrangeCharm_> will the apt package for that run it on boot?
[12:36] <pmatulis> StrangeCharm_: i just got in, what was your query re logging?
[12:37] <StrangeCharm_> pmatulis, i was looking to recieve syslogs from another machine, and stefan__ recommended syslog-ng
[12:38] <pmatulis> StrangeCharm_: you should know that rsyslog is now the default logging system in karmic, and it is very powerful
[12:38] <pmatulis> StrangeCharm_: it can do anything syslog-ng can do and more
[12:39] <StrangeCharm_> pmatulis, i'm not sure how much power i need. however, would you definitively recommend it over syslog-ng?
[12:40] <pmatulis> StrangeCharm_: if you will be running karmic and beyond, yes
[12:40] <pmatulis> StrangeCharm_: it's also more aligned with open-source (syslog-ng has a dual license)
[12:40] <StrangeCharm_> pmatulis, so i noticed. however, i don't currently have plans for karmic
[12:41] <pmatulis> StrangeCharm_: ok
[12:42] <StrangeCharm_> pmatulis, nonetheless, the licencing argument is persuasive. i'll try rsyslog.
[12:42] <pmatulis> StrangeCharm_: great, let us know how it turns out
[12:43] <macrocosm144> Whats the easiest (free) way to backup an entire ubuntu 8.10 server?  I am using rsnapshot currently which is nice but I think it would be smart to do full image backups periodically and have them sent to another machine.  How do you prefer to handle this?  For instance I would like to upgrade my system to the latest 9.x branch but I would like to be able to restore the whole system if...
[12:43] <macrocosm144> ...something goes awry.
[12:45] <StrangeCharm_> pmatulis, i have no idea what's going on in this conf file. does rsyslog automatically listen for logs sent from other machines?
[12:47] <pmatulis> StrangeCharm_: no, you need to configure that
[12:48] <StrangeCharm_> pmatulis, to the documentation, then, what fun!
[12:48] <pmatulis> StrangeCharm_: the project has a friendly mailing list as well
[12:50] <StrangeCharm_> pmatulis, i'd rather spend an hour of my time working thing out then spend a man-hour or more of other people's time reading and replying to/ignoring my email
[12:50] <macrocosm144> lol
[12:56] <_ruben> sysklog reports remote syslog just fine as well
[12:56] <_ruben> s/reports/supports/
[12:56] <StrangeCharm_> _ruben, inbound or outbound?
[13:00] <StrangeCharm_> is there a good guide for setting up a samba server on one box, and mounting shares from it on another?
[13:04] <_ruben> StrangeCharm_: both
[13:04] <_ruben> StrangeCharm_: inbound: add -r to the commandline .. outbound: add @remote.host.com instead of /var/log/whatever to /etc/syslog.con
[13:04] <_ruben> f
[13:05] <StrangeCharm_> _ruben, good to know, but i've set up rsyslog now
[13:06] <pmatulis> StrangeCharm_: rsyslog will give you more possibilities for remote logging such as SQL logging and encrypted logging
[13:06] <StrangeCharm_> pmatulis, i see that, but my requirements here are pretty simple
[13:08] <pmatulis> StrangeCharm_: well simple remote logging has been available in the stock sysklog system for many years.  sorry to misguide you
[13:11] <a_ok> does anyone know if hardy is vulnerable for this? http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
[13:32] <Jeeves_> a_ok: All kernels
[13:32] <Jeeves_> As in, *all*
[13:36] <a_ok> Jeeves_: well my gentoo kernel is not. As its configured differently (eg decent mmap_min_addr no SELinux and only protocols i need). so I wonder if my ubuntu systems are vulnerable since I haven't seen a patch yet
[13:53] <a_ok> Jeeves_: ?
[13:55] <Jeeves_> a_ok: Afaik, everything is vulnerable
[13:55] <Jeeves_> kees might have more info on this
[13:56] <henkjan> i guess kees is busy updating kernel packages :)
[13:56] <Jeeves_> :)
[13:56] <a_ok> lol hope he is than. thanks
[13:56] <stefan___> have you guys seen this ? http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html
[13:56] <stefan___> dated today
[13:57] <stefan___> yesterday actually :)
[13:57] <Jeeves_> stefan___: 14:11 < a_ok> does anyone know if hardy is vulnerable for this? http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
[13:57] <stefan___> afects all  kernels since 2.4 to 2.6.30
[13:58] <stefan___> --------------------
[13:58] <stefan___> Affected Software
[13:58] <stefan___> ------------------------
[13:58] <stefan___> All Linux 2.4/2.6 versions since May 2001 are believed to be affected:
[13:58] <stefan___> - Linux 2.4, from 2.4.4 up to and including 2.4.37.4
[13:58] <stefan___> - Linux 2.6, from 2.6.0 up to and including 2.6.30.4
[13:58] <a_ok> stefan___: torvalds patched it already we are waiting on kees aparently.
[13:59] <stefan___> good ol torvalds :)
[14:00] <a_ok> if the ubuntu kernels are vulnerable at all (there are conditions where this adress space can not be executed)
[14:00] <stefan___> ok didn't know that . don't have that much understanding of the kernel yet
[14:01] <stefan___> from what I understand you need a local account to make this work anyway
[14:01] <a_ok> stefan___: yes or at least controle a local program. check out on the bottom of the page where it sais solution ;)
[14:02] <stefan___> so how does the process work ? torvalds makes a patch and then notifies all the linux distros ?
[14:02] <a_ok> and also the mitigation section
[14:04] <a_ok> stefan___: hardly Linus commits patches on kernel.org distro maintainers watch for new kernel things and security stuff anyway and they patch there kernels when nessesary. after making sure it does not conflict with there own (distro spesific) patches
[14:05] <a_ok> At least thats how I understand it
[14:07] <stefan___> ok , good to know as I had no idea of the process at all
[14:08] <a_ok> stefan___: well most of the time big security issues with get patched real fast even in the less actively developed distro's.
[14:08] <stefan___> from what I see about min_addr in the mitigation section 804 and 904 shouldn't be vulnerable
[14:10] <a_ok> stefan___: I don't know for sure if it gets overruled when compiling with SELinux support even if it's disabled
[14:10] <stefan___> i don't know about SElin as I don't use it
[14:12] <a_ok> me neighter. never used it barely used ACL. simple is good as long as you don't miss out on key functionality
[14:13] <stefan___> older 2.6 kernels , example 2.6.15 don't have the vm.mmap_min_addr implemented though
[14:16] <Psi-Jack_> Curious. The OpenLDAP provided from 9.04's packaging, doesn't provide a slapd.conf, so how would I disable SASL authentication globally?
[14:23] <Boohbah> Psi-Jack_: what do you mean disable SASL authentication globally? have you setup something to authenticate using SASL? a mail server perhaps?
[14:24] <Psi-Jack_> Boohbah, SASL authentication is not needed, nor wanted. OpenLDAP's authentication through SSL and Kerberos is fine, no need for SASL.
[14:25] <Boohbah> Psi-Jack_: there is no global authentication setting that i know of, you need to configure authentication individually for each application
[14:26] <Psi-Jack_> Boohbah, In this case, it's OpenLDAP. :p
[14:26] <Psi-Jack_> -THE- application trying to use SASL.
[14:26] <Boohbah> ahh, now i understand
[14:27] <a_ok> Psi-jack: kill the sasl daemon?
[14:27] <Psi-Jack_> Yes. It's an OpenLDAP-specific issue.
[14:27] <Psi-Jack_> a_ok, I don't have one running on the server running kdc and openldap. :p
[14:27] <Psi-Jack_> Again, this is an OpenLDAP issue, SPECIFICALLY.
[14:28] <a_ok> Psi-Jack: sorry missed the reest was just reading up on it now. Boohbah is on it, stearing clear
[14:28] <Psi-Jack_> Hehe
[14:28] <Psi-Jack_> Yeah, don't know if Boohbah is knowledgable enough to be helpful.
[14:28] <Psi-Jack_> .. either. ;)
[14:30] <Boohbah> nope
[14:31] <Psi-Jack_> Yeah. hehe - Judging my your previous words, you didn't know openldap. It's no biggie. I'll find someone who is eventually. :)
[14:31] <Boohbah> i am educating myself now
[14:32] <sgsax> Psi-Jack_: is it something you can change in your pam configs or nsswitch?
[14:32] <Psi-Jack_> Nope
[14:32] <sgsax> using openldap for local auth, or auth for a service?
[14:32] <Boohbah> how do you know that openldap is trying to use sasl authentication?
[14:33] <Psi-Jack_> The problem is with openldap itself. I'm trying to use the ldapscripts for ldapadduser, but it's using a full v3 bind which includes using sasl auth, but fails because sasl auth isn't in use.
[14:33] <Psi-Jack_> Boohbah, ldapscripts.log :)
[14:35] <sgsax> ldap.conf has settings for tls, I know, but nothing for sasl
[14:40] <sgsax> wait... have you tried this in your ldap.conf:
[14:40] <sgsax> sasl_secprops maxssf=0
[14:42] <Psi-Jack_> Yeah, but that's not for the server.. Hmmm, though that is for the client.
[14:43] <Psi-Jack_> But no, that doesn't change what I'm seeing. I had had that,.
[14:48] <a_ok> Psi-Jack have you checked /etc/defaults dir? that kind of settings are often in there
[14:50] <sgsax> slapd seems to be a seperate package, perhaps you need to actually install it to get what you need
[14:50]  * sgsax makes a wild guess
[14:50] <Psi-Jack_> Stop wild guessing please. ;)
[14:50] <sgsax> shutting up :)
[14:50] <Psi-Jack_> Unless you know openldap, you can't really help me at all.
[14:51] <sgsax> I use it for auth against AD, but not for auth by itself
[14:52] <Psi-Jack_> Bleh, AD...
[14:52] <sgsax> tell me about it...
[14:54] <sgsax> recently went round and round with it
[14:54] <sgsax> black fscking magic
[14:54] <a_ok> Psi-Jack: did you check out https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html . I don't know openldap (at least not on ubuntu) but I can't find anything else usefull on SASL and openLDAP. perhaps you need to set up sasl properly and than not use it... bit rediculous but if it gets you going
[14:55] <a_ok> Psi-Jack: search for SASL on the link i just gave
[14:55] <Psi-Jack_> a_ok, Yep. In fact, that's the thing that has bugs in it not mentioning SASL at all, but depends on it.
[14:58] <a_ok> Psi-Jack: well you would not be the first with this problem than. I'm out of idea's perhaps try openldap channel?
[14:59] <Psi-Jack_> I'm doing that too, yes.
[15:00] <Psi-Jack_> ldapadduser fails, because of authentication failures, because it's trying to use SASL.
[15:00] <Psi-Jack_> Roughly short and simple.
[15:25] <Boohbah> Psi-Jack_: perhaps it is a compile-time option that needs to be disabled. in gentoo i see a sasl USE flag suggesting that this support may be set at compile time. though i would imagine there should be a way to turn it off in config.
[15:25]  * Boohbah done wild guessing now
[15:53] <froud> hi, server 8.10, I've installed phpmyadmin with apt-get and configured apache2.conf but when I load http://serverip/phpMyAdmin I get msg "Cannot Complete Request". Anyone know of this problem?
[15:56] <froud> I also ln -s /usr/share/phpmyadmin/ /var/www/phpmyadmin
[15:57] <froud> oh dah fixed needed permissions for www-data
[15:57] <froud> thanks'
[16:47] <kees> stefan___: by default, Ubuntu 8.04 and later is not vulnerable.  If, however, you've got wine or dosemu installed, you are.  Basically, check the setting of /proc/sys/vm/mmap_min_addr  If it's zero, you're vulnerable.
[16:48] <stefan___> kees: thanks I did that
[16:48] <stefan___> only vulnerable on a few old systems
[16:48] <stefan___> that run 6 LTS
[16:54] <kees> stefan___: correct.  in those cases, you can use the workarounds detailed in the RedHat bug linked from: http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-2692.html
[16:55] <mdz> ttx: thread forwarded to you
[16:56] <ttx> mdz: ok
[17:01] <stefan___> thanks kees
[17:02] <kees> stefan___: sure!  (note that we are preparing a kernel update too, but that will likely happen on monday)
[17:14] <sgsax> kees: nice to know you guys are on top of this stuff, even if it is somewhat obscure and non-threatening
[17:20] <stefan___> good to hear that kees
[17:21] <kees> sgsax: thanks!  yeah, it certainly keeps us busy.  :)
[17:33] <cemc> where should I open bugreports that are probably related to the kernel, but I'm not sure (it's a suspend/resume problem) ?
[17:33] <Aison> hello :)
[17:33] <alex_joni> cemc: launchpad ;)
[17:33] <cemc> alex_joni: yeah but to what package/team exactly ?
[17:34] <Aison> i've got hardy version of ubuntu server, somehow do-release-upgrade don't work
[17:34] <Aison> thought there's a newer version?
[17:40] <kees> Aison: you need to change the "only upgrade to another LTS" setting: http://www.cyberciti.biz/faq/howto-upgrade-ubuntu-servers-804-to-810/
[17:47] <Aison> kees, thx
[17:47] <Aison> how can I keep an net intf down? or no config?
[17:47] <Aison> auto eth2
[17:47] <Aison> iface eth2 down?
[17:48] <kees> Aison: I think, just remove "auth eth2"
[18:04] <HellMind> how can I check my bandwidth usage in realtime
[18:04] <qman__> anybody know if I have to do anything special to enable sha512 hashing for passwords on 8.04?
[18:05] <qman__> like, install any packages, or should just changing 'md5' to 'sha512' in /etc/pam.d/common-password do the trick?
[18:05] <TeLLuS> HellMind: iftop is one way.. for console
[18:06] <qman__> I use vnstat, but that's not real-time data, that's graphed overall usage data
[18:13] <qman__> yeah, it's not working
[18:13] <qman__> just changing it made it use UNIX hashing
[18:13] <qman__> anybody know what needs to be done?
[18:21] <qman__> appears that in gentoo it's a compile time option -- http://www.linux-archive.org/gentoo-hardened/267979-moving-md5-sha512-shadow-password-hashes.html
[18:22] <qman__> I'm guessing it's the same for ubuntu, which would mean I'd have to dist-upgrade
[18:23] <giovani> heh
[18:23] <qman__> to 8.10, then 9.04
[18:23] <giovani> SHA512 hashes are really not going to get you much
[18:23] <qman__> so I guess I'm using md5 for a while yet
[18:23] <giovani> it's not as if plain MD5s are being used
[18:24] <giovani> the crypt function does a ton of weird transforms
[18:24] <qman__> true
[18:24] <giovani> it's not at all vulnerable
[18:24] <qman__> I just saw the functionality on a 9.04 box and wanted to enable it if I could
[18:24] <giovani> I've looked into writing a GPU bruteforcer for it
[18:24] <giovani> it's complex
[18:25] <kees> qman__: PAM in 8.04 does not support sha512, unfortunately.
[18:25] <giovani> random passwords of 7-9 char lengths I estimate would take 200-300 days on a modern GPU
[18:25] <qman__> it would probably also increase the login times too much on my 200MHz shell server ;)
[18:26] <giovani> hah, indeed
[18:26] <qman__> my personal password policy is no less than 12, 3/4 complexity
[18:26] <qman__> simply because windows is pretty vulnerable with anything less than that
[18:26] <giovani> 3/4 complexity?
[18:26] <giovani> haha, windows
[18:26] <qman__> yeah, lowercase, uppercase, numbers, and symbols are your four categories
[18:26] <qman__> three of the four
[18:27] <giovani> haha
[18:27] <giovani> is this some windows categorization crap?
[18:28] <qman__> no
[18:28] <qman__> have you ever configured cracklib?
[18:28] <qman__> it's a pretty standard categorization for passwords in general
[18:28] <qman__> there's also the 12 or so "common" symbols, and then the rest of the symbols
[18:29] <giovani> alright
[18:30] <giovani> every password I have is randomly generated for me ... I wouldn't categorize that way at all
[18:30] <qman__> more than 12 actually, but yeah
[18:30] <qman__> I don't do random ones, too hard to type
[18:30] <qman__> I just make them longer to make up for it
[18:30] <giovani> why would you ever type a password?
[18:31] <giovani> I haven't done that in ... years probably
[18:31] <qman__> because I don't have retina scanners
[18:31] <giovani> uh, copy-paste from a password storage application ...
[18:31] <qman__> you still have to log into the system to begin with
[18:32] <giovani> that's smartcard-based
[18:32] <qman__> don't have the hardware
[18:32] <giovani> $10 on ebay :)
[18:32] <qman__> times...8 systems?
[18:33] <qman__> besides, I trust that I'll remember a password more than I won't lose a card
[18:34] <giovani> if you can remember your passwords ... your passwords are likely not very strong
[18:34] <giovani> or you don't manage enough passwords
[18:34] <giovani> i have a few hundred
[18:34] <qman__> oh, they are strong
[18:34] <giovani> remember a few hundred 20-character random strings
[18:34] <giovani> just isn't possible
[18:34] <qman__> of course not, but they don't have to be totally random
[18:35] <qman__> random is stronger, but the key is length and complexity
[18:35] <giovani> but remembering a 100 or 200 passwords of any type is nearly impossible
[18:35] <giovani> especially if they're properly rotated
[18:35] <qman__> anything complex and over 20 characters is simply not brute-forcable now
[18:35] <giovani> that's not true
[18:36] <giovani> if they're phrase passwords they're easily destroyed
[18:36] <qman__> if they're all dictionary words in one case, yes
[18:36] <giovani> length is meaningless if it's a predictable sequence
[18:36] <giovani> or transforms of dictionary words
[18:37] <qman__> change it just enough, and it's secure
[18:37] <qman__> if the encryption is not a flawed algorithm, it won't give any clues
[18:37] <giovani> that's a very unclear line
[18:37] <giovani> what's "just enough" transformation is not definable absolutely
[18:37] <giovani> it's up to the attacker what kind of transforms they'll do
[18:38] <giovani> so why take the risk
[18:38] <giovani> use truly random passwords
[18:39] <giovani> and you'll save your memory for more important things
[18:40] <qman__> not much more important than the keys to the kingdom
[18:41] <giovani> it's a completely inefficient, and reasonably less secure way of doing things
[18:41] <giovani> I'm not sure how you could defend it
[18:41] <qman__> it's not really any less secure than a smart card, which is easily lost or stolen
[18:41] <qman__> or a thumb print reader, which is only about 90% accurate
[18:42] <giovani> well the smart card is identity-linked ... so either you have a password, or a fingerprint, etc
[18:42] <qman__> and even then, 20 character passphrases are worlds better than some of these websites that allow a max 8-10 character password, no symbols allowed
[18:45] <qman__> there is always a tradeoff between secure and convenient
[18:45] <Max007> I have a problem with apache2+php. I installed MySAR (Mysql Squid Access Report). When I try to access http://myserver/mysar/index.php it download the php file instead of displaying it. But when I try with phpinfo.php and http://myserver/mysar/install/index.php it works.. so PHP5 is working with Apache..
[18:46] <qman__> Max007, check the file permissions
[18:46] <Max007> -rw-rw-r-- 1 www-data www-data 28914 2007-08-17 05:05 index.php
[18:46] <qman__> and on the one that works?
[18:46] <Max007> -rw-r--r-- 1 root root 20 2009-08-14 12:09 phpinfo.php
[18:46] <qman__> hmm
[18:47] <Max007> but mysar is in /usr/local/mysar/www with a symlink
[18:47] <giovani> probably a filetype misconfiguration
[18:47] <qman__> might be an apparmor thing, but I've not run into apache/apparmor issues myself
[18:47] <Max007> there's a symlink in /etc/apache2/conf.d
[18:47] <Max007> qman__: apparmor is not installed
[18:48] <HellMind> How can I see the real bandwidth use, and the real cpu use
[18:48] <HellMind> You preferred tool
[18:48] <HellMind> r
[18:48] <qman__> HellMind, for bandwidth you'll have to install something, but for CPU, use top
[18:48] <qman__> uptime will show load averages
[18:49] <giovani> load averages aren't an indicator of "cpu use" though
[18:50] <giovani> so you'll want to look at the output of vmstat/top/htop/etc
[18:54] <HellMind> what is something?  that what im asking for
[18:54] <HellMind> i use htop
[18:54] <HellMind> but I would like a graph
[18:54] <HellMind> like a task manager
[18:54] <HellMind> maybe some app for X
[18:54] <qman__> ubuntu desktop has "System Monitor"
[18:54] <qman__> which does precisely that
[18:56] <HellMind> bandwidth monitor?
[18:56] <qman__> though having X running on a server is a bad idea
[18:56] <HellMind> who said that?, he was a noob
[18:57] <HellMind> how you can run a server appz that uses a gui without x?
[18:57] <qman__> most server apps don't use a GUI
[18:57] <qman__> the only real exception to that rule is LTSP
[18:57] <HellMind> well my app uses it :(
[18:58] <HellMind> I am always the exception
[18:58] <qman__> the thing is, X is very vulnerable to a number of sniffing and spoofing attacks
[18:58] <qman__> so it must be properly configured and firewalled, and is a lot of work
[18:58] <HellMind> I m not a regular guy that runs apache and mysql
[18:58] <HellMind> I run gameservers
[18:58] <qman__> so, in general, it's a bad idea to run X on a server
[18:58] <HellMind> im runing tightvnc x server
[18:58] <HellMind> thats the only way to run wine :(
[18:59] <alex_joni> HellMind: install a graphing app
[18:59] <Max007> qman__: it works if i copy /usr/local/mysar/index.php to /var/www/index.php (http://mysrver/index.php)
[18:59] <alex_joni> like mrtg or rrdtool or cacti
[18:59] <Max007> but if i copy /usr/local/mysar/www/* to /var/www/mysar it doesnt works
[18:59] <giovani> HellMind: no decent server application requires a gui
[18:59] <Max007> i dont get it
[18:59] <giovani> there are plenty of tools to graph cpu usage for a server
[19:00] <giovani> cacti comes to mind as a simple solution
[19:00] <qman__> Max007, that is odd, are you sure your permissions are okay, with your symlink and all?
[19:00] <qman__> HellMind, why do you need wine?
[19:00] <qman__> most game servers have a linux version
[19:01] <qman__> hlds/srcds for pretty much anything on Steam
[19:01] <HellMind> osview -geometry 406x488 -font 8x16 +load +cpu +mem +swap \
[19:01] <HellMind>  +page +disk +int +net &
[19:01] <HellMind> I told you all, im not like the regular ppl
[19:01] <HellMind> I need to run a server that doesnt got a linux binary
[19:01] <giovani> the "regular people"
[19:01] <HellMind> qman__ if you play cs and tf2 thats ok
[19:01] <HellMind> but my clients needs mohaabt
[19:01] <giovani> HellMind: then maybe you shouldn't be using a linux server to host it
[19:02] <jtimberman> s/cs/l4d/ :)
[19:02] <HellMind> linux can doit
[19:02] <qman__> yeah, unfortunately I have to agree with giovani there
[19:02] <HellMind> thats the most stupid thing I eard
[19:02] <qman__> running wine and X on a linux server is, security wise, a bit worse than a properly firewalled windows 2003 box
[19:02] <HellMind> linux is made for all the complex stuf!
[19:02] <HellMind> there are no limit
[19:02] <giovani> you're not doing anything "complex"
[19:03] <qman__> you're widening your software footprint
[19:03] <giovani> wine is really not very stable
[19:03] <qman__> bringing more potential holes into your system
[19:03] <HellMind> qman__ you can run it using a low access user
[19:03] <giovani> and it a hack, at best
[19:03] <HellMind> and you miss the concept of all security
[19:03] <jtimberman> HellMind: You can use a trending tools or munin or cacti that will provide you with RRD graphs you can view in a web browser from a desktop system connecting to your server.
[19:03] <Max007> qman__: i fixed it.. I changed "Alias /mysar /usr/local/mysar/www" to "Alias /squid /usr/local/mysar/www" in /etc/apache2/conf.d/mysar
[19:03] <giovani> miss the concept?
[19:03] <HellMind> its like saying you dont want to store you wallet on your house
[19:03] <HellMind> because its insecure
[19:03] <Max007> qman__: it's weird.. if the folder name is mysar it doesn't work
[19:03] <HellMind> my server isnt a gold bar
[19:04] <HellMind> its a tiny game server
[19:04] <qman__> Max007, glad you got it working, but I'm not really clear on what that is
[19:04] <qman__> HellMind, you're missing the point; the more software you run, the less secure your system is
[19:04] <HellMind> I was using munin, but it eat a lot of resource
[19:04] <jtimberman> qman__: you mean the more software you run that opens listen ports ;)
[19:04] <qman__> by running a windows set on top of a linux set, you're incorporating the potential flaws of two completely different systems
[19:05] <HellMind> qman__ yeah but you must run something right?
[19:05] <qman__> by only running a windows set, you limit your potential issues
[19:05] <HellMind> so you dont use the appz that you need because its insecure?
[19:05] <qman__> no, you run them as securely as possible, by using the least software necessary
[19:05] <qman__> in the tightest configuration you can
[19:05] <HellMind> thats what im doing :)
[19:05] <qman__> running X with wine is not a tight or secure configuration
[19:05] <qman__> at all
[19:06] <HellMind> it is, is the only way you got
[19:06] <HellMind> if you run server linux gameserver
[19:06] <qman__> a patched, firewalled windows server is better, from a security standpoint
[19:06] <HellMind> and you need a single windows app
[19:06] <HellMind> qman__ you secure solution isnt cheap
[19:06] <giovani> windows can be had for reasonably cheap
[19:06] <qman__> windows XP home edition can be had for next to nothing
[19:06] <HellMind> I know It would be also cool running every game server in many servers
[19:07] <qman__> which is more than enough to run a game server
[19:07] <qman__> it can run a proper firewall, and run the server unprivileged
[19:07] <HellMind> the only thing I dont pay if for software
[19:07] <HellMind> I dont got many server
[19:07] <HellMind> I got 1
[19:08] <HellMind> 1, how you run a linux and a windows app in a server?
[19:08] <HellMind> also my server got a tiny hosting vm
[19:08] <HellMind> you ppl waste hardware and resource
[19:08] <qman__> you're doing too much with one machine, frankly
[19:08] <HellMind> not because you make them secure
[19:08] <HellMind> but you got the money to waste
[19:08] <qman__> it's not about wasting money
[19:08] <qman__> it's about being secure
[19:09] <qman__> if you don't understand that, you really shouldn't be running a server
[19:09] <HellMind> no one ever hacked me
[19:09] <HellMind> I know where are the vulns
[19:10] <HellMind> I think you cant estimate the posibility of every vuln
[19:10] <qman__> and giovani was worried about my password policy :/
[19:10] <HellMind> everything is insecure, and you can only give  value  of risk to every issue
[19:12] <giovani> qman__: HellMind is clearly completely uneducated
[19:12] <HellMind> im educated in the street of data
[19:13] <giovani> that's a completely nonsensical statement
[19:13] <HellMind> you dont know how to measure the risk
[19:13] <HellMind> if you got a desktop that isnt use for anything serious
[19:13] <jdstrand> I don't think one can make a blanket statement like "running Windows XP as a game server is more secure than a Linux box with wine"
[19:14] <HellMind> it doesnt need the top of security
[19:14] <HellMind> it needs practicity
[19:14] <jtimberman> No, he's right. Security is about trust and risk assessment.
[19:14] <qman__> jdstrand, that's not what was meant
[19:14] <HellMind> there are many  server, a game server isnt like a bank server
[19:14]  * jdstrand might have misunderstood backscroll
[19:14] <qman__> my point was, in his situation, running that application on windows would be more secure than running it in wine, with X, on linux
[19:14] <giovani> jdstrand: I think you did
[19:14] <giovani> running wine on x on a linux server is a completely hacked solution
[19:15] <giovani> it's messy, and there's no good reason for it
[19:15] <HellMind> qman__ and also with that argument I can say it would be more secure if you dont run it, and you stay in home away of virus and diseases
[19:15] <qman__> of course, I would never connect a windows box directly to the internet
[19:16] <jdstrand> I admit that is a rather 'hacked solution'
[19:16] <qman__> gotta have a firewall of some sort in between, even if it's just a NAT router
[19:16] <Nafallo> NAT? aren't we all running IPv6 these days?
[19:16] <qman__> not even slightly
[19:16] <HellMind> ipv6 whats that :D
[19:16] <qman__> I CAN'T run IPv6
[19:17] <qman__> I'm lucky I'm online at all
[19:17] <HellMind> that module is blacklisted :) I dont want to waste resources
[19:17] <jdstrand> that said, and NUL pointer derefences aside, wine on Linux doesn't have to be insecure. one can use apparmor. plus, the number of libraries and applications in a default wine install is far less than a Windows XP Home edition install
[19:17] <qman__> my ISP is terrible, and has a monopoly over my entire area
[19:17] <Nafallo> qman__: tunnels not an option?
[19:18] <HellMind> qman__ my isp too :( the goverment let them
[19:18] <jdstrand> anyway, I'm not going to debate the merits of Wine/X/Linux and Windows XP. it just struck me as an odd statement, and I recognize I misunderstood :)
[19:18] <qman__> jdstrand, that's ok, you have a valid point
[19:18] <qman__> it can be done, but it takes a lot of work
[19:18] <qman__> a lot more work than just windows with a firewall
[19:18] <Nafallo> s/with/and/
[19:19] <HellMind> qman__ you practical solution isnt available on the 3rd world
[19:19] <giovani> the 3rd world doesn't need game servers
[19:19] <Nafallo> better keep the boxes separate ;-)
[19:19] <giovani> they need food and shelter
[19:19] <qman__> HellMind, if you know where to look, you can dumpster dive and get free, legitimate copies of windows
[19:20] <qman__> there's so many of them out there, they can be had for almost nothing
[19:20] <giovani> exactly
[19:20] <HellMind> giovani thats the truth :(
[19:20] <qman__> so cost, in this situation, is not really a factor
[19:20] <giovani> my company just threw out 100 windows licenses (attached t ocomputers)
[19:20] <jdstrand> plus, if one knows how to maintain and secure a linux box, but knows nothing about maintaining and securing a Windows box, then one should use Linux
[19:20] <giovani> jdstrand: but that's not the situation
[19:20] <HellMind> my country is a pirate paradise
[19:20] <giovani> so let's not speak in manufactured hypotheticals
[19:21] <qman__> don't get me wrong, I'd be the first one to try and switch a windows server to linux
[19:21] <qman__> I'm just saying, that setup is no good
[19:21] <jdstrand> giovani: I don't know HellMind's experience-- I was merely pointing out another consideration when one is choosing an OS
[19:21] <HellMind> I know everything
[19:21] <HellMind> thats my experience
[19:22] <giovani> jdstrand: it's a reasonably rare situation, I think, and was convinient for this disucssion
[19:22] <giovani> discussion*
[19:22] <jdstrand> and IMHO, I don't think it is a manufactured hypothetical-- it is merely something to consider
[19:23] <HellMind> In my situation you all were defeated
[19:26] <jdstrand> I think it is also worth mentioning that recommending someone use Windows XP Home as a server in the #ubuntu-server channel is probably not the best use of people's resources here
[19:27] <HellMind> people should be banned for that ... :P
[19:27] <giovani> I think each channel member can use their own resources how they see fit
[19:27] <giovani> however, it's a stated channel policy that we don't support x on ubuntu server installs
[19:28] <HellMind> :(
[19:28] <HellMind> you know the damn mohaa dedicated server doesnt need gui
[19:29] <HellMind> but they added some skin and a window and a input box
[19:29] <qman__> windows xp home wouldn't be my first choice, but given the situation's requirements, it seemed appropriate
[19:29] <HellMind> I tried with a xp guest too
[19:29] <HellMind> but the with the lag it were unplayable :(
[19:30] <HellMind> I cant virtualize gameservers :(
[19:33] <Aison> is there something like webmin for ubuntu server?
[19:35] <Reepicheep> Aison: ebox might be your tool
[19:35] <HellMind> its better than webmin?
[19:36] <Aison> webmin is not maintained by ubuntu devel
[19:36] <qman__> webmin is considered evil by many here, because of the way it handles configuration files
[19:36] <qman__> it's not very nice to them, to say the least
[19:37] <Nafallo> !webmin
[19:37] <Aison> ubottu, but ebox is fine? I don't know it
[19:37] <jpds> !ebox | Aison
[19:37] <jpds> ubottu: tell Aison about yourself
[19:38] <Aison> oh, nice
[19:39] <HellMind> I need something to allow a user to start and stop a service
[19:39] <HellMind> by web
[19:39] <HellMind> I used webmin but its a waste of resources
[19:39] <HellMind> I want to let the client restart their own dedicated server service
[19:41] <qman__> I would just write up my own script, in that situation
[19:41] <HellMind> a php script?
[19:41] <qman__> it'd be fairly trivial to do in php, aside from a secure login
[19:41] <HellMind> yep your right
[19:41] <HellMind> I want to buy some complete gameserver script
[19:42] <HellMind> to manage payments also :(
[19:45] <Kamilion> Having trouble getting Alpha 4 installed on a Supermicro  X8DTH-6F, the install media won't find the MPT2 SAS controller.
[19:45] <Kamilion> What's the best course of action to get it installed?
[19:45] <Nafallo> not sure I understand the question...
[19:46] <Nafallo> ah. because I read it wrong.
[19:46] <Kamilion> the latest gparted livecd with kernel 2.6.30 detects the mpt2 controller, but 9.10 Alpha 4 doesn't detect it.
[19:46] <Kamilion> it asks me which modules to insert to support it.
[19:47] <AnAnt> Hello, how can I make issue message dynamic ?
[19:47] <qman__> AnAnt, do you mean motd?
[19:47] <AnAnt> yup
[19:48] <qman__> AnAnt, see man motd
[19:48] <qman__> if you want something more complex than that, you'll have to write a script to do it
[19:49] <Kamilion> any idea how to install onto a system with a mpt2 disk controller?
[19:49] <AnAnt> I see, thanks
[19:50] <Kamilion> AnAnt: Check the cron scripts, there's some stuff there that automatically updates the motd with the status of the package manager. You can probably work it out from there.
[19:50] <AnAnt> Kamilion: ok, thanks
[19:51] <Kamilion> 9.04+ I think
[19:51] <Kamilion> 8.10 might have it as well, but I'm not totally sure.
[19:51] <Kamilion> iirc it updates /etc/issue and /etc/issue.net
[19:54] <freemonttroll> Is it possible to upgrade from MySQL 5.0 to 5.1 on Ubuntu Hardy? I ran sudo apt-get update / dist-upgrade and then install mysql-server mysql-client, but I was told that I already have latest version.
[19:58] <AnAnt> Kamilion: /etc/update-motd.d/
[19:58] <giovani> freemonttroll: that's because you do ...
[19:58] <freemonttroll> giovani, so there's no way to get 5.1 on Ubuntu Hardy??
[19:59] <giovani> freemonttroll: not through the official ubuntu repositories
[19:59] <freemonttroll> giovani, how do I get it from the unofficial ones?
[19:59] <giovani> the entire point of releases is to use stable, tested softwaqre
[19:59] <giovani> that's up to however the unofficial repository is set up
[19:59] <giovani> you'd have to find out
[19:59] <freemonttroll> giovani, understood, but I still need to do the upgrade.
[19:59] <freemonttroll> giovani, ok
[19:59] <giovani> or use jaunty
[19:59] <giovani> as it contains 5.1
[19:59] <giovani> don't use an old release if you want new software
[20:01] <Rich-Newbie> has anybody got any how to's to setup a server for soho, which could run local email, and use fetchmail to download from the isp, and then have simple file sharing
[20:02] <giovani> Rich-Newbie: I'm sure google can provide that
[20:05] <Kamilion> Rich-Newbie: Yes, there's a very nice howto for setting up postfix with 9.04
[20:06] <Kamilion> give me a second and I'll go find it, it was in the alpha release notes, IIRC
[20:06] <Kamilion> "The dovecot-postfix package in Ubuntu 9.04 Beta provides an easy-to-deploy mail server stack, with support for SMTP, POP3, and IMAP with TLS and SASL."
[20:06] <Rich-Newbie> that will be great, thanks. I have found alot on google, but most of them are much bigger than what I want to achieve.
[20:07] <Kamilion> took me about 20 minutes to set up.
[20:07] <giovani> Kamilion: that doesn't sound like a smarthost setup
[20:08] <Kamilion> it was dead simple to tack fetchmail onto it.
[20:08] <giovani> sure, it's just as easy to set up postfix
[20:08] <Kamilion> and he said 'run local email', which sounds like he wants a SMTP server.
[20:08] <giovani> sure, a smarthost smtp server
[20:08] <Kamilion> and the associated pop and imap stuff (soho)
[20:09] <giovani> because he wants to relay
[20:09] <Psi-Jack_> local mail? That could be even as simple as ssmtp
[20:09] <Psi-Jack_> If no actual smtp server itself is needed.
[20:09] <Kamilion> When I installed the postfix-dovecot package, it asked me what type of setup I wanted for postfix. I answered smarthost.
[20:09] <Rich-Newbie> I wont have a deidicated Ip, so relaying is going to be the best otionn
[20:09] <Kamilion> it took care of 90% of the config for me
[20:10] <Kamilion> yeah, I'm on a dynamic too, relaying to google's SMTP server
[20:11] <Rich-Newbie> local mail is where I get a bit confused about the config. The only mail server I have dealt with to date, has been exchange 2003 in sbs server 2003 standard.
[20:11] <Kamilion> but the dovecot integration really hit home for me. just make new user accounts on the box and they get an email address.
[20:12] <giovani> Rich-Newbie: honestly, you should look into running a VPS on the internet
[20:12] <Kamilion> then just change their shell
[20:12] <giovani> it's a cheap way to get a server running, and then you don't have to use your ISP relay, you get full control, and can host your own domain's email properly, and easily provide access from anywhere
[20:13] <Kamilion> Amazon's EC2 has 'reserved' pricing if you're willing to pay for a year up front. It's really quite a good deal.
[20:13] <giovani> I wouldn't recommend EC2 for a basic server setup
[20:13] <giovani> but, sure, any provider will do
[20:14] <Kamilion> Me either, but it's well known and the chances of it going down are near zero except for operator error.
[20:14] <giovani> it's incredibly overpriced
[20:14] <HellMind> gkrellm the graphs are so small :(
[20:14] <Kamilion> normally yes, but the reserved pricing is quite good.
[20:14] <giovani> Kamilion: mail servers don't need 100% uptime to be effective
[20:14] <Kamilion> I know, but it helps ;)
[20:14] <giovani> you can easily get 4-5 VPSes for the price of an EC2 box
[20:15] <giovani> and set up redundant mail delivery
[20:15] <Kamilion> true, but 4-5 VPSs do not equal a 2Ghz box with 1.7GB of memory on a tier one bandwidth fiber backbone.
[20:15] <Kamilion> just a peace of mind thing, y'know?
[20:15] <giovani> that's entirely wasted
[20:15] <giovani> I'm making a recommendation that's in line with his needs
[20:16] <Kamilion> *shrugs*
[20:16] <giovani> amazon is defintiely not immune to failures ... putting all of your eggs in one basket, no matter how huge the basket -- doesn't make it redundant
[20:16] <Kamilion> in for a penny, in for a pound. When you have excess capacity, it's funny how you find ways to make use of it. ("Hey, I'll add a wordpress server!"
[20:16] <giovani> you'd be far better off with two VPSes in diverse geographical areas, and you'd get the benefit of learning to set up a multi-server email system
[20:16] <Kamilion> point taken.
[20:17] <giovani> and it's far cheaper
[20:17] <Kamilion> But as you said, mail delivery doesn't need 100% uptime, as long as the servers have proper timeouts.
[20:17] <giovani> agreed -- but if you're willing to spend an extra $5 a month you can hedge your potential losses if one provider has a failure
[20:17] <Kamilion> Sorry, I'm still stuck with Atari's tagline from the 80s
[20:17] <giovani> and you gain experience
[20:17] <Kamilion> "Power without the price" :)
[20:17] <giovani> I regularly scope out $5-7/mo VPSes
[20:18] <giovani> and presume they're not highly reliable ... but together, 3 or 4 of them are an awesome geo-diverse setup
[20:18] <Rich-Newbie> I am looking for a simple mail server, that would be able to send mail internaly without the need to send it through an ISP.
[20:18] <giovani> Rich-Newbie: I don't know what "send mail internally" means
[20:18] <Kamilion> local domain
[20:18] <qman__> postfix can do exactly that
[20:18] <Rich-Newbie> that it
[20:18] <giovani> right, you can do that locally at your office, or on the internet
[20:18] <giovani> either way
[20:18] <Jeeves_> 00What's with ipv6 here at har?
[20:19] <Jeeves_> [A
[20:19] <Kamilion> Anyway, does anyone have any experiance with the mpt2 driver? I'm having trouble installing 9.10 alpha 4 because I can't find the module to insert.
[20:19] <Jeeves_> ipv6 seems to be broken sometimes
[20:20] <Rich-Newbie> I want it at the office, instead of sending it through the isp. It does not make sense to send an email to the person in the next room via the isp
[20:21] <Jeeves_> Why would I say that ipv6-shit on #ubuntu-server? :)
[20:21]  * Jeeves_ switches to the right channel :)
[20:21] <giovani> Kamilion: this isn't the right channel for 9.10 support
[20:21] <giovani> Kamilion: try #ubuntu+1
[20:22] <Kamilion> 9.04 or 9.10, I don't really care.
[20:22] <giovani> Rich-Newbie: hosted email is very common -- it's far more reliable to host your mail externally than on a low-class internet connection in your office
[20:22] <Kamilion> I just figured the server channel would be more likely than #ubuntu to have an answer for a SAS controller :)
[20:22]  * henkjan hands Jeeves_ another beer
[20:23] <henkjan> harhar
[20:23] <giovani> Kamilion: #ubuntu+1 isn't anything like #ubuntu :)
[20:23] <giovani> but yeah
[20:23] <giovani> if it's not 9.10 specific, it's fine here
[20:24] <Jeeves_> henkjan: :)
[20:24] <Kamilion> I just need to figure out what module needs to be inserted for fusion mpt2 support
[20:24] <Jeeves_> mpt_sas
[20:24] <Kamilion> Pretty sure I tried that.
[20:25] <Kamilion> I tried all of the mpt* modules.
[20:25] <Jeeves_> Than you might have a unsupported chipset
[20:25] <Kamilion> the gparted livecd with 2.6.30 finds it.
[20:26] <Kamilion> IIRC 9.10 has 2.6.31-rc3, so I'm PRETTY sure the kernel module exists to support it
[20:26] <Kamilion> I'll just boot gparted and try lsmod
[20:26] <Kamilion> Okay, another question then -- if the module for it doesn't exist, the installer prompts me for a 'floppy or usb drive' with the modules. Where's the howto on how to generate these modules from another system?
[20:28] <Kamilion> I have two amd64 9.04 boxes and a VM infrastructure on them, so the build environment's not so much of a problem, I could just use a high level overview of the process so I'm not running in circles
[20:29] <Rich-Newbie> giovani: The main purpose of my exersise to to run email on a local domain. Lets say 5 people share an office, person one needs to email person 2 a 5 meg attachments. It does not make sense to me to have to email it to the isp, then the receiving person downloads via pop3. Its much faster to send that file localy, and wont use bandwidth.
[20:30] <Kamilion> Sounds like more of a job for samba ;)
[20:30] <qman__> email in general is an inefficient way to do that
[20:30] <qman__> but that's another issue altogether
[20:30] <qman__> a local mail server for a business is no big deal, postfix in an "internet site" configuration should do that just fine
[20:31] <giovani> Rich-Newbie: you shouldn't be using email to move files internally
[20:31] <giovani> (and not externally either ... but that's slightly more excusable)
[20:31] <Rich-Newbie> afrom what I have seen, thats how alot of users do it.
[20:31] <giovani> well prevent them from doing that :)
[20:31] <qman__> yes, but it's bad practice
[20:32] <qman__> it's inefficient for a number of reasons, and just generally a bad idea
[20:32] <qman__> if you provide an environment with a better, easier alternative, they won't do that :)
[20:32] <qman__> a file share is one good way, using samba
[20:32] <qman__> but one approach I rather like is a wiki site
[20:33] <Kamilion> Hey, actually, might wanna take a look at openfiler -- since that can snapshot and version files. We use that type of functionality heavily here (I work for a staffing company)
[20:34] <qman__> the main advantages to wiki, everyone can update stuff, and you never lose data, because it keeps all previous versions
[20:34] <Kamilion> all of our users talk to a samba share on one of our local boxes, and that box snapshots the filesystem every 15 minutes.
[20:34] <qman__> and tracks it all in a nice manageable way
[20:35] <qman__> there are a lot of different approaches, but there's one main thing they have in common
[20:35] <qman__> they're much better than email for sharing files
[20:36] <Kamilion> the snapshots show up as read-only directories
[20:37] <qman__> but back to your original question, it's very simple to set up a local email domain with postfix
[20:37] <Rich-Newbie> Yes I do a agree email is not the best way to share files. I do use a general shared folder to share files. If the accountant has to send the boss something, say finacial figures ect, they going to general email it.
[20:38] <Rich-Newbie> thanks qman
[20:38] <qman__> you just install the package, choose internet site, and add users
[20:38] <Rich-Newbie> qman: I chose internet site with smart host
[20:38] <giovani> Rich-Newbie: you should set up different folders within the general share with permissions
[20:38] <giovani> so that the boss has access to every department's files, and only each department has access to their own private files, etc
[20:40] <qman__> I'm pretty sure there's a section in the ubuntu server guide for setting up mail
[20:40] <qman__> should cover everything you need to know for that
[20:43] <Rich-Newbie> qman, I have been reading the server guide, and a bunch of how to's. In postfix configuration it talks about system mail name, would that be say server.mydomain.com ? I have done the server setup a few times now, get confused abit with some of the config it requires
[20:45] <Rich-Newbie> thanks for the advice giovani. Hosted mail is an option eventually, when bandwith is cheaper and faster in South Africa. for small offices of a handfull of people its a bit pricey.
[20:46] <Kamilion> http://ubuntuserver.wordpress.com/2009/02/13/an-improved-mail-server-stack-in-jaunty-dovecot-and-postfix-integration/
[20:46] <giovani> Rich-Newbie: ah, well I didn't realize you were under such strict bandwidth constraints -- in that case, a local server is necessary
[20:47] <Kamilion> that's probably what you're looking for. "sudo apt-get install postfix-dovecot", that will set up pretty much everything for you, ask for your SMTP config (smarthost), and then set up dovecot and postfix with SASL against dovecot's user database (essentally /etc/passwd and /etc/shadow)
[20:48] <qman__> Rich-Newbie, the mail name would be your mail domain
[20:49] <qman__> where you want your addresses at, per say
[20:49] <Kamilion> at that point, it's as simple as 'adduser --disabled-login <username>'
[20:49] <qman__> so, for users@mydomain.com, the mail name would be mydomain.com
[20:50] <Rich-Newbie> thanks qman, so I dont put the hostname of the server box, just mydomain.com
[20:50] <qman__> yes
[20:50] <Kamilion> if it asks for FQDN you need to add the hostname too
[20:50] <qman__> it depends on what it's asking for
[20:50] <Kamilion> so 'mail.mydomain.com' if the machine is named mail
[20:50] <qman__> mail name is the domain
[20:51] <Kamilion> if it asks for 'domain', it's just domain.ext, if it asks for FQDN, it's hostname.domain.ext
[20:51] <Rich-Newbie> thanks for clarifying that for me.
[20:52] <Kamilion> yeah, confused me at first too.
[20:56] <Rich-Newbie> thanks for that link Kamilion, should I use the apt get, or does the same thing install if I chose mail server in the option on the inital setup
[21:01] <Kamilion> Not sure, I'd suggest apt-get
[21:02] <Kamilion> that way you don't mix up anything
[21:02] <Kamilion> personal preference, really. Normally the only thing I'll let the installer do is install openssh.
[21:03] <Kamilion> not sure if the 'task' uses that package or not.
[21:03] <Rich-Newbie> I have read alot of people prefer to do it that way, gives more control
[21:04] <Rich-Newbie> to administer postfix, would you recomend webmin, or should I use webmin and postfix admin.
[21:04] <Kamilion> honestly, there's not much to administer.
[21:05] <Kamilion> you shouldn't even need webmin.
[21:05] <Rich-Newbie> for ease of use for creating users ect, Played around a bit with webmin
[21:05] <Kamilion> usernames and passwords are from host accounts
[21:05] <giovani> webmin also is specifically not supported by ubuntu
[21:05] <Kamilion> it's as simple as 'adduser --disabled-login <username>'
[21:05] <giovani> if you feel the need to use a web interface, use ebox
[21:06] <Kamilion> ebox 1.2 is pretty good and handles most of the mail stuff for you.
[21:06] <qman__> yeah, there's hardly anything to administer
[21:06] <qman__> add users, that's it
[21:06] <Kamilion> but it's ISO is a pretty big download.
[21:06] <giovani> what iso?
[21:06] <Rich-Newbie> ebox is one I havent heard of.
[21:06] <giovani> Rich-Newbie: it's the only web administration interface supported by ubuntu
[21:06] <Kamilion> what people mean when they say 'administrate postfix' is 'spend hours trying to make postfix and a delivery agent work together'
[21:07] <qman__> I'm not a fan of web administration anyway, I use ssh
[21:07] <Kamilion> ebox or postfix-dovecot remove 99% of that 'spend hours' part.
[21:07] <Rich-Newbie> I see ebox is mentioned in the admin manual.
[21:07] <Kamilion> I use both -- but one of ebox's big advantages is 'the debian way' -- it asks you to confirm configuration changes for other packages.
[21:08] <Kamilion> so you can admin with SSH *AND* use ebox, and they happily share.
[21:09] <qman__> but yeah, the package makes it super easy
[21:09] <qman__> install, type in what it asks for, then add users
[21:09] <Kamilion> yup.
[21:10] <Kamilion> either way, dealing with setting up a mailserver is a veritable breeze compared to ~6-8 months ago.
[21:10] <Rich-Newbie> best I do some reading on the admin manuel
[21:10] <Kamilion> ebox 0.98 and 1.0 were broken
[21:10] <freemonttroll> Would appreciate help from gurus: Is it possible to upgrade from MySQL 5.0 to 5.1 on Ubuntu Hardy? I ran sudo apt-get update / dist-upgrade and then install mysql-server mysql-client, but I was told that I already have latest version. I can't seem to find a backport of mysql 5.1 for hard heron ...
[21:11] <qman__> if you want to go from an LTS version to a non-LTS, you have to change your update configuration
[21:11] <qman__> I don't know where it is on server
[21:11] <qman__> should be in the documentation
[21:11] <qman__> or someone else should know
[21:12] <Kamilion> but ebox 1.2 is pretty stable, a lot of the code has been rewritten
[21:12] <Kamilion> ebox's installer is based on 8.04 LTS.
[21:13] <qman__> I've never used ebox or webmin on any of my own servers
[21:13] <qman__> web interfaces are great for some things, but for server administration, I prefer more control
[21:18] <Psi-Jack_> Heh.
[21:18] <Psi-Jack_> Most web-based admin tools are also based on everything running on a single box.
[21:19] <Psi-Jack_> Where-as, it's almost always better to split up the services accross multiple physical computers.
[21:19] <Rich-Newbie> okay adding users was fairly straight forward
[21:23] <Rich-Newbie> thanks to everybody's help, this time I am able to connect to the mail server with imap, well almost. Got to check the user details I setup
[21:28] <Rich-Newbie> Sucsess thaks qman, kamilion and giovani. I was able to connect to the box with imap.
[21:28] <android6011> is there a way to install sound drivers in the server? I am using the server for many things and need to be able to record through line in
[21:32] <qman__> if you install a music player like cmus, it should install the dependencies
[21:32] <giovani> you shouldn't need to do that
[21:32] <giovani> the drivers are already in the kernel
[21:32] <giovani> run "lsmod | grep snd"
[21:32] <giovani> to verify that sound drivers have been loaded for your hardware
[21:38] <Kamilion> Rich-Newbie:  Glad to help. Enjoy your new mailserver. Remember to use postconf to increase the maximum size of a message, IIRC it defaults to 10MB or so
[21:44] <Rich-Newbie> Thanks Kamilion, now that the basic fuction works, I am going to go through the admin manual and play some more untill I break it and start again. Best way to learn, and if I manage to break it a few times, I will know what not to do.
[21:45] <Kamilion> postconf message_size_limit
[21:46] <Kamilion> that's the one
[21:46] <Kamilion> sorry, had to troll through my .bash_history
[21:49] <Rich-Newbie> thanks, for email anything bigger than 10megs is to big in my opinion. Reminds me of a client who I use to support. They had an sbs server setup, which was done by somebody else, with no limmits, the one user tried to email 30 megs worth of files I think it was, it blocked his mailbox completley.
[21:50] <Kamilion> I mention it because google's limit is 20MB
[21:50] <Kamilion> and if someone sends a 17MB pptx file, the server will flip them the bird ;)
[21:50] <Rich-Newbie> thats usefull to know
[21:51] <Kamilion> AFAIK, 20MB is the largest standard message size in normal use.
[21:52] <giovani> Rich-Newbie: I'd honestly make the max email size 1MB or so, at least internally
[21:52] <giovani> to completely discourage it as a method of sending files
[21:52] <Rich-Newbie> Thats a excellent idea giovani.
[21:53] <giovani> as long as you offer them an easier, and faster method
[21:53] <giovani> they'll learn to use it
[21:53] <Kamilion> there's no distinction between sending and receiving to postfix, mind you...
[21:54] <Rich-Newbie> wikki and open files I think is definitley something I must explore more
[21:54] <Kamilion> so preventing them from sending files would also prevent *receiving* attachments.
[21:54] <randy_> can anyone help me setup 2 lan cards on one server?
[21:54] <Kamilion> just keep that in mind. :)
[21:55] <Rich-Newbie> I would have users after my head, not being able to send jokes. sorry for them. ;)
[21:55] <Kamilion> just filter html messages then :)
[21:55] <Aison> re
[21:56] <Kamilion> btw -- there is libsieve support too for filtering. It's pulled in with postfix-dovecot
[21:56] <Aison> I tried to install ebox, but now I get a message like this: Failed to contact configuration server; some possible causes are that you need to enabled TCP/IP networking for ORBit
[21:57] <Kamilion> from their installer?
[21:57] <randy_> can anyone help me setup 2 lan cards on one server?
[21:58] <giovani> randy_: we discussed this yesterday
[21:58] <qman__> randy_, man interfaces
[21:58] <Kamilion> ifconfig eth0 up && ifconfig eth1 up
[21:58] <Kamilion> *grins*
[21:58] <randy_> Yes. You are the one I talked to from home, right?
[21:58] <giovani> randy_: from home? I don't know where you were
[22:00] <randy_> Oh, I talked to the other guy from my home last night and he told me when I got in today and was on the server, come back on and he would help me.
[22:01] <giovani> randy_: ok
[22:02] <Rich-Newbie> kamilion when I setup the email I have noticed if I put the email address just user it works, if I put user@mydomain.com it fails. Is this correct
[22:02] <randy_> Sorry, I lost connection for a minute.
[22:03] <Kamilion> Rich-Newbie: Hm... try user@hostname.mydomain.com
[22:03] <Kamilion> you may have to add an alias from mydomain.com to mail.mydomain.com
[22:04] <Rich-Newbie> :) thank you so much kamilion, now alot of what I have read is also making sense
[22:05] <Kamilion> No problem :)
[22:08] <Rich-Newbie> I found a couple of forum posts of people trying to do exactly what I am doing, the one poster always had the same response, about use citadel or zimbra, 20 mins to setup as oppose to 2 weeks setting up the way I have just done I have spent maybe 3 hours so far.
[22:13] <Kamilion> citadel was nice, but too much of a pain. I tried it too, but I wasn't happy with their redhat base. I don't like RPM, I'm partial to my apt :)
[22:13] <randy_> giovani are you still here and able to help me? my network went down a couple of times so I reset the modem.
[22:15] <randy_> kimilion, I did the ifconfig eth0 up and ifconfig eth1 up and now I can ping the outside world, but I still can't ping from the outside world. Any suggestions?
[22:15] <randy_> Sorry, Kamilion*
[22:15] <giovani> randy_: it sounds like you misconfigured something
[22:15] <giovani> the documentation and configuration are pretty clear
[22:15] <giovani> beyond that, I can't help you
[22:16] <Kamilion> randy_:  you need to set a route.
[22:16] <Kamilion> What subnet are you on, what's the gateway IP?
[22:16] <Rich-Newbie> giovani: what sort of servers do you manage?
[22:17] <randy_> Kamilion_ the settings are address 24.249.166.138 netmask 255.255.255.240 network 24.249.166.0 broadcast 24.249.166.255 and gateway 24.249.166.129
[22:18] <Kamilion> randy_: okay, try 'route add default gw 24.249.166.129'
[22:18] <randy_> do i use the initials "gw"?
[22:18] <Kamilion> yes
[22:18] <randy_> okay, just a minute.
[22:19] <randy_> I need to close out of here to do it unless there is another way.
[22:20] <Kamilion> any luck?
[22:20] <randy_> Kamilion_ Okay, I did it. Can you ping 24.249.166.138?
[22:20] <giovani> Rich-Newbie: what do you mean what sort of servers?
[22:21] <Kamilion> sec
[22:21] <Kamilion> yes
[22:21] <Kamilion> sub-100ms
[22:21] <randy_> And it works? Is that good?
[22:22] <Kamilion> yep
[22:22] <randy_> the sub-100ms
[22:22] <Kamilion> I'm on fibre, so 20ms average is excellent.
[22:22] <randy_> Can you go to the same ip in a browser?
[22:22] <randy_> It should say It Works!
[22:22] <Kamilion> "It works!"
[22:23] <Kamilion> apache2 standard page :)
[22:23] <qman__> I get 115ms average
[22:23] <Rich-Newbie> giovani: is it servers for corperates, hosting servers.
[22:23] <qman__> not excellent but perfectly acceptable
[22:23] <giovani> Rich-Newbie: I work for a financial company
[22:23] <Kamilion> the server's in philly?
[22:23] <Kamilion> somewhere on the east coast
[22:24] <randy_> Perfect. Are there any changes I need to make to any files so that it automatically does the ifconfig eth0 up and the ifconfig eth1 up and the route line?
[22:24] <Kamilion> randy_: Are you going to use this to route other traffic to the internet?
[22:24] <qman__> I'm in Michigan, my fastest pings are to places in chicago
[22:24] <giovani> randy_: yes, you should've put this in /etc/network/interfaces, as we instructed you
[22:24] <giovani> this is all covered in man interfaces
[22:24] <Kamilion> randy_:  should be in /etc/network/interfaces
[22:25] <Rich-Newbie> giovani: how many users on your network?
[22:25] <Kamilion> not sure how to set a route with /etc/network/interfaces though
[22:25] <giovani> Rich-Newbie: I don't support users
[22:25] <Kamilion> giovani: any ideas there?
[22:25] <giovani> Rich-Newbie: we have a server farm of about 1000
[22:25] <qman__> Kamilion, the gateway directive
[22:25] <giovani> Kamilion: it's covered in man interfaces, clearly
[22:26] <qman__> it's all in man interfaces
[22:26] <Kamilion> got it
[22:27] <randy_> Kamilion_: I will go to man interfaces and change the file accordingly. I am new at the linux on command line. I have setup many windows boxes and am switching to linux for all our servers after I get this one up.
[22:27] <Kamilion> randy_:  Add this to /etc/network/interfaces  (should be mostly self explanitory)
[22:27] <Kamilion> iface eth0 inet static
[22:27] <Kamilion>     address 24.249.166.138
[22:27] <Kamilion>     netmask 255.255.255.0
[22:27] <Kamilion>     gateway 24.249.166.129
[22:27] <qman__> you really should read through man interfaces anyway
[22:28] <qman__> that's networking 101, any sysadmin should know that stuff
[22:28] <Kamilion> "tldr;"
[22:28] <randy_> Kamilion_: What about the ifconfig eth0 up and all?
[22:28] <giovani> if his gateway is 129 ... he likely isn't on a class c
[22:28] <Kamilion> He just wants to know, not to understand.
[22:28] <qman__> knowing is not enough
[22:28] <Kamilion> randy_:  /etc/network/interfaces gets called by init scripts. It takes care of the rest
[22:28] <Kamilion> Understanding follows knowing.
[22:29] <randy_> I learned on my own over the last 30 years and don't know where to do the same things in linux as windows.
[22:29] <giovani> he probably needs a netmask of 255.255.255.192
[22:29] <Kamilion> I know I need the mpt2sas kernel module, but I do not understand how to build it as yet. I know the high level block diagram, but not the individual commands.
[22:29] <qman__> yes, but as the saying goes
[22:30] <qman__> the best answers we find on our own
[22:30] <Kamilion> Anyway, I gotta get on the road to San Francisco pretty soon
[22:30] <randy_> The netmask given to me from the cable provider is 255.255.255.240. I have 5 static ips.
[22:30] <Kamilion> so I guess I'll just leave windows server 2008 on this box for now. I wanted to get rid of it before I left, but that doesn't seem likely.
[22:30] <giovani> randy_: ok, then use that
[22:30] <Kamilion> *shudders*
[22:31] <qman__> 2008's not so bad
[22:31] <qman__> at least you're not running 2000 :)
[22:31] <randy_> I prefer linux so far... Just the learning curve of where everything is done.
[22:31] <Kamilion> R2, actually. And you're right. 7 and 08R2 are well built for the tasks they are required to do.
[22:31] <Kamilion> But I don't trust it for the low level infrastructure, nor do I want to run linux on hyper-v, so I need to get ubuntu and libvirt on there
[22:32] <qman__> yeah
[22:32] <randy_> Kamilion_: giovani_: Thank you both for your help. I will be back for more help as time goes on, but thank you very much.
[22:32] <qman__> windows just doesn't belong on the backbone
[22:32] <Kamilion> which is proving to be a pain, I need the mpt2sas module, but I can't find any howtos on how to compile kernel modules for ubuntu install CDs
[22:32] <Kamilion> randy_:  Enjoy!
[22:32] <randy_> Thanks
[22:33] <qman__> I'm actually an MCSE, have a degree and everything
[22:33] <qman__> linux is my OS of choice
[22:34] <Kamilion> Almost the same. Been hacking windows since "Windows 386", aka 2.03. never bothered with the MSCE though. Kicked to linux with Slackware 1.5, Redhat 4.2, Linux from Scratch 3.2, where I submitted a bunch of bootscripts, then onto gentoo, got sick of compiling packages, tried ubuntu 7.04 and been hooked ever since.
[22:34] <Rich-Newbie> I am going to call it a night. Been very succesfull with the help of giovani, qman_, and kamilion. I have learnt a huge amount. :) And wiki, open openfiles for docuemnt sharing is the next project.
[22:34] <Kamilion> it's most definitely easier to administrate than windows for me, and I use the modularity to it's fullest advantage.
[22:35] <Kamilion> Rich-Newbie: here's a tip
[22:35] <Kamilion> http://www.turnkeylinux.org/
[22:35] <qman__> yeah, I've managed some solaris and BSD stuff too, but linux is just so much easier
[22:35] <Kamilion> try the mediawiki VM.
[22:36] <Kamilion> http://www.turnkeylinux.org/appliances/mediawiki
[22:36] <Kamilion> based on ubuntu hardy (8.04 LTS)
[22:37] <Kamilion> and you might want to look into ebox for yourself and evaluate if it will meet your needs. (it meets mine!) http://trac.ebox-platform.com/
[22:38] <Kamilion> Very friendly to manage, and you can still leverage the power of the commandline when you're ready to spend the time to learn.
[22:38] <qman__> that picture reminded me
[22:38] <qman__> every time I run updates on my openvpn server, it breaks
[22:38] <qman__> and a reboot fixes it
[22:38] <Kamilion> yep.
[22:38] <qman__> restarting services won't fix it
[22:38] <qman__> only a full reboot
[22:39] <qman__> it's weird and annoying
[22:39] <Kamilion> yep.
[22:39] <psi-jack> Hmmm, Turnkey eh?
[22:39] <Kamilion> File a bug. My workaround: Install ebox/openvpn on a VM.
[22:39] <psi-jack> Heh
[22:39] <Kamilion> nothing but openvpn.
[22:40] <psi-jack> I'm just now looking at eBox, curiously about it.
[22:40] <Kamilion> 1.2 was JUST released.
[22:40] <Kamilion> The documentation has not caught up yet.
[22:40] <psi-jack> Really?
[22:40] <psi-jack> heh
[22:40] <psi-jack> Based on 8.04 LTS I noticed.
[22:40] <Kamilion> yep.
[22:40] <psi-jack> Do you know much about it?
[22:40] <Kamilion> I try to run everything I can on a JEOS base.
[22:40] <Kamilion> yeah, I have a pretty good understanding of it.
[22:41] <Kamilion> 1.2 was mostly a rewrite, as 0.98, 1.0, and 1.1 were pretty broken.
[22:41] <Kamilion> I'm not happy that it's mostly perl, but I can deal with it.
[22:41] <psi-jack> Cool. Some things I'm curious about, I notice it has LDAP built-in, which I've been working on the past couple days on my own with Ubuntu 9.04
[22:41] <Kamilion> not only that
[22:41] <psi-jack> Does it do just LDAP, or does it mix SASL auth and Kerberos V and Samba LDAP?
[22:41] <Kamilion> the ebox-desktop package can be installed on client ubuntu systems that sets up LDAP, evolution, ekiga, and jabber for every user.
[22:41] <Rich-Newbie> when I first decided to explore ubuntu server about a week go, I have learnt alot, done alot of reading, I think the couple of hours I spent here have been the most valuble. Big thank you.
[22:42] <Kamilion> Rich-Newbie:  IRC always ends up that way :)
[22:42] <qman__> Rich-Newbie, no problem, stick to it
[22:42] <Kamilion> but watch out! IRC is an ADDICTION.
[22:42] <qman__> the documentation is great, but sometimes you just need to be pointed in the right direction
[22:42] <Kamilion> I've been addicted since 1993 :)
[22:42] <psi-jack> Kamilion, Youngin. :p
[22:43] <Kamilion> anyway, time for me to head out. Got a long journey up to San Francisco today.
[22:43] <qman__> heh
[22:43] <Rich-Newbie> indeed it is, for me interacting with people who can explain stuff is a huge help
[22:43] <psi-jack> 1993 they'd already had named channels on IRC.
[22:43] <Kamilion> irc's only been around since 1992, psi-jack
[22:43] <qman__> I'm not old enough to have been around that long, but I know the feeling
[22:43] <Kamilion> I hold one of the distinct pleasures of IRCing on eris.
[22:43] <qman__> I've been a regular in the same channels for about 7 years now
[22:43] <Kamilion> *laughs*
[22:44] <Kamilion> anyway, good luck, Rich-Newbie.
[22:44] <Kamilion> Cheers, everyone. :)
[22:44] <Rich-Newbie> thanks
[22:44] <psi-jack> Kamilion, Bzzz. Wrong. IRC was first around in 1988
[22:44] <Rich-Newbie> cheers kamilion
[22:44] <Kamilion> psi-jack: the original IRC protocol, not "IRCII", the protocol we now know as IRC.
[22:45] <psi-jack> Yep. I'm talking irc2.0, not ircii.
[22:45] <Kamilion> I've actually been around since compuserve's 'cb' and such, back in the 80s before AOL had a gui and didn't suck quite as much.
[22:45] <Kamilion> and good old GEnie too.
[22:45] <psi-jack> Aug 88 - first irc server tolsun.oulu.fi
[22:46] <psi-jack> 89 - ircII released by Michael Sandrof (BigCheese)
[22:46] <psi-jack> :)
[22:46] <Kamilion> Ack, gonna be late. IRC always has this effect... going on 20 years now.
[22:46] <Kamilion> Cheers!
[22:46] <psi-jack> D'oh!