[00:23] <qman__> yes, pam is a wonderful thing
[00:23] <qman__> I wish samba used pam instead of just adapting to it
[00:32] <Psi-Jack__> Okay.. So my router, presently, has only a small annoyance.
[00:33] <Psi-Jack__> When eth1, my net interface, comes up, it replaces /etc/resolv.conf with that retrieved via the DHCP.
[00:33] <Psi-Jack__> I don't want that, I want it to stay as I put it, or to adjust it with resolvconf to settings specifically supplied by wherever it gets that.
[00:34] <Psi-Jack__> Cause, I have my own domains. I have my own DNS, I don't want my router out of sync with that.
[00:36] <KillMeNow> Not sure if you can change that for a single host
[00:36] <KillMeNow> i think there are DHCP options you can disable globally to not push DNS resolvers
[00:36] <KillMeNow> but not sure about a single host...
[00:37] <KillMeNow> why are you having it grab an IP via DHCP?  why not do it statically?
=== MianoSM4 is now known as MianoSM
=== clusty_ is now known as clusty
=== jerrcs2 is now known as jerrcs
[04:11] <uvirtbot> New bug: #417211 in tomcat6 (main) "package tomcat6 6.0.18-0ubuntu6.1 failed to install/upgrade: subprocess post-installation script returned error exit status 1 (dup-of: 417212)" [Undecided,New] https://launchpad.net/bugs/417211
[04:12] <mushroomblue> holy crap the OpenLDAP instructions are completely useless
[04:12] <mushroomblue> from what I'm reading, slapd in 9.04 isn't built against openssl
[04:16] <mushroomblue> is this correct?
[04:16] <mushroomblue> cos it sounds really really stupid.
[04:16] <mushroomblue> though it explains why the SSL/TLS section of the OpenLDAP instructions don't work.
[04:19] <jerrcs> if you want to see stupid
[04:19] <jerrcs> https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/335933
[04:19] <uvirtbot> Launchpad bug 335933 in proftpd-dfsg "proftpd: Several SQL injection vulnerabilities" [Undecided,Confirmed]
[04:19] <jmarsden> mushroomblue: You might want to read /usr/share/doc/slapd/README.Debian.gz
[04:19] <jerrcs> why isn't that fixed yet? on ubuntu server edition.. your proftpd server is vulnerable...
[04:20] <jmarsden> jerrcs: Go ahead and post the debdiff needed to fix it, if you want it fixed fast.
[04:21] <Sam-I-Am> mushroomblue: openldap is built against gnutls
[04:25] <jerrcs> jmarsden: I'm no good with that.. I'm just an ubuntu-server who is very pissed off that it's been half a year and a major ftp server package hasn't been fixed.. a security issue like this.. my home directory has been open to anyone who has used this.. luckily there's nothing too much on there, and i've only been running it for about a month.
[04:26] <jerrcs> an ubuntu-server user.
[04:31] <sub> http://packages.ubuntu.com/search?keywords=proftpd&searchon=names&suite=jaunty&section=all
[04:32] <sub> that vulnerability is fixed in that version, 1.3.1-17ubuntu1
[04:32] <sub> as it states here: https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/329167
[04:32] <uvirtbot> Launchpad bug 329167 in proftpd-dfsg "Please merge proftpd-dfsg 1.3.1-17 (universe) from Debian unstable (main)" [Wishlist,Fix released]
[04:32] <jerrcs> "The ProFTPD Project team is happy to release 1.3.2 to the community. This is a bugfix release, including a SQL injection vulnerability fix. The RELEASE_NOTES and NEWS files contain the full details."
[04:32] <jerrcs> no it isn't
[04:33] <sub> #7   	 Launchpad Janitor  wrote on 2009-02-13:
[04:33] <sub> This bug was fixed in the package proftpd-dfsg - 1.3.1-17ubuntu1
[04:33] <jerrcs> There was another one then.
[04:33] <jerrcs> sub: I just exploited my own server. I have all my packages up to date. How can you tell me it's fixed? Not to mention I did a clean install of ubuntu-9.04 just about a month ago
[04:34] <sub> then post the debdiff. its community-maintained software which means it doesn't get fixed until someone who uses the software (like you) fixes it
[04:36] <jerrcs> http://pastebin.com/m1c726b6f
[04:37] <jerrcs> sub: how can ubuntu penetrate the server market if they can't keep this up to date? I mean.. I understand. It's in a different repository.. but still.
[04:37] <jerrcs> Just bringing up a discussion.
[04:50] <ScottK> Because much of Ubuntu's success has been not trying to do everything, but being the best at what they focus on.
[04:56] <jerrcs> I suppose.
[05:09] <giovani> ScottK: really? what does ubuntu focus on?
[05:10] <ScottK> Generally we try to pick one package to support for each function.
[05:10] <jerrcs> an idiot-proof OS
[05:10] <ScottK> For example we generally focus on Postfix as a mail server even though there are lots of others.
[05:10] <ScottK> jerrcs: Not possible.
[05:10] <giovani> well sure ... other distros tend to do that too
[05:11] <ScottK> Just more so here.
[05:11] <ScottK> So if you're using packages that aren't supported (in Universe), don't expect them to be supported.
[05:11] <ScottK> Some of them are well supported by the community, but it's uneven.
[05:12] <giovani> ScottK: what's the main, supported-by-ubuntu ftp server?
[05:12] <quizme> http://cardinaleducation.thirdreplicator.com/  <--- trying to get mod_proxy to work.  Can somebody help?
[05:12] <ScottK> I don't actually know.
[05:13] <jerrcs> proftpd is pretty popular.
[05:13] <ScottK> I find I can use sftp for all my needs so it's been years since I worried about it.
[05:13] <jerrcs> yet there's a huge vuln in it.
[05:13] <giovani> I can't seem to find a major ftpd that isn't in universe
[05:13] <jerrcs> Yes.. I prefer sftp.. but I have clients which use regular ftp.
[05:13] <giovani> ScottK: but surely FTP is acknowledged as a major protocol still in use, for various reasons
[05:14] <ScottK> giovani: Certainly, just saying I don't know.
[05:14] <giovani> ok
[05:14] <giovani> vsftpd
[05:14] <giovani> is in the main repo
[05:14] <giovani> so I guess that's the one ubuntu has chosen to support primarily
[05:14] <ScottK> Odds of it having issues left long unfixed are relativley low then.
[05:15] <ScottK> You could also look in the Ubuntu server guide and see what it suggests.
[05:15] <quizme> if i log into the server, and run "curl http://127.0.0.1:11000" it works, but when i access it via the URL. I get "Not found /"
[05:15] <jerrcs> I'll poke around with vsftp.
[05:15] <jerrcs> vsftpd*
[05:15] <giovani> vsftpd is security-focused anyhow
[05:15] <giovani> implied by the name ...
[05:28] <quizme> anybody know how to mod_proxy here ?
[05:44] <mushroomblue> so wait. it's built against GnuTLS for a while now, but the documentation doesn't reflect this?
[05:44] <mushroomblue> 8.10 and 9.04 server guide both give incorrect configuration steps for openldap, then.
[05:45] <mushroomblue> you'd think someone would notice, and update the docs
[05:45] <Sam-I-Am> what its built against doesnt really matter for the config iirc
[05:45] <Sam-I-Am> certs are certs
[05:45] <mushroomblue> steps to get a working system are different.
[05:46] <mushroomblue> and if you're planning on following the server guide to configure your system, you're sorta out of luck.
[05:46] <mushroomblue> that's poor documentation.
[05:46] <Sam-I-Am> well, one of the fun parts of open source... you can volunteer to make it right :)
[05:46] <jmarsden> mushroomblue: Thanks for volunteering to update the docs ... where can we see your proposed changes?
[05:46] <Sam-I-Am> talk with sommer ... he's the docs guy
[05:46] <mushroomblue> oh, I'll be happy to submit changes
[05:46] <mushroomblue> when I'm not drunk. :)
[05:47] <mushroomblue> s/changes/docs/
[05:47] <Sam-I-Am> i've been planning to submit updates to it
[05:47] <Sam-I-Am> todays fun was patching openldap though
[05:47] <mushroomblue> jmarsden: you'll have to crack my skull open and take a peek.
[05:47] <mushroomblue> sicko.
[05:48] <jmarsden> mushroomblue: My machine seems to lack the skullcrack-and-peek package, and it;s not in the repositories.
[05:48] <mushroomblue> jmarsden: thanks for the readme, tho. :)
[05:48] <Sam-I-Am> i think that package is called 'sendmail'
[05:48] <mushroomblue> I'd like to think my brain is a lot more like git
[06:33] <RudyValencia> hi
[06:33] <RudyValencia> How much space do I need to allocate to an Ubuntu Server running in a VM?
[06:33] <RudyValencia> (hard disk)
[06:33] <RudyValencia> would 10GB be enough?
[06:35] <jmarsden> RudyValencia: It depends what you want to do with it, but for testing and experimenting, yes, probably.
[06:35] <RudyValencia> jmarsden: Web serving.
[06:36] <jmarsden> Well, if you want to serve 100GB of videos, then 10GB won't be enough... :)
[06:36] <RudyValencia> I can't get Apache to work right on the Windows host so I set the VM up to run a LAMP stack
[06:36] <RudyValencia> As for storage, I use SMBFS shares
[06:36] <jmarsden> Then you should be fine with 10GB for the server itself.
[06:37] <RudyValencia> I notice no appreciable difference between storing the data in the VM and storing the data on SMBFS shares
[06:37] <jmarsden> I have Ubuntu VMs with as little as 4GB for testing sometimes.
[06:37] <RudyValencia> (because my server is a low-volume server.)
[06:38] <RudyValencia> Is it better to 'pre-allocate' the disk file?
[06:38] <RudyValencia> that is, have it make one 10GB file vs. a file that grows with the contents of the VM
[06:38] <jmarsden> Not usually; there is a slight disk performance gain by preallocating it.
[06:40] <RudyValencia> Ah
[06:40] <RudyValencia> I set it up with 512MB of RAM allocated to it
[06:40] <RudyValencia> and bridged networking
[06:40] <RudyValencia> No sound or other peripherals, except CD image access
[06:43] <mattt> RudyValencia: you using xen?
[06:43] <RudyValencia> mattt: I don't have a computer capable of hardware virtualisation
[06:44] <mattt> RudyValencia: same, i'm old school like that also :)
[06:44] <RudyValencia> My server is a repurposed 2.2GHz P4
[06:45] <RudyValencia> w/ 1GB RAM, 200GB and 250GB hard disks, DVD(+/-)RW drive, a cheap NIC, and a LaserJet 5L
[06:48] <mattt> i wish the newer versions of ubuntu still supported exn
[06:48] <mattt> *xen
[06:50] <jmarsden> mattt: I think newer versions of KVM can run on systems without hardware virtualization.  I know virtualbox-ose can.
[06:50] <RudyValencia> I tried to setup VMware Tools on my Ubuntu Server 8.04 install that had been untouched for a while
[06:50] <RudyValencia> and it failed :(
[06:50] <mattt> jmarsden: oh, nice!
[06:51] <jmarsden> mattt: I was running multiple virtualbox-ose VMs here on an Intel E5200 (no hardware virt) until a few weeks ago (upgraded to a Q9550 as a birthday present to myself!)
[06:52] <RudyValencia> I'm getting some pretty good life out of this old Pentium 4
[06:52] <RudyValencia> (I have a 2.8GHz as my main desktop)
[06:53] <jmarsden> RudyValencia: Yes, I do that too... but I've not tried VM stuff on older machines, at home or at work.
[06:53] <RudyValencia> ah
[06:53] <RudyValencia> I wish I could upgrade either of my systems
[06:53] <RudyValencia> (or both)
[06:53] <mattt> jmarsden: so virtualbox-ose uses KVM?  i didn't know that.
[06:54] <jmarsden> No, they are independent.
[06:54] <RudyValencia> This 2.8GHz desktop is nice but doesn't run WinXP well
[06:54] <RudyValencia> oops
[06:54] <RudyValencia> I meant, Win7
[06:54] <RudyValencia> It runs WinXP now
[06:54] <RudyValencia> (I still have to use Windows, for Creative Suite 3 does not run well on Linux w/ Wine)
[06:55] <RudyValencia> I would've switched to Linux completely already if it were capable
[06:55] <jmarsden> RudyValencia: Run Ubuntu on the hardware, and Windows in a VM for the occasions when you need it :)
[06:56] <RudyValencia> I need Windows to do development for IE
[06:56] <RudyValencia> (I no longer support IE6, only 7+)
[06:57] <RudyValencia> The Web browser has become an application platform with the advent of AJAX and other new technologies
[06:58] <jmarsden> Sure, but you can do that (run IE and whatever) in a Windows VM.  You don't need to run it on the physical hardware.
[06:58] <RudyValencia> I also do 3D with SketchUp
[06:58] <RudyValencia> (which a VM can't handle)
[06:58] <RudyValencia> and play the occasional 3D game
[07:00] <jmarsden> VirtualBox is supposedly able to do 3D in the VM for Windows guests now, although I have never tried it.
[07:00] <spowers> is it possible to run top on the console of a server with upstart or getty or something?
[07:03] <jmarsden> spowers: Sure.  I think that is part of what the top "secure mode" stuff is all about... ensuring you can leave it running in a way that random passers-by can't abuse your server
[07:04] <spowers> the problems i'm having are more to do with terminal control
[07:04] <spowers> and how to run it at boot
[07:05] <spowers> on a real server, i'd stick it on tty12 and chvt to it in rc.local, but i'm running in xen so there's only one tty
[07:05] <spowers> what would be really awesome is to make a screen profile for boot time that had a secure top and could only spawn /bin/login instead of bash directly
[07:06] <spowers> screen itself would have to be more secure probably, so that might not be the right approach
[07:06] <spowers> and it's not like this is a real PROBLEM
[07:06] <spowers> per se
[07:07] <jmarsden> spowers: aybe set up a user called top whose shell is top ... and log in on the console as top ?
[07:07] <spowers> i'll give that a shot, it works well enough for an x server on my mythtv box, i'd forgotten about that
[07:07] <mattt> spowers: what are you trying to accomplish with this anyway (not fully understanding here)
[07:08] <spowers> boy, if i had a nickel for every time someone asked me that...
[07:08] <mattt> :)
[07:08] <spowers> i'm just hacking around
[07:09] <mattt> tho it is an interesting idea, i used to work at a hosting company and if that info was visible (even if hte machine was hung and the info stale) it'd be really helpful to support
[07:09] <spowers> i've got this mental image of a console that cycles through top/iptraf/some other monitor on the console
[07:09] <mattt> (and by visible i mean visible on the console)
[07:09] <spowers> like arcade games cycle through demos and logo screens
[07:09] <RudyValencia> Sorry, network cable broke
[07:10] <jmarsden> mattt: leaving top running on a spare terminal was an oldtimers trick a decade or two ago, so when things went bad on your server you could see why... even when it was so bad you couldn't log in and run top because the server was so bogegd down...
[07:10] <spowers> top has existed for a decade or two? wow
[07:10] <spowers> i'm always in awe of unix tradition
[07:10] <jmarsden> Sure.  I'm pretty sure I was using it in 1994 or so...
[07:10] <mattt> jmarsden: yeah, that's exactly what i'm thinking ... dunno why we never thought to do that :/
[07:10] <Boohbah> even better, top in a screen session so you can disconnect
[07:11] <mattt> Boohbah: yeah, but if the system is unresponsive so is screen :)
[07:11] <mattt> (or the load's too high or whatever the case)
[07:11] <spowers> main thing would be to have something on the main console more useful than the last handful of boot messages and a login prompt
[07:11] <Boohbah> well then, remote serial console
[07:11] <spowers> even old netware had that silly snake that represented the load average
[07:11] <mattt> spowers: good idea, i like your thinking
[07:12] <spowers> when i boot up our linux vms, the console is always a mess
[07:12] <spowers> top looks nice and tiday
[07:12] <spowers> tidy
[07:14] <spowers> jmarsden: the 'top' user thing works a charm
[07:15] <jmarsden> Good :)
[07:16] <spowers> i remember hacking around with getty several years ago trying to start dosemu to run a WWIV bbs system
[07:16] <spowers> that did not work so well
[08:08] <RudyValencia> I put the wrong hostname for my server in when I reinstalled
[08:09] <RudyValencia> How do I change the hostname?
[08:12] <_ruben> doing a find/replace in /etc with the old -> new name should cover most stuff .. depends on how much stuff is already installed as well though
[08:13] <RudyValencia> probably easier to reinstall at this early stage
[08:14] <_ruben> depends .. if its a clean install with not much extra tasks installed .. covering /etc/ would do just fine .. a simple sed/perl oneliner .. then again, reinstalls can be fairly quick as well depending on the method used
[08:14] <sub> nah
[08:14] <RudyValencia> Nothing installed yet
[08:14] <sub> just /etc/hosts and /etc/hostname should cover it
[08:14] <RudyValencia> ah
[08:15] <_ruben> sub: unless for example postfix is installed as well as a task
[08:15] <jmarsden> sub: Maybe /etc/mailname if an MTA is installed
[08:15] <_ruben> there's quite a few packages that use the hostname in postinstall scripts
[08:15] <sub> then you can either reboot or use the "hostname" command to set the new hostname
[08:15] <RudyValencia> I'll redo it
[08:16] <sub> Perhaps
[08:16] <sub> I have a new system running as well and I just did grep -Hr `hostname` /etc
[08:16] <RudyValencia> very very easy
[08:16] <_ruben> redoing install surely is the cleanest way .. but also a tad overkill ;)
[08:17] <RudyValencia> time is unimportant here
[08:17] <sub> i've changed hostnames more often than i'd like to admit ;p
[08:18] <_ruben> i only looked into it once when looking into the options for 'templating' my virtual machines .. in the end i just setup a pxe environment with preseeded installs :p
[08:20] <RudyValencia> hm, I have Remote Installation Services on the Windows side of my server
[08:20] <RudyValencia> I wonder if it can install other OSes than Windows
[08:20] <RudyValencia> like Ubuntu or whatever
[08:21] <RudyValencia> Wow
[08:22] <RudyValencia> I entered the static IP address in the installer and my network information and it picked up the hostname
[08:22] <RudyValencia> (from my DNS)
[08:22] <quizme> http://cardinaleducation.thirdreplicator.com/  <--- I'm doing a proxy pass thing with webrick but i'm getting this....
[08:22] <quizme> anybody know why ?
[08:22] <quizme> my mod_proxy is set up correctly cuz i'm using the same configuration on another site.
[08:23] <RudyValencia> which is the best setting: relatime, noatime, or no option for such?
[08:24] <_ruben> i use noatime for dedicated /var/log/ partitions on busy servers
[08:26] <RudyValencia> ah
[08:27] <RudyValencia> What exactly is a "Label"
[08:27] <RudyValencia> ?
[08:27] <_ruben> just that .. a label :)
[08:27] <RudyValencia> Is that like the "volume label" on a FAT or NTFS volume?
[08:27] <_ruben> kinda, yeah
[08:27] <RudyValencia> ah
[08:28] <RudyValencia> Hm, do you change /etc/issue or /etc/motd on your server(s)?
[08:28] <RudyValencia> I like to change /etc/issue to display a warning
[08:30] <RudyValencia> "WARNING: THIS SYSTEM IS RESTRICTED TO (COMPANY NAME) AUTHORIZED USERS, FOR LEGITIMATE BUSINESS PURPOSES ONLY..."
[08:30] <jmarsden> RudyValencia: If the logins are from the network, edit /etc/issue.net  .  For a standard warning text, see http://pastebin.com/f7098d623
[08:31] <RudyValencia> jmarsden: I already have one of my own
[08:31]  * RudyValencia pastebins it
[08:31]  * jmarsden hopes you are a good lawyer, if you write it yourself  and want it to be legally correct :)
[08:32] <_ruben> i never bother to edit those .. or read them if i'd log into a remote system (usualy, unless it does a good job on drawing attention)
[08:32] <sub> cowsay tends to catch my attention
[08:34] <RudyValencia> jmarsden: I borrowed it from another computer at a place I used to work at
[08:34] <RudyValencia> http://pastebin.com/m2d02cbe7
[08:35] <RudyValencia> I substituted [COMPANY] where my business' name goes
[08:36] <jmarsden> OK.  Your notice gives away info to the (hypothetical) hacker... you tell him who owns the system.  Why give away that info?
[08:36] <RudyValencia> I should remove the company name and reflow it to make sense
[08:37] <sub> is that not already given away by ARIN registrations and reverse DNS?
[08:38] <jmarsden> sub: is it?  Try it sometime?  Usually you get the ISP, not the company or end user.
[08:38] <RudyValencia> jmarsden: http://pastebin.com/m16f51a1d (amended)
[08:38] <sub> depends, some ISPs update the registration for their netblocks
[08:38] <sub> I work for an ISP, so I guess that's a moot point in my situation :)
[08:38] <jmarsden> :)
[08:39] <_ruben> highly depends on the customer base too .. i doubt much isp would swip their adsl blocks :p
[08:40] <sub> of course not, but most ISPs swip the blocks they give with leased/dedicated circuits
[08:40] <jmarsden> RudyValencia: Looks OK to me, but I am not a lawyer.
[08:40] <_ruben> exactly
[08:41] <RudyValencia> I forwarded my SSH port to a different number than 22
[08:41] <RudyValencia> (I hate getting SSH scans
[08:42] <RudyValencia> also, my VM seems to be stuck at 'Validating libklibc'
[08:44] <RudyValencia> Hm, I wonder what Linux does for consoles on computers that don't support text-only modes
[08:44] <RudyValencia> (e.g. 68k/PPC Macs, etc.)
[08:56] <RudyValencia> my VM has stalled :/
[08:56] <RudyValencia> I'm trying to get Ubuntu to install and the VM keeps stalling
[08:57] <RudyValencia> nevermind
[08:57] <RudyValencia> it returned
[09:21] <Psi-Jack__> Okay.. So my router, presently, has only a small annoyance.
[09:21] <Psi-Jack__> When eth1, my net interface, comes up, it replaces /etc/resolv.conf with that retrieved via the DHCP.
[09:21] <Psi-Jack__> I don't want that, I want it to stay as I put it, or to adjust it with resolvconf to settings specifically supplied by wherever it gets that.
[09:21] <Psi-Jack__> Cause, I have my own domains. I have my own DNS, I don't want my router out of sync with that.
[09:24] <sub> one sec, I do the same thing here at home
[09:27] <sub> You're going to want to edit /etc/dhcp3/dhclient.conf
[09:27] <sub> And you can either add a prepend line to add your static servers before the ones given by dhcp, or you can just not request the DNS info
[09:40] <Psi-Jack__> Hmm
[09:40] <Psi-Jack__> I'd tried taking out requesting it, and it still overwrote my resolv.conf file.
[09:41] <Psi-Jack__> But, so far, supersede domain-name-servers fixed my nameserver entries, but now I Just need to fix domain and search.
[09:44] <RudyValencia> hm, I think there's a problem
[09:45] <RudyValencia> W: Failed to fetch http://mirrors.kernel.org/ubuntu/dists/hardy/Release  Unable to find expected entry  main-updates/source/Sources in Meta-index file (malformed Release file?)
[09:46] <RudyValencia> E: Some index files failed to download, they have been ignored, or old ones used instead.
[09:46] <jmarsden> Run sudo apt-get update again, or pick a different mirror and then try again.
[09:47] <RudyValencia> It happens with several mirrors.
[09:48] <RudyValencia> Tried Easynews, kernel.org, and OSUOSL
[09:48] <jmarsden> Odd.  I should be asleep (almost 2am here), but I'll check it on an old Hardy VM I have... booting now...
[09:49] <RudyValencia> Almost 3 here.
[09:50] <jmarsden> Seems to work fine from here (using us.archive.ubuntu.com as the mirror).
[09:51] <RudyValencia> Maybe the mirrors are broken
[09:52] <RudyValencia> Not working here
[09:53] <jmarsden> I just tried with mirrors.kernel.org and that worked for me too.
[09:54] <jmarsden> Are you out of disk space somehow on /var ?  Not really sure what else to check...
[09:56] <RudyValencia> df says only 8% of the disk is used
[09:57] <jmarsden> And you just created a single partition, not a separate /var ?  Then that's not it...
[09:58] <jmarsden> That's not an absolutely show-stopping warning, it just means you may not be getting the very latest updates...
[09:59] <jmarsden> But it shouldn't be happening, at least not reliably and on multiple mirrors.
[09:59]  * RudyValencia reboots the VM
[09:59]  * jmarsden goes to bed :)  Goodnight all.
[10:02] <_ruben> could be a flakey (transparent) proxy interfering
[10:03] <RudyValencia> No proxies here
[10:14] <RudyValencia> _ruben: I made a typo.
[10:14] <RudyValencia> That was why it failed
[10:15] <RudyValencia> I shouldn't be writing a configuration file at 3AM
[10:15] <LiraNuna> "passwd: Authentication token lock busy" any idea what that means?
[10:15] <LiraNuna> I upgraded libpam-mysql from a working config, now I get this
[10:16] <LiraNuna> I'm sure common-password is configured right as with old pam-mysql I could change the password (only as root, though)
[10:43] <Boohbah> hi RudyValencia
[10:43] <Boohbah> did you find a job yet?
[10:44] <RudyValencia> Still at Walgreens
[10:45] <Boohbah> what location?
[10:46] <RudyValencia> same as before
[10:47] <Boohbah> i forgot where that was
[10:48] <RudyValencia> Greeley
[10:48] <RudyValencia> 23rd Avenue and 16th St.
[10:48] <Boohbah> Nebraska?
[10:49] <RudyValencia> CO
[10:49] <RudyValencia> (Colorado)
[10:49] <RudyValencia> also, how do I prepend the output of uname -a to a text file?
[10:50] <Boohbah> i don't know about prepend with bash
[10:51] <Boohbah> i can append
[10:52] <foolano> RudyValencia: using sed?
[10:52] <RudyValencia> any method
[10:52] <_ruben> nasty way: file=/some/file ; uname -a > $file.tmp ; cat $file >> $file.tmp ; mv $file.tmp $file
[10:53] <foolano> i prefer: sed 1ifoo file.txt
[10:53] <Boohbah> that's a really nasty way
[10:53] <RudyValencia> I got it
[10:53] <_ruben> "any" also covers "really nasty" in my book ;)
[10:54] <RudyValencia> echo `uname -a` > newfile; cat originalfile >> newfile
[10:54] <foolano> sed 1i"$(uname -a)" file.txt
[10:58] <Boohbah> foolano: nice!
[11:02] <foolano> sudo dumpe2fs -b /dev/sda3 | wc -l
[11:02] <foolano> 65
[11:02] <foolano> arhhh, it aint looking good
[12:03] <RudyValencia> Anyone here having difficulty building VMware Tools or open-vm-tools on Ubuntu Server 8.04?
[12:03] <RudyValencia> I can't get them to build
[12:30] <RudyValencia> :(
[12:30] <RudyValencia> Why won't VMware Tools build on Ubuntu 8.04.2 Server?
[12:43] <LMJ> I've create a lvm volume a couple of months ago and store datas on it. I rebooted today after an simple upgrade, no more LVM ! pvdisplay, vgdisplay & lvdisplay are empty, What could I do to get back my files ?
[12:54] <AlexC_> morning
[12:55] <AlexC_> I've recently stopped using SpamAssasin, and instead just using Postfix restrictions (which is working very well), however I just saw in my logs this: postfix/smtpd[14337]: NOQUEUE: reject: RCPT from openzula.org[72.14.177.55]: 504 5.5.2 <localhost>: Helo command rejected: need fully-qualified hostname; from=<noreply@tangocms.org> to=<users-email@example.com> proto=ESMTP helo=<localhost>
[12:56] <AlexC_> how come it is blocking openzula.org (which is a domain I own, and is 'on' this server), for not being a FQDN? How is that not a FQDN?
[12:56] <AlexC_> this email would have been a forum notification email to a user, from the board its self
[13:31] <giovani> AlexC_: because it's not identifying itself as openzula.org, it's identifying itself as "localhost" as far as I can tell
[13:35] <pmatulis> AlexC_: perhaps pastebin the output of 'postconf -n'
[13:43] <AlexC_> pmatulis: sorry, was away: http://paste2.org/p/395497
[13:49] <giovani> AlexC_: output of 'hostname -f'?
[13:55] <AlexC_> 'localhost' .... that'll be why then, giovani =)
[13:56] <AlexC_> editing /etc/hosts to have the one I want first, made 'hostname -f' return what I wanted. I assume that would have fixed it now
[14:00] <giovani> what?
[14:00] <giovani> don't edit /etc/hosts
[14:00] <giovani> that's not where the hostname belongs
[14:00] <giovani> you want to edit /etc/hostname
[14:00] <AlexC_> I know, however that is not where hostname -f and where it looks up is from
[14:01] <giovani> huh?
[14:02] <AlexC_> as stated in 'hostname --help': "Unless you are using bind or NIS for host lookups you can change the FQDN (Fully Qualified Domain Name) and the DNS domain name (which is part of the FQDN) in the /etc/hosts file."
[14:03] <giovani> you don't need to that, but ok
[14:03] <AlexC_> well, /etc/hostname is already set to 'cypher.openzula.org', so it wasn't getting it from there
[14:04] <giovani> had you rebooted since that had been set?
[14:04] <giovani> it absolutely gets it from there
[14:04] <giovani>        The host name is usually set once at system startup in /etc/rc.d/rc.inet1 or /etc/init.d/boot (normally by  reading  the  conâ
[14:04] <giovani>        tents of a file which contains the host name, e.g.  /etc/hostname).
[14:05] <AlexC_> giovani: yes, server was rebooted yesterday in fact. However, the output of 'hostname' did give cypher.openzula.org - it was only when doing 'hostname -f' it gave 'localhost'
[14:06] <giovani> ok, 'hostname' shouldn't be providing the FQDN
[14:07] <giovani> /etc/hostname should contain just the first section of the hostname (the machine-specific part)
[14:07] <giovani> then you can add an entry in /etc/hosts with both the FQDN, and the hostname
[14:09] <AlexC_> giovani: so /etc/hostname to be just 'cypher'?
=== roaksoax_ is now known as RoAkSoAx
[15:21] <tdn> How do I run a script everytime I boot the machine, after the network has been brought up. I have tried putting the script in /etc/network/if-up.d/, but appearently, this does not work. How do I solve this?
[15:24] <AlexC_> tdn: there is the special cron '@reboot' value, though I am not sure if that is genearlly considered bad practice to do so
[15:27] <tdn> AlexC_, how do I find out?
[15:27] <tdn> AlexC_, is reboot not on shutdown? I need to run it on start up.
[15:28] <AlexC_> tdn: man 5 crontab, scroll down "@reboot        Run once, at startup."
[15:29] <tdn> AlexC_, ok. How do I find out if it is bad practice?
[15:29] <AlexC_> ask people ;)
[15:29] <tdn> Ok :)
[15:29] <tdn> Here?
[15:33] <AlexC_> this is an asky place, so yeah I guess so
[15:40] <Boohbah> tdn: i would append it to /etc/rc.local
[15:41] <tdn> Boohbah, how? Just symlink the script in there? Do I need to do something else? _How do I make sure that it is run after network is up?
[15:42] <Boohbah> iirc /etc/rc.local runs last
[15:42] <Boohbah> tdn: not symlink, just call the script from there
[15:42] <tdn> Boohbah, /etc/rc.local is empty, so I just put it in there?
[15:42] <Boohbah> yup
[15:43] <tdn> Boohbah, ok. Thanks.
[15:50] <XiXaQ> several times now, when setting up a system with raid or lvm, the installation stops, complaining it can't find any cd-rom and that no repository has been configured. I'm using 9.04 i386. Does anyone know why? The cd-rom has been tested ok.
[15:52] <Boohbah> XiXaQ: probably the raid controller driver. what model is it?
[15:52] <XiXaQ> I'm using software raid.
[15:52] <Boohbah> oh
[15:55] <XiXaQ> however, when the partitions are setup and I reboot, the install finishes properly.
[16:08] <XiXaQ> oh, I think maybe my cd-rom drive is trying to tell me something.
[17:32] <madalin> hello. I really need help setting up a dhcp server and make my fresh installed ubuntu, a gateway..
=== mdz_ is now known as mdz
[18:11] <Meiki> Hi - could someone help me with an IP address issue that I'm having. Please look at http://pastebin.com/m575e62fd, I can bind public services to the first IP, but not to the others (*.87- onwards).
[18:20] <RoyK> heh - Meiki waited for three minutes before he left :)
[18:22] <Meiki> RoyK: huh
[18:24] <RoyK> [19:11]  <Meiki> Hi - could someone help me with an IP address issue that I'm having. Please look at http://pastebin.com/m575e62fd, I can bind public services to the first IP, but not to the others (*.87- onwards).
[18:24] <RoyK> [19:14]  * Meiki (i=568092bf@gateway/web/freenode/x-nylzhfnikmfuvzyp) has left #ubuntu-server
[18:24] <RoyK> how do you try to bind to those IPs?
[18:24] <RoyK> btw, the old eth0:x is not recommended anymore
[18:24] <sub> says who?
[18:25] <RoyK> rather use ip addr add 10.0.1.12/24 dev eth1
[18:25] <RoyK> or so
[18:25] <RoyK> sub: the new method has been around for a while
[18:26] <RoyK> well, it works, but I guess it'll be removed some day, since ip "aliasing" is something that were phased out close to 10 years ago
[18:27] <RoyK> Meiki: anyway - how do you try to bind to those IPs?
[18:27] <RoyK> it should work
[18:28] <sub> The application should have a bind address of 0.0.0.0 to bind on all interfaces and you should doublecheck to ensure that you don't have any firewall rules that could block traffic to those other IPs
[18:29] <RoyK> sub: possibly an application should bind to a specific ip
[18:30] <RoyK> if using apache, bind to all, and add the respective address in the virtualhost
[18:30] <RoyK> but if Meiki doesn't want to specify any details, he can't really get most help
[18:32] <sub> RoyK: Right about binding to a specific IP, depends on what the requirements are =) and I agree
[18:46] <ipauldev> I run Ubuntu 8.04 LTS Server. apt-get is painfully slow when downloading large files. It starts out fast and goes down to under 25B/sec. I've tried using apt-mirror to make my own local repo, it starts out downloading fast, but that too, starts to be Bytes/second if I "du" the directory and watch the size. I've used multiple mirrors with the same issue. I can start again fast, and it slows down. Connected via a DS-3
[18:47] <ipauldev> Also is happening with multiple installs of it... they
[18:48] <ipauldev> they're all running on the same box, vmware.. 64MB ram, 30 some GHz available
[18:48] <ipauldev> Any ideas?
[18:51] <PhotoJim> ipauldev: sounds like network issues.  just keep trying different mirrors.  or do a speed test to some other site that should be fast and see what performance you get.
[18:53] <ipauldev> yeah it doesn't happen anywhere else on the network with other instances, so I wonder if it's a vmware issue or the networking on the vmware cluster
[18:53] <ipauldev> thanks
[18:54] <PhotoJim> it could be, but that doesn't seem likely.
[19:24] <user1_>  have kubuntu 6.10 dgy. how can i upgrade it to the latest.(the option of uqgrade doesnot appear when i fetch updates in adept package manager)>
[19:24] <ipauldev> Yeah, it does it with a wget too, of a large iso. If it re-establishes the connection, The router shows throughput on the interface of 10,000 Mbps, the limit setup.. then after a 30 or 60 seconds it drops off into nothingness... Foobar! lol
[19:25] <ipauldev> user1_ I think an apt-get dist-upgrade might get you there.
[19:26] <user1_> ok
[19:26] <user1_> not working
[19:26] <user1_>  where are the files that contain the server address to download programs and updates by package manager or apt?
[19:26] <ipauldev> /etc/apt/sources.list
[19:27] <RoyK> user1_: do-release-upgrade
[19:28] <RoyK> user1_: you also may need to change /etc/update-manager/release-upgrades
[19:28] <RoyK> there you can set the upgrade policy
[19:30] <user1_>  what is the name of the lates kubuntu distro? may be i can toogle the name in sources.list with it at 'egdy'?
[19:38] <giovani> user1_: this is #ubuntu-server not #kubuntu
[19:48] <RoyK> user1_: read what I wrote above
[19:48] <RoyK> user1_: also, like giovani said, this channel is for server-specific questions, not general ubuntu stuff
[19:51] <ipauldev> FUI, I've got that local mirror running and things work fine using that, so my guess is that it's the router or the intrusion protection system blocking/slowing down the requests. I'll be looking at that with our netowrking/IPS team Monday. Thanks for the help.
[19:51] <ipauldev> YUI=FYI
[20:50] <DelphiWorld> hi
[20:59] <Tsapoc^> hello there ! Why does all the other computers on network have internet but my server doesn't? I can ssh to it (ip:192.168.2.3) but when i try to tell him to ping www.google.com it doesn't respond... Anyone have any ideas ?
[21:03] <giovani> Tsapoc^: likely to be misconfigured/non-configured DNS
[21:08] <Tsapoc^> yeap i figured that out just fixed it :)
[21:08] <Tsapoc^> but thanks m8 :)
[23:10] <Acs> hello
[23:10] <Acs> I just logged in to my ubuntu-server machine and got this
[23:10] <Acs> 3 packages can be updated.
[23:10] <Acs> 6 updates are security updates.
[23:10] <Acs> little strange
[23:11] <Acs> but how can I see wich packages can be updated?
[23:11] <jmarsden> sudo apt-get -s upgrade       will do a simulated upgrade
[23:11] <Acs> thanks
[23:11] <jmarsden> No problem.
[23:12] <Acs> but can you tell me why it says 3 packages can be updated and then tells me 6 are security updated
[23:12] <jmarsden> Not really... that text is from the landscape-sysinfo client, right?  If you run it directly     landscape-sysinfo     what does it say then?
[23:13] <Acs> just this
[23:13] <Acs> System load: 0.0 Swap usage: 0% Users logged in: 1
[23:13] <Acs> Usage of /: 0.7% of 226.26GB Temperature: 28 C
[23:13] <Acs> Memory usage: 11% Processes: 114
[23:13] <Acs> Graph this data and manage this system at https://landscape.canonical.com/
[23:13] <Acs> nothing related to the updates
[23:13] <jmarsden> so... where did the text about updates come from that you quoted earlier?
[23:14] <Acs> below the info of the landscape-sysinfo
[23:14] <Acs> but it only appeared when I logged in
[23:15] <Acs> not now when I ran the command
[23:15] <Acs> hhumm I ran the apt-get command
[23:15] <jmarsden> Then either something changed, or there is some other piece of software running at login displaying that information for you
[23:16] <Acs> the updates are for apache2 apache2-mpm-prefork apache2.2-common
[23:16] <Psi-Jack__> Hmm
[23:16] <jmarsden> Well, if appropriate you can do    sudo apt-get upgrade    to install those, and then see what happens when you log out and in again?
[23:16] <Psi-Jack__> ubuntu 9.04 Server doesn't have IPP2P MATCH support?
[23:17] <Psi-Jack__> The kernel that is.
[23:17] <Acs> jmarsden ok
[23:17] <Acs> I upgraded
[23:17] <Acs> but if I loggin again
[23:17] <Acs> nothing will be shown
[23:17] <jmarsden> Psi-Jack__: That might be in a module you need to load?
[23:17] <jmarsden> Acs: Then I'd say you are now up to date :)
[23:18] <Acs> jmarsden indeed :D
[23:18] <Psi-Jack__> jmarsden: Hmm, what would the module be named to load, then?
[23:19] <jmarsden> That's not something I have used, but there are a bucnh of modules related to IP and netfilter that start with ip or nf respectively...
[23:19] <Acs> jmarsden thanks again for the help
[23:19] <jmarsden> Acs: No problem.
[23:20] <jmarsden> Psi-Jack__: Look under /lib/modules/2.6.28-15-generic/kernel/net/ipv4/netfilter/ and see if anything likely is there?
[23:21] <Psi-Jack__> Well, according to a wordpress site, I'm seeing for Hardy at least, ipp2p match support has to be patched in, but I'm using 9.04
[23:22] <Psi-Jack__> But the wordpess articles' not in English, so hard to truely grasp what it's talking about. ;)
[23:23] <jmarsden> It may be the same for 9.04... you can always just apt-get install linux-source and see how it is configured.
[23:23]  * Psi-Jack__ nods.
[23:24] <Psi-Jack__> Heh, basically trying to figure out how to get shorewall to tc torrent traffic. ;)
[23:24] <Psi-Jack__> and ipp2p, is the suggested method.
[23:24] <Psi-Jack__> Otherwise, I won't know how I'd set the port stuff appropriately.
[23:24] <Psi-Jack__> don't*
[23:27] <jmarsden> Hmm, there is an xtables-addons source package that might be relevant, in Jaunty and Karmic.  But its only there as a source package, not binary package.
[23:28] <Psi-Jack__> Hmm, apt-cache search doesn't find that for me.
[23:28] <Psi-Jack__> !find xtables-addons
[23:28] <ubottu> Package/file xtables-addons does not exist in jaunty
[23:28] <jmarsden> Try   rmadison xtables-addons
[23:29] <Psi-Jack__> I don't have rmadison? heh
[23:30] <jmarsden> sudo apt-get install devscripts    will fix that.
[23:32] <Psi-Jack__> Gotcha. I'm seeing in in jaunty/universe as you said, as source only.
[23:32] <jmarsden> It has project pages on LP, too, at https://launchpad.net/ubuntu/+source/xtables-addons ... but I've not found online docs saying exactly what is in it...
[23:32] <Psi-Jack__> http://ubuntuforums.org/showthread.php?t=1221877
[23:33] <Psi-Jack__> This is one thing I found about ipp2p for jaunty.
[23:33] <Psi-Jack__> So far, everything''s leading to rolling a custom kernel.
[23:34] <jmarsden> That post grabs sources from all over the place... be *careful* if you follow that!
[23:34] <Psi-Jack__> Yeah, exactly my thoughts
[23:35] <Psi-Jack__> Does it look to appear to make a .deb package out of it all, to you, in the end?
[23:36] <jmarsden> I'd say either a custom kernel or at least a custom compiled kernel module, yes.  I wonder if that xtables-addons package will let you build this capability as a module?
[23:36] <jmarsden> No, it looks like the post builds a kernel module and loads it.  no package in sight.
[23:36] <jmarsden> Very 1990s :)
[23:36] <Psi-Jack__> Wait..
[23:36] <Psi-Jack__> But it uses make-kpgk
[23:37] <Psi-Jack__> Isn't that the ubuntu way to roll your own into .deb files?
[23:37] <ycy> is there a way to see very change in /var/log files? a sort of multi-tail of every file?
[23:37] <ycy> a sort of... cruise?
[23:37] <Psi-Jack__> ycy: Hmmm., sounds to me like you would benefit with rsyslog.
[23:38] <Psi-Jack__> ycy: With rsyslog, you could log into pgsql or mysql, and use phplogcon to view it.
[23:39] <Psi-Jack__> jmarsden: YIKES! This posting, links /usr/src/linux to /usr/src/linux-2.8.26
[23:39] <Psi-Jack__> Heh
[23:39]  * Psi-Jack__ scratches this off the list, quickly!
[23:40] <jmarsden> Psi-Jack__: Ah, yes, so he does make a custom kernel package... but then after that he removes iptables and copies a kernel module directly into the filesystem and loads it... it looks... "interesting"
[23:40] <Psi-Jack__> Hmmm
[23:40] <Psi-Jack__> I don't like that either, then. LOl
[23:41] <Psi-Jack__> So basically, for sure, getting ipp2p support is a chore.
[23:41] <Psi-Jack__> Prolly worth it if ya need it, but a chore, regardless.
[23:41] <jmarsden> ycy: sudo apt-get install multitail
[23:41] <jmarsden> Psi-Jack__: Looks that way.
[23:42] <Psi-Jack__> multitail? interesting.
[23:42] <jmarsden> http://www.vanheusden.com/multitail/
[23:43] <Psi-Jack__> Impressive. ;)
[23:43] <Psi-Jack__> I still like my phplogcon method though.
[23:43] <jmarsden> Yes... look at the example: http://www.vanheusden.com/multitail/images/sd/lotsofwindows.png
[23:43] <Psi-Jack__> That helped me determine my pgsql server box was having issues with acpi and the cooling fans.
[23:43] <Psi-Jack__> End result, I had to pretty much annoyingly disable acpi altogether, which is sad.
[23:44] <jmarsden> I had an HP server tell me "fan 4" was dead and rebooting... trouble was, there were only 3 fans in the thing... I think we just replaced the chassis :)
[23:44] <Psi-Jack__> Yep.
[23:45] <Psi-Jack__> Mine only had FAN, 1 fan, and it couldn't turn it on. Every 6 seconds.
[23:45] <Psi-Jack__> It thought the CPU needed to be -266 C
[23:45] <Psi-Jack__> And it was hellfire bent on making it happen. ;}
[23:45] <jmarsden> All that server hardware smarts is great when it works... but sometimes it just doesn't
[23:46] <Psi-Jack__> Yeah.
[23:46] <Psi-Jack__> I just can't see -266 C being a good thing for a CPU. ;}
[23:46] <jmarsden> Well, that's a few degrees above absolute zero... might be able to overclock it quite a bit :) :)
[23:46] <Psi-Jack__> I think it was the common problem that it used the 5-byte ACPI message codes, instead of the standardized 6-byte.
[23:47] <Psi-Jack__> And Linux to current date, I don't think has workaround stuff for that, where-as FreeBSD does.
[23:48] <Psi-Jack__> Anyway, I guess I'll try to tc torrent another way for now.
[23:49] <Psi-Jack__> Without ipp2p, just to see if it'll work.
[23:51] <Psi-Jack__> ERROR: SOURCE/DEST PORT(S) not allowed with PROTO all : /etc/shorewall/tcrules (line 15)
[23:51] <Psi-Jack__> Bleh
[23:52] <xenoterracide> I've got a command set to run in cron at  45 *  *   *   *
[23:52] <xenoterracide> when I run the command by hand it works
[23:52] <xenoterracide> however it doesn't seem to be running by cront
[23:52] <xenoterracide> cron*
[23:52] <xenoterracide> any idea's why?
[23:52] <Psi-Jack__> Blah! Even more blah!
[23:52] <jmarsden> PATH or environment variable differences, most likely.
[23:53] <xenoterracide> I used the full path to the command
[23:53] <Psi-Jack__> At least ubuntu, has shorewall 4.2.x, but gentoo, looking at my work servers, only has ebuilds up to 4.0, unmasked, 4.2 masked.
[23:53] <jmarsden> xenoterracide: what is the command in question?
[23:53] <xenoterracide> it's a custom backup script I wrote
[23:54] <xenoterracide>  /var/www/oblivionet.com/scripts/backup.sh < that's the path
[23:54] <jmarsden> Then check the #! line at the top, and that all paths within the script are full paths or in a PATH you set at the beginning of the script.
[23:54] <xenoterracide> #!/bin/bash
[23:55] <jmarsden> xenoterracide: You can also to  MAILTO=me@mydomain.com   in the crontab file before the line concerned and see if it sends you email about any errors...
[23:55] <xenoterracide> that cron is right to run every hour at the 45 minute mark right?
[23:55] <jmarsden> Looks right to me.
[23:57] <jmarsden> Test with   40 * * * * /bin/date
[23:57] <Psi-Jack__> Ayup. It's right.
[23:57] <jmarsden> and see if MAILTO=me@excample.com  mails you the date and time, so you know cron itself is working.
[23:59] <xenoterracide> ok I changed that to 0 and put the MAILTO at the top of the crontab for my user