[00:19] <pigflu> I want to install postfix with apt-get, but I want to do it in an unmanned script.   How do I get it to just use the "Internet Site" option and not require user input?
[00:21] <jtimberman> pigflu: you need to preseed the package.
[00:22] <jtimberman> http://wiki.debian.org/DebianInstaller/Preseed
[00:22] <lamont> jtimberman: and then he complains about it not being entirely preseedable... long painful story there.
[00:22] <pigflu> jtimberman: Thanks for the link
[00:22] <lamont> pigflu: the other option is to just create /etc/postfix/main.cf before doing the install, and then it'll choose to "not change the configuration"
[00:23] <pigflu> lamont: Ah, that works too
[00:23] <pigflu> I'll need to look into both options.
[00:23] <pigflu> Thanks!
[01:41] <djshotglass> hi
[01:41] <djshotglass> i just burned off ubuntu-9.04-server-i386 and booted it
[01:41] <djshotglass> it wont let me selected english, once the cd boots my keyboard lights go out
[01:41] <djshotglass> i have tried every keyboard in the house
[01:41] <djshotglass> they all work in bois untill cd boots
[01:42] <djshotglass> why does it not have the countdown that defaults to english like every other operating system on the planet?
[02:12] <qman__> if you have a USB keyboard, try changing the BIOS settings regarding that
[02:13] <qman__> if your keyboard doesn't work to select the language, it won't work to select "Install" either
[04:01] <f00f> hey guys
[04:02] <f00f>  ihave an install of apt-get while trying to update it stalled on me so i cntrl-z now it seems apt0get is currupted
[04:02] <f00f> i am completely stumped
[04:02] <f00f> can anyone help
[04:02] <f00f> i can paste messages etc for you if you need
[04:02] <f00f> i am getting E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem.
[04:02] <f00f> but when i type it
[04:02] <f00f> it just gets stuck at Setting up module-init-tools (3.3-pre11-4ubuntu5.8.04.1) ...
[04:03] <f00f> checking the log file
[04:03] <f00f> i see a whole bunch of these
[04:03] <f00f>  kernel: 4gb seg fixup, process klogd (pid 1541), cs:ip 73:006dbc6c
[04:03] <f00f> where process is syslogd klogd sshd
[04:03] <f00f> etc...
[04:05] <f00f> also ps shows: root      3434 21.4  0.0   4724  1676 pts/1    R+   20:03   0:12 /usr/bin/perl /usr/sbin/update-rc.d module-init-tools start 15 S .
[04:07] <f00f> anyone ?
[04:18] <ScottK> How long did you let it run?
[04:18] <f00f> around 8 mins
[04:19] <f00f> why do i keep getting these 4gb seg fixup, process nrpe (pid 14995), cs:ip 73:00192240 errors
[04:19] <f00f> nrpe is the nagios daemon
[04:19] <f00f> but that dreaded 4gb seg fixup error keeps coming
[04:19] <ScottK> Not sure about that.
[04:19] <f00f> and i have no cliue what it is
[04:19] <ScottK> Does Google know about it?
[04:20] <f00f> supposedly it's a kernel lib that runs atop xen architectures
[04:20] <f00f> yeah google says to install the xen lib
[04:20] <f00f> but i cant bc apt-get dpkg doesnt really work :-/
[04:21] <artillerytx> Hey guys i heard there was a way to download torrents remotely on a server
[04:22] <f00f> artificialexit: torr ... check out the torr network... if your not talking about that then be more specific
[04:23] <f00f> ScottK: any idea what these error messages are http://www.pastie.org/610529 ?
[04:24] <f00f> ScottK: also it's been running for over 5 mins now
[04:24] <f00f> USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
[04:24] <f00f> root      3434 21.3  0.0   4724  1676 pts/1    R+   20:03   4:17 /usr/bin/perl /usr/sbin/update-rc.d module-init-tools start 15 S .
[04:24] <f00f> root      3870  0.0  0.0   3636  1028 pts/0    R+   20:24   0:00 ps aur
[04:26] <ScottK> This isn't in a xen vm is it?
[04:27] <f00f> ScottK: yes it is on a amazon ec2 instance
[04:29] <ScottK> f00f: http://www.google.com/search?q=4gb+seg+fixup&ie=UTF-8&oe=UTF-8 may have some useful information.  I can't say for sure.
[04:32] <Alysum> hello - what does iU mean in dpkg -l pls?
[04:34] <f00f> Alysum: thats a list of your packages... iU is a simple package... google is your friend
[04:35] <Alysum> google was not my friend mate
[04:35] <Alysum> hence I asked here
[04:35] <f00f> ahh
[04:35] <f00f> i dunno
[04:36] <f00f> internet university
[04:38] <f00f> haha
[04:38] <f00f> jk
[04:38] <f00f> i dunno dude
[04:38] <f00f> did you use the dpkg utility
[04:38] <f00f> just do a dpkg -l iU
[04:39] <f00f> or just do a dpkg -p iU
[04:39] <f00f> easy
[04:55] <twb> Alysum: if you tried other resources (e.g. google), you should mention that in your initial question.  It shows that you are trying to help yourself.
[04:56] <twb> Alysum: iU in dpkg -l's output means that the package is installed and (IIRC) unconfigured.  The first few lines of dpkg -l's output should explain what each letter means.
[04:56] <twb> "Unpacked", not unconfigured.
[05:26] <Alysum> no
[05:26] <Alysum> iU is a state
[05:26] <Alysum> like ii etc...
[06:49] <error404notfound> is there a way i can log commands run by any user in a file, and if possible daily emailed to me and then deleted?
[06:59] <cef> well there is command history for the shell the user runs (eg: .bash_history in the users home dir), but it's not exactly infallible, or reliable. but it might be a start
[07:01] <cef> or you might be able to implement something using the auditd architecture to log them all, but then you'd want to filter stuff out as well for things like cron, certain apps and the like
[07:04] <cef> err apparmor even, but I doubt it would be useful, and if the machine is busy you'll have a LOT of logs to go thru
[07:07] <twb> There is really no way to do that kind of thorough, clandestine monitoring of a stock Linux system.
[07:08] <twb> You either need to give the user a VERY restricted environment, without the ability to perform arbitrary commands, and then wrap their entry point in a monitoring app -- or better, to insert something into the kernel that logs everything they do.
[10:55]  * soren lunches
[10:57] <twb> I suspect 349331 is not-a-bug.
[12:31] <maxagaz> hi
[12:32] <maxagaz> how to enable the connection to a machine in root mode ?
[12:37] <hjmf> maxagaz: from where_
[12:38] <maxagaz> hjmf, from my server
[12:39] <maxagaz> hjmf, i mean to connect as root in ssh to a server
[12:39] <alvin> 'PermitRootLogin yes' in /etc/ssh/sshd_config
[12:40] <hjmf> maxagaz: take a look to /etc/ssh/sshd_config
[12:40] <alvin> That is actually the default
[12:40] <ScottK> maxagaz: You probably don't want to do that though.
[12:40] <hjmf> maxagaz: and check PermitRootLogin yes
[12:41] <hjmf> and add root to AllowUsers
[12:41] <ScottK> On the off chance you actually do have a need for a true root account, it's better to ssh in as a non-priviledged user and su to root.
[12:41] <hjmf> maxagaz: also be sure that the root account is enabled and not just sudo
[12:41] <hjmf> I mean> root has a password
[12:42] <hjmf> maxagaz: finally an advice
[12:42] <hjmf> access the server via ssh keys
[12:42] <hjmf> and install some kind of denyhosts stuff
[12:43] <hjmf> maxagaz: I agree with ScottK
[12:43] <maxagaz> thanks for those advices
[12:43] <hjmf> OK
[12:59] <soren> kees, jdstrand, mdeslaur: Are any of you guys familiar with HOTP or TOTP?
[13:00] <mdeslaur> soren: no...first I have heard of it...interesting
[13:01] <soren> mdeslaur: It gets better..
[13:02] <zul> totp = top of the pops?
[13:02] <soren> mdeslaur: http://www.gemalto.com/products/ezio_time_token/
[13:02] <soren> http://onlinenoram.gemalto.com/Ezio-Time-Token-for-use-with/M/B002CRN5X8.htm
[13:03] <soren> $12.99 a piece beats the ¤#&!"#¤ out of RSA SecurID.
[13:03] <mdeslaur> yeah, and RSA's crappy algorithm
[13:03] <mdeslaur> wow
[13:04] <mdeslaur> it uses TOTP?
[13:05] <soren> Yes.
[13:05]  * mdeslaur is excited
[13:08] <soren> mdeslaur: I've not yet seen a pam-totp module, but I doubt it would be a huge task to make one.
[13:09] <domas> damn, no shipping outside US
[13:09] <soren> Yeah :(
[13:09]  * pmatulis is not surprised
[13:10] <domas> my dream is having own TOTP auth, federated via openid etc elsewhere
[13:10] <soren> The key generation code is also quite simple, so an android app to generate it wouldn't be a big task either.
[13:10] <domas> mm, good idea too :)
[13:10] <soren> pmatulis: About the shipping thing?
[13:10] <mdeslaur> soren: have you found a TOTP implementation somewhere?
[13:10] <soren> mdeslaur: The spec contains a reference implemention, IIRC.
[13:10]  * soren checks
[13:11] <mdeslaur> oh duh
[13:11] <mdeslaur> you're right
[13:11] <soren> TOTP is simple once you have HOTP, though. And HOTP certainly has a reference implementation in the spec.
[13:12] <soren> It would be soo awesome to ship these modules with Ubuntu and have Canonical sell branded tokens.
[13:12] <mdeslaur> interesting...some of the totp authors are from verisign...I wonder if the verisign token uses that
[13:14] <soren> Lots of folks are involved in OATH, apparantly.
[13:14] <soren> Perhaps I've been living under a rock, but I didn't know about it until earlier today.
[13:14] <soren> mdeslaur: Yup, that seems to be what verisign uses.
[13:15] <soren> "VeriSign Identity Protection service is an open standards platform that supports OATH-compliant, time-based OTP generation for user authentication"
[13:15] <mdeslaur> soren: me either...and..I used to make a living selling authentication devices and smart cards
[13:17] <soren> it
[13:18] <soren> It's funny how, when you know the secret keywords to google for, you can find lots and lots of manufacturers making these tokens.
[13:19] <mdeslaur> it's about time they standardize these things
[13:20] <soren> Indeed.
[13:24] <soren> smoser: I either disagree or do not understand your tagging bug 420635 with
[13:24] <soren> smoser: 'uec-images'
[13:25]  * soren continues to try to get used to his apostrophe being where it is..
[13:25] <smoser> soren, gone
[13:25] <soren> mdeslaur: So... When can I apt-get libpam-totp, you think? :)
[13:26] <smoser> soren, i just updated a bunch of bugs, sorry for being a human with limited focus on long page loads :)
[13:26] <soren> smoser: :)
[13:26] <smoser> thanks for noticing
[13:27] <soren> mdeslaur: Do USN's always have corresponding bugs on Launchpad?
[13:27] <mdeslaur> soren: no, not necessarily
[13:27] <soren> mdeslaur: If so, how can I look up the bug corresponding to, say, USN-819-1?
[13:28] <mdeslaur> soren: you can look up the CVE number, hold on...
[13:28] <mdeslaur> https://bugs.launchpad.net/bugs/cve/CVE-2009-2692
[13:30] <mdeslaur> soren: you can also look in the ubuntu cve tracker, we usually put bug links there: http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-2692.html
[13:30] <mdeslaur> die, bot, die die die
[13:32] <evert> i'm having a ubuntu 8.04 server, i'm wanting to get some virtual server on it (i prefer gentoo, but that doesn't matter). Is it possible to get any virtualization software (vbox?) working without having to reboot?
[13:45] <hjmf> evert: vmware i.e.
[13:46] <evert> will it work without the need of a reboot?
[13:46] <hjmf> evert: yes
[13:46] <blackxored> hello
[13:46] <evert> and is vbox possible without reboot too then?
[13:46] <evert> for some reason i'd like to use vbox instead of vmware :)
[13:46] <hjmf> evert: I guess so; kvm too
[13:47] <evert> ok, nice :)
[13:47] <hjmf> evert: You'll only need to reboot in case of installing a new kernel in your host
[13:52] <zul> soren: i have the hardy updated ec2 kernels built im just testing them out
[13:53] <soren> zul: Why isn't John doing this?
[13:53]  * soren seems to be asking that question a lot
[13:53] <zul> soren: because scott asked me to do that
[13:54] <soren> smoser: ^?
[13:54] <smoser> zul, i guess probably john should be doing that, yes.
[13:55] <zul> k
[14:00] <garymc> Hi guys, my flash in firefox is messing with the sound. I need to uninstall this verion (dont know how to do it) and i need to install the best version (Dont know which one that is?) im in Ubuntu Server 9,04
[14:01] <ScottK> garymc: Not if you're running Firefox you aren't (no X in ubuntu server)
[14:02] <garymc> sorry im using LTSP server im logged in through Thin client GUI
[14:02] <garymc> so am i still not using ubuntu server?
[14:03] <ScottK> OK
[14:03] <rtg> smoser, do you have time to try the Ubuntu ec2 kernel in my PPA ? https://edge.launchpad.net/~timg-tpi/+archive/ppa
[14:04] <ScottK> This still isn't a good channel for flash/firefox questions.
[14:04] <smoser> rtg, you have it built ? or you want me to build too
[14:05] <rtg> smoser, binaries await your pleasure
[14:05] <rtg> smoser, I don't know how to extract the right bits and pump them into the cloud.
[14:06] <rtg> I've just built a kernel with the 3.02 xen patch set according to the results that zul and jj came up with last friday
[14:06] <smoser> zul can help with that. i'm not exactly sure what you need to upload.
[14:07] <zul> i can get to it later this morning probably
[14:09] <smoser> zul, maybe preferable for you to just document what i need to do ?
[14:10] <zul> smoser: its already documented on the wiki
[14:12] <smoser> zul, the only thing i dont know is what goes at '<path of kernel>'
[14:12] <zul> the vmlinuz file
[14:13] <zul> maybe get jj to upload it and have him ask you to test it
[14:13] <smoser> i'll upload it.
[14:14] <smoser> zul, fyi, i have centos 5.0 dvds, they are sitting at http://smoser.brickies.net/iso/centos/5.0/
[14:14] <zul> how long did it take you to get them? ;)
[14:14] <smoser> but apparently the apache there has a 2gb file limit, so they dont show up and it wont give them to you
[14:15] <smoser> someone pushed them ftp for me from a fairly fat pipe, and then i copied.
[14:15] <smoser> i actually lost all peers sometime yesterday.
[14:15] <zul> heh
[14:15] <smoser> if you're interested in downloading, i can give you ftp access
[14:15] <zul> sure
[14:16] <rtg> smoser, I think I've plenty of space on zinc if you wanna store them there.
[14:18] <oly-> just been looking at logrotate file in /etc/logrotate.d/ i would like to know if you can tell it to work recursively through folders ?
[14:19] <oly-> ie scan /home/www/*/*.log type syntax, because each domain has its own log file in seperate folders
[14:19] <oly-> anyone know if this is possible ?
[14:19] <smoser> zinc ?
[14:19] <smoser> rtg, if you want to pull them to there, that might be useful
[14:20] <smoser> i can give you access.
[14:20] <rtg> smoser, well, I'm only gonna bother if its really useful 'cause it'll take awhile.
[14:20] <smoser> rtg, then dont bother
[14:21] <smoser> what is zinc?
[14:21] <rtg> smoser, kernel.ubuntu.com
[14:21] <smoser> ah. dont worry about it.
[14:25] <konza> hi all , telnet localhost 10024 is not working ... please help
[14:44] <hjmf> konza: what do you expect to find at 10024?
[14:45] <konza> hjmf, i am tryinig to install a mailserver... while following the instructions in ubuntu docs it was writen ther to telnet port 10024
[14:46] <hjmf> amavisd?
[14:46] <konza> hjmf,ya
[14:46] <hjmf> konza: what version of ubuntu are you using? and what docs are you following?
[14:47] <konza> ubuntu 9.04      https://help.ubuntu.com/community/PostfixAmavisNew
[14:48] <konza>  please see this                   http://paste.ubuntu.com/267946/
[14:48] <hjmf> konza: looking
[14:48] <konza> hjmf,  please see this                   http://paste.ubuntu.com/267946/
[14:49] <ScottK> konza: I'd check out https://help.ubuntu.com/9.04/serverguide/C/mail-filtering.html since it's the official docs.
[14:50] <ScottK> konza: Do what it says in your paste.
[14:50] <konza> ScottK, how to change that ......... when i run uname i get   'Linux'
[14:51] <ScottK> konza: Then set it in /etc/amavis/conf.d/05-node_id using your favorite editor.
[14:52] <hjmf> konza:  run hostname -f or use localhost
[14:52] <hjmf> as fqdn; it might work
[14:52] <konza> hjmf, hostname -f gives  KONASA
[14:53] <hjmf> but konasa doesn't include the domain part
[14:53] <hjmf> edit /etc/hosts
[14:53] <hjmf> with something 127.0.0.1 konasa.localdomain konasa
[14:53] <konza> hjmf, what should i do to include domain name
[14:54] <hjmf> if you are playing include whatever you want: ie localdomain or local.lan
[14:54] <hjmf> as long as you reflect it in /etc/hosts too
[14:54] <hjmf> I guess.
[14:55] <hjmf> I havent never configured amavisd, but should work
[14:55] <hjmf> I would use localhost.localdomain as fqdn
[14:55] <hjmf> and in etc/host I'd put
[14:56] <hjmf> 127.0.0.1 localhost.localdomain if it isn't already
[14:56] <konza> hjmf, http://paste.ubuntu.com/267953/
[14:57] <hjmf> konza: then add the domain part :-)
[14:57] <hjmf> man hosts
[15:00] <hjmf> konza: as I said before, localhost might work for amavisd conf.
[15:02] <konza> hjmf, can u pls make the necessary changes in /etc/hosts and paste it
[15:03] <hjmf> konza: leave etc/hosts as it is for the moment
[15:03] <konza> hjmf, k
[15:03] <hjmf> just configure amavis to use localhost as $myhostname
[15:04] <domas> is anyone from ubuntu security team here? :)
[15:04] <konza> k
[15:06] <konza> hjmf, http://paste.ubuntu.com/267961/
[15:06] <domas> mdeslaur: ping! :)
[15:07] <mdeslaur> domas: yes?
[15:07] <domas> mdeslaur: can I have private security inquiry with you?
[15:07] <hjmf> konza: please pastebin the amavis conf file
[15:07] <mdeslaur> domas: sure
[15:10] <konza> hjmf, http://paste.ubuntu.com/267964/
[15:11] <hjmf> konza: sorry, I meant the /etc/amavis/conf.d/50-user where you put the localhost setting
[15:13] <hjmf> konza: also pastebin the offending /etc/amavis/conf.d/05-node_id
[15:14] <konza> hjmf, problem solved
[15:14] <hjmf> konza: cool
[15:15] <konza> hjmf, thanks
[15:15] <konza> hjmf, thanks a lot.
[15:15] <hjmf> konza: you are wellcome
[15:16] <konza> hjmf, i just added $myhostname = "shyam.localhost.com"
[15:18] <hjmf> konza: you should use your real hostname and your real domain name or just localhost
[15:18] <hjmf> konza: per real hostame and real domain name it might be konasa.local.lan
[15:19] <konza> hjmf, so should i change  shyam.localhost.com to localhost
[15:19] <hjmf> konza: It would be better if it works
[15:19] <konza> k
[15:20] <konza> hjmf, its working
[15:21] <hjmf> konza: great!
[15:24] <bobo> Anyone have experience with AppArmor not allowing/complaining about read-access to '/usr/share/zoneinfo' when such access is clearly ( and redundantly ) allowed in the profile?
[15:30] <konza> hjmf, imap login failed...
[15:30] <konza> hj what to do
[15:31] <konza> hjmf, u there dude?
[15:32] <hjmf> konza: what are you using as imap server?
[15:32] <hjmf> konza: is it running?
[15:32] <konza> hjmf, courier
[15:32] <hjmf> konza: which is the error?
[15:32] <hjmf> you might want to check the logs at /var/log
[15:33] <bobo> konza: what are you using for auth backend? vpopmail? sql? pam?
[15:33] <konza> hjmf, i used the command    imap login shyam mypassword
[15:34] <konza> imap NO Login failed.
[15:34] <konza> bobo,  sql
[15:35] <bobo> what db?
[15:35] <konza> bobo, actually i didnt understand ur question
[15:36] <hjmf> konza: you should provide more info. Check if the process is running and the log info
[15:36] <konza> hjmf, how should i check it
[15:37] <hjmf> konza: I don't have experience with courier-imap I use dovecot in my servers
[15:37] <hjmf> konza: however there should be some files named courier or similar in /var/log
[15:37] <hjmf> konza: check them
[15:38] <bobo> courier has  ( or at least used to have ) an auth-daemon which could use various different back-ends for obtaining user-credentials.  Other parts of the courier mail system ( like the IMAP server ) would talk to the auth-daemon.  The Auth-daemon would check provided credentials against any store it was configured to use:  a sql-database ( mysql/pgsql ) or /etc/passwd or a vpopmail installation or others
[15:38] <hjmf> konza: also check if courier is running; ie ps aux | grep -i courier
[15:38] <smoser> soren, ping
[15:38] <hjmf> bobo: I'm sure that konza is vaildating against passwd
[15:39] <smoser> https://bugs.launchpad.net/ubuntu/+source/landscape-client/+bug/421707 or maybe zul, or kirkland or anyone.
[15:39] <smoser> am i doing the above "right" ? nominating that for release ?
[15:39]  * kirkland looks
[15:39] <soren> smoser: What's up?
[15:39] <smoser> ^^
[15:40] <smoser> funny. silly uvirtbot
[15:40]  * zul looks
[15:40] <smoser> i'm trying to mark that we need to fix landscape-client in those hardy and in intrepid (well, maybe not intrepid)
[15:40] <niemeyer> soren: So, the error is a bit weird.. when the admin interface on port 8443 comes up, the API on 8773 goes down
[15:40] <niemeyer> soren: Rings any bells?
[15:41] <zul> smoser: you should just be able to copy from the landscape ppa to the ubuntu-on-ec2 ppa
[15:42] <smoser> zul, yes. i'm just wondering about the "Nominated for Hardy"
[15:42] <kirkland> smoser: accepted
[15:42] <bobo> konza: check the logs as hjmf suggests, first ( courier logs , /var/log/auth ) ;  Worst case, if it is file-system based authentication you can stop the courier auth-daemon and restart it under 'strace -f' and look for the unsuccessful system call.
[15:42] <smoser> is that the right way to do this stuff ?
[15:42] <soren> niemeyer: Not off the top of my head.
[15:42] <kirkland> smoser: set the status/importance appropriate
[15:42] <soren> kirkland: Have you seen niemeyer's problem before?
[15:42] <kirkland> soren: niemeyer: hrm, no, i haven't
[15:43] <soren> niemeyer: Nothing of interest in the logs?
[15:44] <smoser> ok, now please reload that page.
[15:44] <niemeyer> soren: There are errors there, but nothing I can parse myself
[15:44] <soren> smoser: I just accepted the nominatoins.
[15:45] <smoser> what i'm trying to indicate in those tasks (under "landscape-client (Ubuntu)") is that karmic is "fixed" (no problem) .
[15:45] <soren> smoser: Actually, I wanted to just accept the Hardy one, but Launchpad accepted both when I clicked the button.
[15:45] <soren> smoser: In that case, it looks correct to me.
[15:46] <smoser> soren, do you think it should be fixed in intrepid ? (I'm actually not certain the bug exists there, my guess i sprobably not, but need to verify)
[15:47] <soren> smoser: I would say it's low/wishlish importance for Intrepid. If we suddenly have a lot of time on our hands, we can look at it.
[15:47] <smoser> and, given the indication that this is the new way to do things, i am going to get bug 420635 in line also
[15:47] <smoser> soren, i'll verify whether or not its present there really quick and just kill it as invalid if not
[15:48] <niemeyer> soren: I'll leave for a quick lunch and try to get hold of someone from Eucalyptus
[15:49] <soren> niemeyer: They're only just starting to turn up. They're on the US west coast.
[15:49] <smoser> soren, can you accept nomination for 420635 to hardy and intrepid
[15:49] <soren> bug 420635
[15:50] <soren> smoser: Done
[15:51] <mxzypltk> anyone have luck with installing latest e1000e intel drivers on 9.04?  readme states it cant be compiled and has to use modprobe.  Im able to make binary, assign ip, and ping but disappers with reboot...
[15:51]  * soren will be back later..
[15:53] <VirtualDisaster> mxzypltk: hmm ill test it tonigt
[15:55] <mxzypltk> thx.  Using it as a wshark capture card for netflow box and it starting to frustrate me a bit!
[16:00] <smoser> soren, please accept nominations for bug 308530
[16:06] <bobo> Is anyone using AppArmor on Ubuntu?  Is there a better channel for AppArmor stuff?
[16:07] <jdstrand> bobo: virtually everyone is using apparmor on Ubuntu-- it is installed by default and several applications have default profiles
[16:07] <jdstrand> (in other words, you have to turn it off to not use it)
[16:08] <bobo> No one has run into my /usr/share/zoneinfo problem?
[16:09] <jdstrand> bobo: what problem? what profile? paste your profile and dmesg output somewhere
[16:10] <bobo> somewhere NOT in this irc?  I am unfamiliar with the basic conventions and courtesies of IRC.
[16:11] <jdstrand> bobo: http://paste.ubuntu.com/
[16:11] <jdstrand> bobo: also paste the output of aa-status
[16:13] <smoser> kirkland, can you accept nominations for bug 308530
[16:13] <smoser> jdstrand, sometime today, when you have a minute can we talk ?
[16:15] <jdstrand> smoser: absolutely
[16:15] <smoser> whenever you've got a minute or 15 or 20
[16:15] <jdstrand> smoser: right, let me ping you
[16:15] <smoser> k
[16:16] <bobo> jdstrand:  http://paste.ubuntu.com/267993/  ( re: AppArmor )
[16:17] <clusty> hey
[16:17] <clusty> got a small problem
[16:17] <jdstrand> bobo: you have access to all files under /usr/share/zoneinfo, but not /usr/share/zoneinfo itself
[16:17] <clusty> i got 10 machines that are accessing the same NFS resource and the clocks are all screwy
[16:17] <clusty> or at least make complains
[16:17] <jdstrand> bobo: add '/usr/share/zoneinfo/ r,'
[16:17] <bobo> thanks
[16:18] <clusty> do i need to make some machine a NTP server?
[16:18] <clusty> and all other machines conect to it?
[16:18] <jmarsden> clusty: If they have Internet connectivity you could just make all of them NTP clients, no need for your own NTP server.
[16:19] <clusty> jmarsden, ok. they are connected to net
[16:19] <bobo> It would be kinder to upstream time-servers to maintain your own master
[16:19] <jmarsden> If it was 100 machines you should definitely have your own server, but for 10 it's up to you.
[16:19] <clusty> jmarsden, is there some service i can install to regularilly fix times?
[16:19] <clusty> jmarsden, or it's a job for cron?
[16:19] <VirtualDisaster> just use router as NTP server
[16:19] <VirtualDisaster> thats what i do, pfsense as router/ntp etc
[16:19] <VirtualDisaster> dns if need be
[16:20] <jmarsden> clusty: sudo apt-get install ntp
[16:20] <jmarsden> It that service is running it will keep the machines time in sync for you.
[16:20] <clusty> jmarsden, awesme. thanks
[16:21] <jmarsden> You can check to see that it is working (after a few minutes for the time sync to happen) using ntpq -p which shows what NTP sever(s) your machine is talking to and whoch one it is synced to.
[16:23] <the-dude> whats a good place to ask something about dh_make?
[16:24] <jmarsden> #ubuntu-motu , if you are creating packages for Ubuntu.
[16:24] <clusty> jmarsden, is the list of servers changing dynamically?
[16:24] <the-dude> jmarsden: thx :)
[16:25] <jmarsden> clusty: No, see /etc/ntp.conf you can set them in there.
[16:25] <jmarsden> But for "good enough for NFS" the default will be fine.
[16:26] <jmarsden> the-dude: No problem.
[16:28] <clusty> jmarsden, offset is the time offset in seconds?
[16:35] <konza> hjmf, hi... there was some problem with my net connection... srry......
[16:37] <hjmf> konza: then, It is working now?
[16:41] <konza> hjmf, nope
[16:52] <Techtronic> hello , how to reinstall nagios ?
[16:52] <nijaba> jdstrand: hello.  Just read your apparmor addition to karmic's tech overview.  great stuff.  Just one question: what do you mean by "transistion" in the sentence "AppArmor also now supports 'pux' which, when specified, means a process can transition to an existing profile if one exists or simply run unconfined if one does not."?
[16:53] <nijaba> Techtronic: sudo apt-get install nagios?
[16:53] <VirtualDisaster> reinstall or reconfigure?
[16:54] <the-dude> or sudo apt-get install --reinstall nagios
[16:54] <Techtronic> nijaba 1min
[16:54] <Techtronic> Not replacing deleted config file /etc/nagios3/conf.d/host-gateway_nagios3.cfg include file /etc/nagios3/apache2.conf does not exist! E: Sub-process /usr/bin/dpkg returned an error code (1)
[16:56] <Techtronic> Not replacing deleted config file /etc/nagios-plugins/config/disk.cfg .... howto fix this ?
[16:56] <jdstrand> nijaba: if a process is confined by a profile (eg, firefox), and it needs to execute another process, that is a transition
[16:57] <Techtronic> Errors were encountered while processing: nagios3-common , nagios3
[16:58] <thk> installing hardy on server and want to preserve /home on lvm volume; will the install reformat these?
[16:59] <nijaba> jdstrand: ok.  so in other word, pux would be used to have firefox ask the system "hey, please execute this with its own profile if it has one, otherwise without?"
[16:59] <kaushal> hi
[16:59] <jdstrand> nijaba: so, if firefox needs to launch evince, it must either transition out of confinement (ux) for the forked process, or transition into a new profile for the forked process (px)
[16:59] <kaushal> i want to set ulimit for nofile to 32000 for a particular user, it doesnot allow me on ubuntu 8.04 . is there a specific reason ?
[16:59] <jdstrand> nijaba: exactly
[16:59] <kaushal> I have set it in limits.conf file
[16:59] <nijaba> jdstrand: ok, thanks a lot
[16:59] <jdstrand> nijaba: before, you couldn't do that
[16:59] <nijaba> jdstrand: I guess :)
[17:00] <jdstrand> nijaba: before, you could only specify 'ux' or 'px', but 'px' wasn't practical because if the profile didn't exist and you tried to transition to it, the fork would fail
[17:01] <konza> hjmf, when loging , we should type the username and passwd of my account in linux rite?
[17:03] <niemeyer> Hmm.. I'm having some issues with defunct bash processes (child of ssh) and CTRL-* keys not working on the terminal after upgrading to Karmic
[17:03] <konza> anyone knows to login to imap using telnet.............. plsssssssss help
[17:03] <niemeyer> Has anyone faced something similar?
[17:03] <jdstrand> niemeyer: known bug...
[17:03] <niemeyer> jdstrand: Oh, woohay
[17:03]  * jdstrand goes to get it
[17:04] <jdstrand> bug #407428
[17:04] <bobo> konza: telnet <imaphost> 143
[17:04] <niemeyer> jdstrand: Thanks!
[17:04] <jdstrand> niemeyer: sure! :)
[17:05] <bdmurray> kirkland: where does bug 426272 belong?
[17:05] <konza> bobo, how to login after this?
[17:06] <bobo> dunno ; I am not sure that IMAP is human friendly.  Can you login via POP3?
[17:07] <kirkland> bdmurray: looking
[17:07] <konza> bobo, nope... i am using courier-imap
[17:07] <kaushal> checking in again for my query ?
[17:07] <konza> VirtualDisaster,  u there dude?
[17:08] <VirtualDisaster> yeah sec
[17:08] <bobo> Courier does pop3 as well.  If you can't login in with POP3 either, you know something you don't know now.
[17:08] <konza> VirtualDisaster, after connecting to imap server how should i login........?
[17:10] <kirkland> bdmurray: ecryptfs-utils is fine to start
[17:10] <kirkland> bdmurray: i'll update it
[17:10] <VirtualDisaster> depends on what/how you want to accomplish that
[17:11] <konza> VirtualDisaster, i used the login command but its not working
[17:12] <bdmurray> kirkland: cool thanks!
[17:13] <VirtualDisaster> konza: sec cat busted nose
[17:18] <Techtronic> pleas help http://pastebin.com/m3c2d1307
[17:18] <kaushal> checking in again for my query
[17:18] <kaushal> ?
[17:20] <KillMeNow> a Nagios question...  not my cup of tea...  i like Zenoss better
[17:22] <Techtronic> who is better ? Zenoss or nagios
[17:22] <KillMeNow> Zenoss IMHO
[17:22]  * KillMeNow waits for the flames to start
[17:27] <Techtronic> looks great , thanks
[17:29] <kaushal> AppArmor is an alternative of selinux in Ubuntu Hardy ?
[17:30] <jdstrand> kaushal: it is the default MAC system for Ubuntu, yes. See http://wiki.ubuntu.com/AppArmor for details and links to docs
[17:31] <kaushal> jdstrand: how can i disable it ?
[17:31] <KillMeNow> gah!  i've never gotten apparmor to work properly
[17:31] <kaushal> sudo /etc/init.d/apparmor kill <enter>
[17:31] <kaushal> sudo update-rc.d -f apparmor remove <enter>
[17:31] <kaushal> ?
[17:31] <jdstrand> kaushal: are you having trouble with a profile?
[17:31] <kaushal> nope
[17:32] <jdstrand> kaushal: do you want to use selinux or no MAC?
[17:32] <kaushal> I am having issue with ulimit for a particular user ?
[17:33] <kaushal> I have set ulimit for a particular user to 32000 and set it in limits.conf
[17:33] <jdstrand> kaushal: that is doubtfully an apparmor problem. to temporarily see if it is a problem, 'sudo /etc/init.d/apparmor stop'
[17:33] <kaushal> ok
[17:33] <jdstrand> s/is a/is the/
[17:33] <kaushal> sure
[17:33] <jdstrand> kaushal: apparmor will complain in /var/log/kern.log if it was the problem
[17:34] <jdstrand> kaushal: see https://wiki.ubuntu.com/DebuggingApparmor for details
[17:34] <kaushal> jdstrand: it isnt there
[17:34] <jdstrand> kaushal: what isn't there?
[17:35] <kaushal> I mean apparmor script is not present under /etc/init.d
[17:35] <jdstrand> kaushal: what does 'sudo aa-status' say?
[17:36] <kaushal> that program is not there
[17:36] <jdstrand> kaushal: do you have a /sys/kernel/security/apparmor directory?
[17:37] <kaushal> apparmor directory isnt there
[17:37] <kaushal> jdstrand: what could be the issue of ulimit ?
[17:37] <jdstrand> kaushal: then apparmor isn't installed (and definitely not the problem ;)
[17:37] <kaushal> yeah
[17:37] <kaushal> I believe so
[17:38] <kaushal> jdstrand: what could be the issue of ulimit ?
[17:39] <jdstrand> I'm not sure
[17:42] <Daviey> mathiaz: When you get a moment, can you lookover Bug #426919
[17:54] <smoser> landscape-client as a ppa in ubunt-on-ec2 seems to make reasonable sense for hardy given it wasn't packaged.
[17:54] <smoser> i was confused by existance of http://packages.ubuntu.com/hardy/landscape-client
[17:54] <smoser> zul,
[17:55] <zul> smoser: okies..
[17:55] <smoser> i'll wait for soren to weigh in, but how common / difficult is it to get a new package for a stable release ?
[17:59] <zul> depends on the package but I dont think it would be a big issue you might want to talk to the landscape guys
[18:12] <mathiaz> jdstrand: hi
[18:13] <mathiaz> jdstrand: could you have a quick a look at the stock reply I've added to https://wiki.ubuntu.com/DebuggingMySQL to cover the case where mysqld apparmor hasn't been updated correclty
[18:13] <mathiaz> jdstrand: ?
[18:13] <jdstrand> ok
[18:15] <jdstrand> mathiaz: I might reference https://wiki.ubuntu.com/DebuggingApparmor#Debugging%20procedure specifically
[18:15] <mathiaz> jdstrand: ok - I'll update the wiki page
[18:15] <jdstrand> cool
[18:16] <mathiaz> jdstrand: I'm adding more information about debugging mysqld and reading the log file
[18:16] <niemeyer> soren: nurmi helped solving the issue
[18:16] <jdstrand> mathiaz: I might also say that they really only need to send audit messages from kern.log
[18:17] <smoser> mathiaz, ttx, zul kirkland soren http://www.bizjournals.com/stlouis/stories/2009/04/06/daily40.html
[18:17] <mathiaz> jdstrand: are you refering to the first stock reply?
[18:17] <zul> smoser: thats alot of pi
[18:18] <niemeyer> soren: Somehow there was an old /usr/share/eucalyptus/eucalyptus-commons-ext-0.4.jar from an old package, even though the file was being claimed by the newer libeucalyptus-commons-ext-java 0.4.2-0ubuntu1
[18:18] <jdstrand> mathiaz: yeah. somthing like the output of "egrep 'audit\(|apparmor|selinux|security' /var/log/kern.log"
[18:18] <jdstrand> mathiaz: you can drop the selinux part, but may want to keep it just in case
[18:18] <mathiaz> jdstrand: ok
[18:18] <niemeyer> soren: This was solved by
 apt-get purge `apt-cache search eucalyptus | awk '{print $1}'`
 rm -rf /etc/eucalyptus /var/lib/eucalyptus /var/log/eucalyptus /usr/share/eucalyptus
 apt-get install eucalyptus-cloud
[18:18] <jdstrand> mathiaz: that is taken from apport hooks that grab the stuff automatically
[18:19] <mathiaz> jdstrand: apport hooks from with package?
[18:19] <jdstrand> mathiaz: several actually. I grabbed the regex from evince
[18:20] <jdstrand> mathiaz: /usr/share/apport/package-hooks/source_apparmor.py should have some good stuff in it
[18:20] <mathiaz> jdstrand: ok - I've used a different approach for adding audit messages in the mysql apport hooks
[18:22] <kirkland> mathiaz: if the american taxpayer is funding the delivery of pizza from St Louis to Washington DC, my opinion of obama will be even lower than it already is
[18:28] <pmatulis> kirkland: wrong channel?  :)
[18:29] <kirkland> pmatulis: sorry, yes, you're right
[18:29]  * kirkland apologizes for going political :-)
[18:29] <kirkland> pmatulis: that was for smoser's link
[18:29] <pmatulis> kirkland: ah
[18:30] <kirkland> pmatulis: we ate at that pizza joint last week in St. Louis
[18:30] <smoser> kirkland, i wondered who paid for the 2 pizzas and "delivery"
[18:30] <smoser> what do you tip on that ?
[18:31] <kirkland> smoser: taking this to PM, as I don't want to get too political in #ubuntu-server :-)
[18:31] <smoser> :)
[18:32] <kaushal> hi
[18:32] <kaushal> is there a way to find if any updates are available for a package
[18:32] <kaushal> ?
[18:32] <kaushal> For example autossh
[18:32] <pmatulis> kaushal: apt-cache policy autossh
[18:33] <pmatulis> kaushal: after an 'apt-get update'
[18:40] <SirMontu> Hey guys, I just installed Ubuntu Server 8.10 and I'm trying to figure out how to install this Linksys nic, anyone have any directions or a link i could get?
[18:40] <kaushal> jdstrand: hi again
[18:40] <kaushal> i got a reply from the mailing list
[18:40] <kaushal> Are you calling pam_limits.so somewhere in your PAM stack?
[18:40] <kaushal> please help me understand this ?
[18:41] <kaushal> for the ulimit issue
[18:43] <jdstrand> kaushal: I am not a pam_limits.so expert, but they are referring to files in /etc/pam.d. probably most specifically /etc/pam.d/common-*
[19:14] <J_P> hi all
[19:14] <J_P> are there a problem with sources.list of jaunty?
[19:14] <J_P> here is very very slow or stop..
[19:14] <J_P> a apt-get update
[19:14] <J_P> or apt-get dist-upgrade
[19:14] <J_P> anyone know what is the problem?
[19:15] <KillMeNow> haven't heard of any issue
[19:15] <Pici> J_P: It may just be the mirror you are hitting, I've not seen or heard of any issues today.
[19:15] <henkjan> J_P: you can try another mirror
[19:16] <J_P> henkjan: humm, what are the list of mirrors?
[19:16] <the-dude> or change country mirror
[19:16] <henkjan> https://wiki.ubuntu.com/Mirrors
[19:17] <J_P> the-dude: henkjan ok
[19:17] <henkjan> J_P: https://launchpad.net/ubuntu/+archivemirrors
[19:17] <henkjan> on the last one from launchpad you can check if the mirror is up2date
[19:18] <henkjan> of course, the best one to use is nl.archive :)
[19:18] <J_P> I change country mirror and works
[19:21] <toehio> is there a package that contains everything necessary to turn ubuntu-server into ubuntu-desktop (Gnome + all other desktop apps)?
[19:21] <henkjan> toehio: apt-get install ubuntu-desktop
[19:22] <toehio> henkjan: thank you!
[19:22] <toehio> is there something similar for xfce?
[19:23] <toehio> xubuntu-desktop :)
[19:23] <henkjan> toehio: thats right
[19:24] <toehio> So simple. I love it :)
[19:51] <pan12345> http://www.thaiadpoint.com/tap8.1/bin/redir.php?p=2042&l=1357&u_id=363435
[19:53] <zul> smoser: you might want to add a section about removing images with big fat security holes
[19:54] <smoser> hm... doesn't that seem rude ?
[19:54] <pan12345> http://www.thaiadpoint.com/tap8.1/bin/redir.php?p=2042&l=1357&u_id=363435
[20:00] <zul> smoser: it might but better safer than sorry
[20:00] <zul> im pretty sure rhel does it
[20:02] <zul> just thought I would bring it up
[20:03] <smoser> i'm not aware of any software release that actively destroys old release media
[20:04] <smoser> ie, fedora doesn't remove install isos because they have security flaws, nor does ubuntu
[20:05] <kees> smoser: nothing what was in release is removed, but anything between release and current -security or -updates is removed (though not the source)
[20:06] <smoser> hm... i didn't realize that.
[20:26] <borior> hi all, I'm running ubuntu-server 9.04 and am trying to get a xen-compatible kernel up and running. where can I find the default server kernel config? no /proc/config.gz... =(
[20:30] <borior> oh, *duh*. /boot.... sorry for not looking there first!
[20:31] <giovani> heh
[20:31] <giovani> that's where they always are ...
[20:32] <zul> kees: but didnt we release new isos when that ssh key vuln was found?
[20:33] <kees> zul: correct.
[20:33] <kees> zul: er, actually, I can't remember now
[20:33] <soren> kees: Had you heard of TOTP and/or HOTP before?
[20:34] <zul> kees, smoser: maybe have something like ec2-init check the ami id against a blacklist of amis  you are running and print out a big fat warning when the user login
[20:35] <kees> soren: hadn't, no
[20:35] <soren> kees: Alright.
[20:54] <ruben23> hi
[20:55] <ruben23> how do i completely stop an application running form my ubuntu server- even when the server is restarted....
[20:55] <soren> ruben23: What's the application?
[20:55] <ruben23> the application will not still run
[20:55] <ruben23> like mysql and apache
[20:56] <ruben23> that two application..
[20:56] <soren> Eh? Are you trying to start or stop it?
[20:56] <ruben23> i mean completely disable
[20:56] <ruben23> the two service
[20:57] <ruben23> anyone have idea...?
[21:00] <ruben23> anyone...?
[21:02] <soren> I don't understand your question.
[21:02] <domas> update-rc.d
[21:02] <zoopster> ruben23: use update-rc.d to remove it
[21:02] <soren> Are we talking about apache and mysql or something *like* apache and mysql?
[21:02] <soren> And are you trying to start it or stop it?
[21:03] <ruben23> zoopster: how do i execute it..
[21:03] <ruben23> yes--i said stop it
[22:05] <qman__> kees, yeah, new ISOs were built shortly after the SSH key vulnerability
[22:05] <qman__> it was 6.06.1 IIRC
[22:09] <George1> Hi Guys, basic question about Ubuntu server 9 running the cloud software. If I add a virtual machine into the cloud is that then running on a single server or does it run over multiple servers within the cloud?
[22:09] <George1> Assuming  I had say 2 servers in my cloud config.
[22:11] <KillMeNow> no idear
[22:15] <guntbert> I wanted to know to which package "man" belongs, apt-file search "/usr/bin/man" gives several results but *nothing* for man itself - whats the trick?
[22:17] <dmacnutt> /usr/bin/man
[22:18] <guntbert> dmacnutt: ??
[22:18] <dmacnutt> probably part of base-files
[22:19] <dmacnutt> maybe doc-base
[22:21] <guntbert> dmacnutt: let me test some ideas
[22:23] <dmacnutt> nevermind it's called "man"
[22:37] <kees> qman__: dapper wasn't affected :)
[22:39] <guntbert> dmacnutt: do me a favor - please try dpkg -S man | grep bin/man on your system - that *should* give /usr/bin/man and a few more...
[22:46] <jdstrand> guntbert: dpkg -S /usr/bin/man
[22:47] <jdstrand> man-db: /usr/bin/man
[22:48]  * soren is getting annoyed.
[22:48] <soren> Can some please calculate the HMAC_SHA1 with key "12345678901234567890" and data 0 (ASCII 0, not '0')? I have a document that says it should yield one value, but I'm getting another.
[22:48] <qman__> kees, ah, my bad, but I do distinctly remember a new build right after the vulnerability
[22:53] <guntbert> jdstrand: strange here I get ...not found but  man-db is installed
[22:53] <jdstrand> guntbert: what version of Ubuntu?
[22:54] <guntbert> 9.04 server
[22:54] <jdstrand> $ ls -l /usr/bin/man
[22:54] <jdstrand> lrwxrwxrwx 1 root root 17 2009-04-24 18:03 /usr/bin/man -> ../lib/man-db/man
[22:55] <jdstrand> dpkg -S /usr/lib/man-db/man
[22:55] <jdstrand> man-db: /usr/lib/man-db/man
[22:55] <jdstrand> guntbert: ^
[22:55]  * soren headdesks
[22:55] <soren> Never mind about that HMAC.
[22:56] <guntbert> jdstrand: ok, thx - I finally understand - silly me
[22:56]  * soren kicks himself and learns the difference between bits and bytes
[22:57] <guntbert> soren: 8bits are .... uuhhmm what? ;-)
[23:01] <KillMeNow> but what about nibbles guntbert??
[23:01] <ScottK> guntbert: two nibbles.
[23:01] <guntbert> KillMeNow: oh you naughty boy ;-)
[23:04] <KillMeNow> LOL
[23:04]  * KillMeNow likes nibbles
[23:05] <soren> guntbert: Something very different from 8 bytes. I know that much.
[23:05] <soren> Now.
[23:07] <guntbert> soren: don't worry, I hear those sentences rather often (as in "an IPv4 address consists of 4 bit" :-))
[23:10] <soren> mdeslaur: In other news, in case you're interested, I have a HOTP key generator in Python now.
[23:12] <mdeslaur> soren: oh, cool :)
[23:13] <mdeslaur> soren: so, besides adding time drift handling...is there anything missing to make a validator?
[23:13] <mdeslaur> soren: did you order a token?
[23:14] <soren> mdeslaur: Yeah, there are a few things like throttling, resynchronisation (in case someone accidentally generates a stack of keys that are never used..)
[23:14] <soren> mdeslaur: I'm also not US based, so no.
[23:15] <mdeslaur> I thought it was time-based...it needs resynchronisation?
[23:15] <mdeslaur> oh! HOTP!
[23:15] <mdeslaur> I thought TOTP
[23:16] <soren> mdeslaur: That's next.
[23:16] <mdeslaur> sweet :)
[23:18]  * soren is enjoying having written unit tests for this.
[23:20] <kees> qman__: yeah
[23:24]  * soren calls it a day
[23:55] <JanC> guntbert: 8 bits = 1 octet (I'm also not sure if 1 byte could not be 1 bit; is a 1-bit computer architecture possible? ;) )
[23:58] <guntbert> JanC: lets not split hairs - I'm content if the general difference is understood (as "there are 10 kinds of people, those who understand binary and those who don't")