[02:03] <PC_Nerd1011> Hi - I had a server installation setup to my laptop (crossover), and my laptop wirelessly to the internet, then bridged the connections....  such that I statically set the sever to 192.168.0.7...   I've since placed it in a seperate subnet, and while the /etc/resolv.conf file states its statically 192.168.1.2, pinging and dns/dhcp works to it... but a nslookup <hostname> of that server resolves to its old IP address...   how c
[03:42] <PC_Nerd101> Is there any way to test that apt connections are definately connecting to the proxy as specified in /etc/apt/apt.conf.d/01proxy ?...  I have abox running apt-cacher, but I want to make sure that if that box is for whatever reason unavailable, that the updates will fail instead of defaulting to the direct updates....
[03:47] <pmatulis> PC_Nerd101: sniff the wire while an apt operation is in progress
[03:54] <PC_Nerd101> hmm ok -   what program would you recomend for packet sniffing?
[04:00] <JanC> PC_Nerd101: tcpdump, wireshark, ...
[04:32] <PC_Nerd101> JanC: Thanks :)
[05:04] <PC_Nerd1011> Should apt-cacher include the headers, eg if I disconnect fromteh internet after running a proxied/cached "aptitude update" - should the next machine be able to get the package information from teh cache without having to send any packets at all to teh internet?
[07:05] <PC_Nerd1011> Hi - is there a specific tool recomended for execution of commands over multiple ssh connections, similar to tentakel as written about at  http://tinyurl.com/tentakel-tutorial ?
[07:29] <erichammond> PC_Nerd1011: I'm not sure what's recommended, but I occasionally use clusterssh for interactive control of multiple hosts.  You might also check out dsh.
[07:44] <PC_Nerd1011> erichammond: Thanks, I'll look into it :)
[08:27] <jerico> What do you guys think. ext3 or ext4 for a home server?
[08:29] <Jeeves_> ext4
[08:29] <Jeeves_> faster
[08:29] <Jeeves_> and less clueless progs that don't use the fs correct
[08:34] <jerico> If I was going to setup a partition for only 700MB files should I use standard, largefile, or largefile4
[08:34] <Jeeves_> I don't think that it matters much
[08:35] <jerico> alright, thanks Jeeves
[08:38] <Jeeves_> np!
[10:33] <PC_Nerd1011> What is the best method to image a server installation ( almost duplicate hardware), but to be able to change things like the hostname upon writing the image for each copy ?
[10:35] <_ruben> i tend to go for unintended (preseeded) installs instead
[10:36] <_ruben> doing a systemwide find/replace on the hostname is quite doable as well .. it kinda boils down to how much customization you want/need
[10:39] <PC_Nerd1011> not much - all it requires is to copy the /etc/apt/apt.conf.d/01proxy, authorised ssh keys for a specific user ( which will be the one user on each machine), and the /etc/resolv.conf /etc/hosts and /etc/network/interfaces files - thats it
[10:42] <PC_Nerd1011> ultimately - I'd like to look at doing a diskless boot from an image, and simply have each physical machine have their static hostname... is that possible?
[10:44] <_ruben> not if there's more customization needed than just the hostname (like diff ssh keys) .. perhaps ltsp is more suited for this ?
[10:44] <_ruben> !ltsp
[10:48] <PC_Nerd1011> hmm, I'm farely sure I want the seperate machines, copied images with static hostnames...  its for a custom server app...   think "blade servers with dynamic resource allocation" - but through software not hardware, and therefore based on hostname
[10:50] <_ruben> ah
[11:26] <PC_Nerd1011> The main thing is that when its installing packages ( eg openssh-server) upon installation, I want it to be using the apt-cacher's proxy setting ....   is there a way to interupt the server's live cd installation in order to add this proxy setting ?
[11:32] <_ruben> if apt-cacher acts as a "normal" proxy, you should be able to specify that during install time just fine
[11:32] <_ruben> could even preseed it
[11:32] <_ruben> i never used apt-cacher or similar, i have a full local mirror (using debmirror, planning to move to plain rsync)
[11:48] <PC_Nerd1011> Hmm ok - well I"ll have a good read through all the documentation on preseeding etc and decide on teh best method
[11:48] <PC_Nerd1011> thanks :)
[11:48] <_ruben> preseeding + local mirror = install "simple" machines in just a few minutes
[11:49] <_ruben> simple meaning not a lot of (big) packages
[11:54] <PC_Nerd1011> hmm - I just dont want to have a massive repository mirror that I will rarely/never use. ( ++ the storage required_
[11:55] <PC_Nerd1011> btw - I've just managed to have only one account, root password not setup and then I've made a mistake in /etc/sudoers - meaning I cant sudo nano /etc/sudoers to fix it...   is there a factory restore for sudoers ?
[11:58] <_ruben> boot into single user recovery mode, you'll be root, fix /etc/sudoers
[12:00] <PC_Nerd1011> thats a grub boot menu option isnt it ?
[12:02] <_ruben> yeah
[14:19] <erichammond> Is there a PPA with the latest ec2-api-tools package version available?  The one on Karmic does not support registering EBS boot AMIs.
[14:48] <erichammond> Looks like smoser's will do: https://launchpad.net/~smoser/+archive/ppa
[15:16] <_ruben> nice bug title :p
[18:55] <sarma> Hi, my ubuntu server was comprimised via apache phpmyadmin. I am trying use  netstat -npcuve but I got a lot of empty but tcpdump shows a lot of connection.
[18:55] <sarma> Any ideas ?
[18:56] <sarma> What i am trying to find out which process is doing DDOS.
[18:56] <Ninjix> sarma: try htop
[18:57] <sarma> ok
[18:57] <Ninjix> sarma: investigate what is using cpu
[18:57] <Ninjix> should be a good tipoff
[18:58] <sarma> Ninjix, cpu is free
[18:58] <sarma> Just a sec
[18:59] <sarma> I have 4 cpus indicators but process i do not see ????
[18:59] <Ninjix> sort by usage or by mem
[18:59] <sarma> Cpu 4 says 84.1 usage
[18:59] <Ninjix> have you restarted your apache2?
[19:00] <sarma> I unistalated it
[19:00] <sarma> apt-get remove purge
[19:00] <sarma> and stop first
[19:00] <Ninjix> ok.
[19:00] <sarma> only sshd is active
[19:01] <Ninjix> is your mysql still running?
[19:01] <sarma> Nop
[19:01] <sarma> I have 3 sshd
[19:02] <Ninjix> what does `netstat -an | grep tcp` look like?
[19:02] <sarma> normal
[19:03] <sarma> only my ssh sessions
[19:03] <sarma> 3
[19:03] <sarma> sessions and listening tcp6       0      0 :::22                   :::*                    LISTEN
[19:04] <sarma> One more thing my provider blocked all internet traffic from my server.
[19:04] <sarma> So maybe this is the reason why nothing shows in netstat
[19:04] <Ninjix> are those connection attempts in the tcpdump or outbound from your host?
[19:06] <PJiPhone> Best bet might be to backup data and reinstall from scratch
[19:07] <PJiPhone> Verify config files ok before migrating
[19:08] <sarma> http://pastebin.com/m7cb4fe9
[19:08] <sarma> Here is the tcpdump
[19:09] <PJiPhone> Bbl
[19:10] <Ninjix> sarma: what does `netstat -nlp` return currently?
[19:11] <sarma> http://pastebin.com/m61af2fdc
[19:11] <sarma> Here it is
[19:11] <sarma> Nothing
[19:11] <Ninjix> sarma: looks like your apache was running a worm
[19:11] <sarma> Looks like
[19:11] <sarma> Virus
[19:12] <sarma> Buy ubuntu-servers uses www-data user only
[19:12] <sarma> How can this spread as root user
[19:14] <Ninjix> have you looked for new files, yet?
[19:14] <sarma> Yes i have
[19:15] <Ninjix> turn up anything?
[19:15] <sarma> And i found out all of them in tmp and so on.
[19:15] <sarma> Them
[19:15] <sarma> bloody thing
[19:16] <sarma> it i have bash in that folder
[19:17] <sarma> small bash size
[19:19] <Ninjix> well, if you are feeling confident enough, you can run `sudo watch -n 1 netstat -nltup` in a separate console
[19:20] <Ninjix> then re-install apache and look for odd behavior
[19:20] <Ninjix> the previous malware may have siblings trying to communicate with it on the same IP
[19:22] <sarma> Next time i will choroot bloody apache
[19:22] <Ninjix> but best bet is to backup your data after checking it for contamination then reinstall
[19:23] <sarma> Yes i will do so
[19:23] <sarma> Tnx man for you help.
[19:23] <Ninjix> np
[19:23] <Ninjix> and good luck
[19:24] <sarma> Any other recomendation how to protect my web server more on ubuntu
[19:24] <sarma> I regulry do update
[19:24] <sarma> But look like thats not enough
[19:24] <Ninjix> set a policy that all admin type web apps get moved to different port than general pub (http 80/443)
[19:25] <Ninjix> or setup some .htaccess rules that only allow access to admin web apps from localhost
[19:25] <Ninjix> use ssh port redirection to access your admin apps
[19:27] <Ninjix> Apache binaries are pretty solid and Debian community does a good job keeping it patched up
[19:27] <sarma> This was a exploit in Phpmyadmin, the problem is i can not prevent from students from instaling such aplications?
[19:27] <Ninjix> the PHP, Rails and other code we install in our Apache is an entirely different story.
[19:28] <Ninjix> ahh... I see
[19:29] <Ninjix> might want to ask around in one the PHP or LAMP channels
[19:29] <Ninjix> bet you are not the first sysadmin to face this particular problem
[19:30] <sarma> Oh tnx very much. I will try my luck with chroot
[20:14] <DrManhattan> Good afternoon MenZa , good to see you again
[20:45] <tarski> how easy is it, if i want to download and install the server edition, but I want to use lighttpd instead of apache. is this easy to do? or are things woven together in the distro for apache
[20:49] <Ninjix> tarski: just install the base system then added the lighttpd packages as needed
[20:50] <tarski> Ninjix: so when I download && install the cd, I'm given the choice if I want to install apache or not?
[20:51] <tarski> Ninjix: I mean the server-edition ISO
[20:52] <Ninjix> tarski: yes
[20:52] <Ninjix> you will get several configuration options
[20:52] <tarski> Ninjix: thanks
[20:52] <Ninjix> you can select all, some or none
[20:53] <Ninjix> I think you will want to select only the SSH Server option then add what you want by hand post-install
[20:54] <tarski> Ninjix: ok. sounds good.
[21:13] <pting> is there a sshfs fstab options such that it'll do a sudo su immediately after mounting? ie... sshfs#myserver: /mnt/blah fuse user,noauto,initcmd='sudo su' 0 0
[21:15] <ScottK> pting: I don't know the answer to your question, but generally sudo -i would be preferred to sudo su.
[21:18] <pting> ScottK, thanks for the pointer. i'll remember to use that next time
[21:31] <TXX> Hey
[21:32] <TXX> I got ubuntu server installed with no Desktop envoirment
[21:32] <TXX> but i want gnome installed but not booted into when i start the system
[21:32] <TXX> i just want it as an instance to vnc into
[21:32] <TXX> i started with a simple sudo apt-get install x-window-system-core xserver-xorg gnome-desktop-environment
[21:32] <TXX> but Package x-window-system-core is a virtual package provided by:
[21:32] <TXX>   xorg 1:7.4+3ubuntu10
[21:32] <TXX> You should explicitly select one to install.
[21:32] <TXX> i get this output
[21:34] <Ninjix> TXX: maybe you should install desktop and set it to boot into console run level
[21:34] <TXX> Ninjix, how do i set it to boot into console?
[21:35] <TXX> cause i just install the ubuntu-desktop package and then set boot to only use console
[21:35] <TXX> i can just insatll the *
[21:42] <TXX> evt get logged into the login screen when vncing in to get a option of choosing what DE
[21:46] <Ninjix> TXX: edit your /etc/default/grub file and set GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash text”
[21:47] <TXX> : o
[21:47] <TXX> Ninjix, you are so lovly i could donate some money to you, but i am broke
[21:47] <Ninjix> then you are using the correct OS at the right price. :)
[21:48] <TXX> XD heh yeah i guess so
[21:48] <Ninjix> make sure you run `sudo update-grub` after editing
[21:48] <TXX> : o
[21:49] <TXX> oh shit yeah thanks
[23:04] <Aison> wtf is going on here
[23:04] <Aison> i'm running a ubuntu server with samba
[23:05] <Aison> now I copied 1gb zip file to this samba share
[23:05] <Aison> after comparing the md5sums they are different
[23:05] <Aison> so I copied again
[23:05] <Aison> but then, they are again different
[23:07] <Aison> well, now after 5 times copy, the md5 sums are equal
[23:07] <Aison> crazy!
[23:07] <MTecknology> Aison: samba sucks..