[00:06] is there a way to take over an ssh session? I had one time out but i don't want to kill it [00:07] malchias: run ssh seasion by using screen command [00:07] how do i install the server kernel on a desktop ubuntu? [00:07] do I have to run screen ahead of time? [00:07] you can attach & dettach it later - depends on your needs [00:08] malchias: i supouse that yes [00:08] maybe there is some other solution [00:08] cool - know what would cause it to drop from connections table and lose the connection in the first place (dropped: reason first packet isn't syn) [00:08] but i use screen by default [00:15] has anybody running calendarserver on ubuntu lucid ? [00:15] http://packages.ubuntu.com/ro/lucid/python/calendarserver [00:19] where the python-xml has been lost from lucid ? [00:26] Greetings all, how does one stop iptables from logging every dropped connection into the system logs. I've deleted the rule that tells it to... [00:27] what's iptables -L say? [00:27] (dn't paste it) [00:29] take a look at what you r/etc/network/if-pre-up.d/iptables says, it could be loading a rule set [00:33] can someone like, walk me through how to setup SSL on my ubuntu 10.04 server? I've followed like four tutorials and it's still not working, ended up having to take it out completely. === MasterZuFu|Bed is now known as MasterZuFu [00:37] MasterZuFu: Did you check the server guide (see /topic). I believe it's covered there. [00:37] will do [00:38] i've been in the room too long and no longer see /topic, and when i run "/topic" it says it's not enough parameters. could you c/p it here for me please? [00:56] https://help.ubuntu.com/10.04/serverguide/C/ [00:58] oh wow, thanks ScottK! :) [01:01] hmmm i have problems with caldavd [01:01] root@e3server1:/opt/CalendarServer# /etc/init.d/caldav start [01:01] * Starting Darwin Calendar Server caldavd [01:01] Downloading memcached... [01:01] curl: (7) couldn't connect to host [01:01] ...fail! [01:13] Looking at this part of the configurations (I'm setting up several things at the same time here) https://help.ubuntu.com/10.04/serverguide/C/ftp-server.html. It says near the bottom about shells at /etc/shells/ this directory doesn't exit. Should it have existed during the initial instillation of the package? or do i need to create it now? [01:14] ah, nvm, looks like a virtual directory :P [01:15] New bug: #590255 in php5 (main) "php5-cgi crashed with SIGSEGV in zval_mark_grey()" [Medium,New] https://launchpad.net/bugs/590255 [01:19] this is confusing me as far as how to create the users. it just says "add the users into this list"...but I have no idea what the actual format is supposed to be for creating users [01:21] why the hell does everything have to be so damn complicated? I can't understand half of this crap if my life depended on it >_> [01:31] guys how do i extract this------> eaccelerator-0.9.5.3.tar.bz2 [01:37] ruben23: use command tar [01:46] has anyone heard of a bug in the bnx2 driver that could cause a system to hang and lose outside connectivity with heavy traffic [02:00] ruben23: bunzip also [02:10] Now PHPMyAdmin won't let me sign in. It was earlier, I have no idea what's going on. I keep getting this error now with the same username and password: #1045 Cannot log in to the MySQL server [02:11] New bug: #590275 in openssh (main) "ssh init script doesn't use the /etc/default/ssh file" [Undecided,New] https://launchpad.net/bugs/590275 === RudyValencia is now known as I === I is now known as me === me is now known as my === my is now known as RudyValencia [04:37] malchias: you still here? was busy for a bit there.... [09:39] hey, can anybody tell me what this means, and why it happened? in /proc/mdstat [09:39] [=====>...............] check = 27.9% (273060480/976759936) finish=618.8min speed=18951K/sec [09:39] the RAID was fine yesterday [09:39] and all the disks are there [09:39] no SMART errors, no failures [09:42] qman__: there's a monthly resync [09:42] It probably triggered recently. [09:42] oh, ok [09:42] never noticed it before [09:42] I freaked out when I first saw it [09:42] went out and bought some new disks [09:43] I'm surprised I never encountered it, I've been using this type of setup for two and a half years now [09:43] Well, you'd have to look at mdstat within those 12 hours [09:44] I check it basically daily, I've got a script that shows that and some other basic info on a web page [09:44] qman__: nagios? [09:45] nah, just something I put together [09:45] though I guess 12 hours a month, over 30 months [09:45] So I've set up a chrooted SFTP account and now I wonder if there is any way for me to test how secure it is. I've disabled root login and changed the port number and when I log in to the account I doesn't seem to be able to go up to the parent folder but still I would like to test it more firmly. [09:45] makes sense that I didn't see it until now [09:46] X-Sleepy-X: what release are you running? [09:46] 10.04 desktop [09:46] i386 [09:46] Then you can use OpenSSH's built-in sftponly functionality; it's better than a manual chroot. [09:46] i used openssh [09:47] then any known possible holes in it would be all over the internet [09:47] qman__: not necessarily; Debian's entropy cock-up didn't affect OpenBSD or RHEL users, for example. [09:47] that's true [09:47] I did this in the config Match group sftp [09:47] ChrootDirectory /home/%u [09:47] X11Forwarding no [09:47] AllowTcpForwarding no [09:47] ForceCommand internal-sftp [09:48] X-Sleepy-X: ah, OK. [09:48] amazing how long it took for that to surface, too [09:48] X-Sleepy-X: that's what I meant. [09:48] yeah ok [09:48] well how can i test how secure it is? [09:48] and yeah i disabled root login [09:48] and changed the port [09:48] back up your data [09:48] and try throwing some rm -rf /s at it [09:49] ive put the shell to /bin/false [09:49] so im not sure how to input that command... :S [09:49] X-Sleepy-X: publish the password and see if anyone breaks in? ;-) [09:50] LOL [09:50] well then there's not much you can test for [09:50] so it's pretty safe? [09:50] the only real holes you could be vulnerable to are ones in the services or main system itself [09:50] ok [09:50] well i guess that's a risk i'm willing to take [09:50] and as long as you're up to date, there's not much more you can do on that front [09:51] true [09:51] :) [09:51] no other security mesures i can add to the /etc/ssh/sshd_config ? [09:52] X-Sleepy-X: the best way to secure a service is not to run it [09:52] twb: yeah, but I'm to lazy to shut it off and on [09:52] You can also disable password auth, use hashlimit/recent (or denyhosts/fail2ban), limit the set of users and the set of source addresses. [09:53] I would say to set up something to defend against brute force attacks, but running on an alternate port pretty much covers that [09:53] ok [09:53] i'll look in to those things mentioned [09:54] thanks for the help :D [09:54] that alone puts you out of the target range for 90% of break-ins [09:54] qman__: good to know :) [09:55] now i just need to configure my php when i'm done with this... [09:55] i just love using my eee pc as a server/desktop [09:55] ;) [09:55] there's lots of bots out there that scan the net for open SSH servers, and brute force them [09:56] but they naturally only scan port 22, and only use a pretty simple dictionary attack [09:56] so with a good password i should be safe from those? [09:56] yes [09:56] just make sure you don't have any other users allowed [09:56] So I have to enable universe for a handful of packages. [09:56] they try stuff like root and built in accounts [09:57] qman__: How do can I check if I have that or not? [09:57] -od [09:57] -do [09:57] the easiest way in my opinion is to make sure any users that don't log in, don't have a shell [09:57] Can I configure pinning such that 1) updates to INSTALLED universe packages are allowed; but 2) universe packages that AREN'T installed must be explicitly requested -- apt-get install foo, where foo depends/recommends a universe package bar, will fail. [09:57] about 15 built in accounts in ubuntu have a shell for no apparent reason [09:58] I change them to /bin/false [09:58] qman__: those accounts should still be locked [09:58] yes [09:58] qman__: surely OpenSSH doesn't allow logins to any account that has an :x: in shadow [09:58] yeah, it doesn't allow that [09:59] so i don't need to set them to /bin/false? [09:59] but removing the shell adds one more layer of protection [09:59] in case a password gets set inadvertantly [09:59] you don't need to, I do anyway [09:59] and it hasn't broken anything for me [09:59] ok, but as long as i dont set a password for those account they are safe? [09:59] yes [10:00] well i only have two accounts [10:00] my standard and the sftp [10:00] with passwords i mean [10:00] users without passwords can't log in, except if they have key-based authentication configured [10:00] i haven't gotten around to start using keys yet [10:00] hehe [10:00] qman__: well, system users usually have a silly $HOME [10:01] X-Sleepy-X: disabling password auth is definitely worth doing [10:01] it's actually pretty easy to set up [10:01] to be perfectly honest, I only set up key based auth about a month ago for the first time [10:01] despite running linux and openssh for over five years [10:01] The main danger is that you can remove a passphrase from a passphraseful key, so you have to make sure users are educated [10:02] Otherwise they'll use passphraseless keys, which are single-factor auth [10:02] I use some of both [10:03] ok, but im only going to use my sftp account with ppl i know in person, i mean i will change my password regulary [10:03] my internet-facing server requires passphrase keys [10:03] X-Sleepy-X: doesn't matter. [10:03] X-Sleepy-X: single-factor authentication is inherently weaker than multi-factor authentication. [10:03] qman__: how does it enforce that? [10:03] ok [10:04] well, it doesn't technically require it, I only created keys with passphrases for that one [10:04] and I'm the only one with root, so [10:04] OK, so it only requires it at a policy, not a technical, level. [10:04] yes [10:04] but for the sake of convenience I set up passphraseless keys between my desktop and the other servers [10:05] because the only possible attack vector is through the one that needs a passphrase [10:05] qman__: that's stupid. Use multi-hop SSH. [10:05] unless someone gets really fancy with a firefox exploit, anyway [10:06] You should not be initiating SSH connections from an intermediary. [10:06] ssh -oProxyCommand='ssh gateway.example.net -W %h:%p' foo [10:06] ...connects to foo, via gateway.example.net, using your local machine for both auths [10:07] nice [10:07] (You can put the same thing in .ssh/config.) [10:07] I'll have to do that [10:07] If you do that, you should also disable agent forwarding [10:07] agent forwarding achieves something similar, but it assumes that root on gateway.example.net is ultimately trusted. [10:08] then I could just disable the ssh client on that server altogether [10:09] The major downside is that you're paying double encryption overhead on the you<-->gateway link. [10:09] But IME that's negligible. [10:09] yeah [10:10] I've tried before just to see, I can get about 5 simultaneous connections before it chokes [10:10] I'm the only one who ever uses it, so that's not an issue === freeflyi1g is now known as freeflying [10:56] New bug: #590349 in dhcp3 (main) "package dhcp3-server 3.1.3-2ubuntu3 failed to install/upgrade: o subproceso script post-installation instalado devolveu o estado de saída de erro 127" [Undecided,New] https://launchpad.net/bugs/590349 [11:32] Is the /etc/php5/apache2/php.ini file configured to be development or production in Ubuntu 10.04? [11:36] how can i force apache to append some text e.g. a link or an image at the bottom of every page that it renders? [12:27] Grmph [12:27] ifup -a should not restart sshd five times [12:28] twb: once for every nic? [12:28] Yes [12:28] It should be smart enough to realize that it only needs to do it once, at the end. [12:28] Similar to dpkg triggers [12:28] agreed [13:44] hi guys whats the features of ubuntu-server new ver, LST..? [13:44] KTS i mean.. [13:45] LTS...:-D [13:45] ruben23: http://www.ubuntu.com/server/features/reduce-costs [13:57] ruben23: for what are you going to use it? [13:58] RoyK: ill be using for voice traffic, a predictive dialer system. [13:58] asstrix? [13:59] RoyK: right...your correct [13:59] Not freeswitch, then? [13:59] I've run rather large asterisk installations on ubuntu. the problems we saw was asterisk-related, not ubuntu-related [13:59] and we saw LOTS of problems [13:59] asterisk is not good [14:00] I'm getting *** System restart required *** - I guess this just means I've done a kernel update and need to restart to have it take effect. I can't reboot this box; can I hide the message, or is there a way to swap out the running kernel for the new one without a reboot? [14:00] twb: do you know any predictive dialer setups with fs? [14:00] JamesHarrison: it only shows that message to admins [14:00] JamesHarrison: and usually it's ok to ignore that - it just means a new kernel is ready [14:01] RoyK: Yes, and nobody else has an account on the box, just me. I know it's probably safe to ignore, it's just irking me :) [14:01] hehe [14:09] Hi this message is shown when logging in http://pastebin.com/hQsKgK01. I've looked at the URL it shows and that is of no help [14:10] This is a virtual machine running VMWare, although I have root privalidges [14:11] RoyK:i been using 8.04 LTS for production, but i want to upgrade to the new release, im just afraid what migh happen.. [14:12] the new LTS version.. [14:13] steffan: http://tinyurl.com/2b2q53j [14:13] Hi All. Output from top on my server shows 147K free RAM, however, I'm not running anything. How can I troubleshoot whats using that memory? [14:14] ruben23: it'll probably work [14:14] cybrocop: pastebin output from 'free' [14:15] RoyK: Here is output from 'free': http://slexy.org/raw/s2NN07Pew7 [14:15] cybrocop: see the buffers/cache line [14:15] you have lots of free memory [14:16] but linux uses whatever's left for buffering [14:16] that's released when something needs it - when it's allocated [14:17] RoyK: I was running kvm, and it froze up for a minute, thought it may be related to this. KVM was/is allocated 850MB [14:18] 850 megs is not really a lot for kvm [14:18] RoyK: 5 results - the majority in Chinese [14:19] RoyK: agreed. But the KVM itself was not heavily used. I was editing a 5 line text file.. But I'll try to pay more attention once this happens. [14:20] Another question, does anybody know how to send Ctrl-Alt-Del through Rdesktop? [14:20] cybrocop: ctrl-alt-ins? [14:21] remix_tj: doesn't work for me. [14:22] cybrocop: uhm, or ctrl-alt-end [14:22] RoyK: The website (https://wiki.ubuntu.com/Security/CPUFeatures) says that you can start using it if you install -generic-pae flavor of the 32bit kernel. On login I'm shown '2.6.32-21-generic-pae', which shows that the server is already using it. So why am I getting this message? [14:23] remix_tj: Sorry, that doesn't work either. I must have tried all the reasonable Ctrl-Alt-*** combinations. [14:24] cybrocop: you can use windows security on the start menu, so [14:25] remix_tj: Thanks, thats a good workaround. [14:29] steffan: no idea [14:50] hey everyone. i'm trying to use byobu (screen) here. i have my server remote-ssh'd into from my desktop, and then i have remote ssh on my iphone. i want to have a screen already setup with two windows on it, both already running a command. i pressed "ctrl+a,d" to detach my screen. then on the iphone i put "screen -r" to resume. it says this: - byobutput: unknown terminal "vanilla". cannot find terminfo entry for 'vanilla' [14:55] anyone? [15:21] New bug: #590408 in dovecot (main) "dovecot dies with "Fatal: Socket already exists: /var/spool/postfix/private/dovecot-auth"" [Undecided,New] https://launchpad.net/bugs/590408 [15:26] how to stop the colorfull logo on boot at other gimmicks? [15:27] also how to disable auto starting gdm/kdm (so that by default server does not start any X server) [15:27] also how to uninstall radeom propertiary driver, and overall remove X to change the computer to a headless setup (but! the computer needs the part to be able to VCN / ssh -X into it) [15:44] what is the preferred virtualisation solution for ubuntu these days? [15:51] i like kvm [15:52] does kvm differenciate between hvm and pv like xen does? === RoyK is now known as Guest68744 === RoyK^ is now known as RoyK [16:04] hi where is the php.ini file on ubuntu located..? [16:04] on ubuntu-server [16:06] New bug: #590421 in mailman (main) "list_lists crashed with ImportError in ()" [Undecided,New] https://launchpad.net/bugs/590421 [16:07] ruben23: /etc/php5/ [16:08] Or php4 if you're using that [16:22] Hello, I am trying to install 10.04 with a raid 1 configuration. I get all the way through the install and on the reboot the system complains that it cannot find /dev/by-uid/ which corresponds to /dev/md0. When I boot into recovery fstab has the correct UUID for /dev/md0 [16:22] It's almost like mdadm is not being loaded in time for the system to boot [16:31] New bug: #590431 in mailman (main) "withlist crashed with AttributeError in fix_url()" [Undecided,New] https://launchpad.net/bugs/590431 [16:44] hi there, drwxrwxrwt for /tmp on a server is correct or there's a catch? [16:45] blue-frog: That's the default [16:45] ok had the default on a desktop but not on the server [16:46] ty [16:46] blue-frog: np [16:52] hey i will create a openvpn gateway, the connection is ok, it run, but i can?t ping a pc in the "push network" [16:52] i can ping the vpn server [16:54] on the tun device and on the eht0 device, but i can?t ping the pc behind eht0 [16:54] is the problem iptables? [17:04] i can't tell from here [17:06] you need more information? === wieshka_ is now known as wieshka [18:36] hi all. seems redhat has some admin tools that can be run on windoze to manage VMs. are such tools available on ubuntu? [18:36] s/on/from/ [19:10] i am tring to install a lamp server [19:11] if i install apache2 it install apache2-mpm-worker than if i install php5 it replace apache2-mpm-worker with apache2-mpm-prefork [19:11] is possible to mantain apache2-mpm-worker? [19:15] do you really need -worker? [19:16] php isn't thread-safe [19:16] if you want php, use prefork [19:16] it scales well enough for most use [19:17] prefork starts to perform bad at thousands of concurrent requests [19:46] hey all, I'm trying to install 10.04 server to a usb thumb drive. All goes well until it tries to install grub - it fails with no details. I tried selecting lilo but that fails too. Am I missing a step? I've read some usb howtos online but they only discuss Desktop, not Server... [19:48] volve: what did you use to do it - usb-creator-gtk on lucid? [19:49] no, simply ran the server installer as "method 1" here https://wiki.ubuntu.com/LiveUsbPendrivePersistent made mention of just pointing to the thumb drive [19:51] volve: that's a pretty old page (those need to be cleaned up....) what distro were you running on the machine that you created it from? [19:52] you might want to try usb-creator [19:52] I had no os installed. Was just booting from the server install cd. [19:52] but I have only used it for a (simple, successfull) desktop install [19:52] will go read about us-creator :) [19:52] volve: ahh - got it [19:53] :) [19:53] volve: I'd love to hear how it works [19:53] usb-creator's tagline is that it writes the iso images to usb drives. that's what concerns me as that's not an install, I'd end-up with the usb drive booting into the server installer... :/ [19:54] maybe I'm googling this wrong, maybe I should try searching for ways to transfer an hd install to a usb drive... hmm [19:55] volve: oops - that sounds right. [20:13] * ccheney just upped his medicine dose 50% today and is feeling a bit wired [20:27] how can i edit my invalid /etc/sudeors file? [20:29] KenBW2: Reboot into recovery mode. [20:29] KenBW2: And from now on, use visudo to edit sudoers. [20:29] KenBW2: It checks the file's validity before letting you replace the original one. [20:29] its a VM, how would i restart into recovery? [20:31] soren, you use uec right? [20:32] soren, have you ever seen a weird issue where eucalyptus seems to use the external ips (the ones you assign vs the 172.x ones) for a while then stop using them, almost like an ip leak [20:33] soren, i'm trying to determine what is causing it to happen on my test box, i saw that the 172.x address are assigned via dhcp but haven't tracked down what handles hand outs of the ips from ip pool assigned by the admin [20:35] ccheney: I don't use UEC. [20:35] soren, ok [20:36] KenBW2: Just like you would a regular machine. [20:36] KenBW2: Invoke the grub menu, choose recovery mode. win. [20:36] the first part s what im struggling with [20:37] * nealmcb waves at soren [20:37] nealmcb: o/ [20:37] KenBW2: Hold down the shift key, I think. [20:38] this is VMWare Server if that changes anything [20:39] You tell me. [20:40] KenBW2: I've told you what to do. Have you tried it? [20:41] i tried pressing shift while pressing the play button, yes [20:41] but unsuprisingly it did nothing different [20:44] KenBW2: not while pressing the play button but inside the VM while it is booting [20:45] ah, ill try that [21:06] ok ive tried Shift, and ESC (as suggested on the boot screen) and neither shows me grub [21:06] nealmcb: turns out all I needed was to make sure the first partition was a FAT32 and set as Bootable. GRUB installed happily afterwards. :) [21:07] volve: excellent! [21:07] hope it boots nice and fast! And do take /tmp off of it.... [21:07] Next question though: how do I disable the silent boot-up and resolution detection? I sort of like seeing my services scroll by... :D [21:08] nealmcb: yeah I need to figure out a script to put /tmp in ram, and also nuke the swap partition the installer created [21:10] I mean, ideally I want to boot the entire filesystem into ram [21:19] praise goodness there is a server channel!!!!! [21:19] t3chkommie :) [21:20] can anyone help me with a 10.04 server trying to set up IMAP and webmail? [21:20] volve: Check out /etc/default/grub for boot configs [21:20] i had postfix+dovecot+squirrelmail... worked fine, untill i did and upgrade and broke everything... [21:20] now i cant get anything to work.. no roundcube.. courier... nothing. [21:21] volve: and I'd think you could just link /tmp into /dev/shm in fstab [21:21] but I haven't looked into that recently [21:22] anybody? [21:23] t3chkommie: did you install the mail server task (see tasksel) [21:23] i think so. [21:23] isnt that postfix? [21:23] among other tings [21:24] but I'm not up-to-date on it === unreal_ is now known as unreal [21:25] ok, sudo tasksel, it was missing mail server some how, so im going to resintall that [21:25] nealmcb, tasksel... awsome command, i was looking for that when everything went down yesterday! [21:25] thanks! [21:26] t3chkommie: :) [21:26] nealmcb, what should i do now? [21:26] reinstall dovecot? courier? [21:31] anyone use roundcube and squirrelmail that prefurs one over the other? [21:31] im looking for somwthing with a nice UI, and resembles outlook webmail [21:41] t3chkommie: I don't have much recent mail server experience, but if you describe the specifics, someone else here might see something they can answer [22:32] Hello, I am trying to install 10.04 with a raid 1 configuration. I get all the way through the install and on the reboot the system complains that it cannot find /dev/by-uid/ which corresponds to /dev/md0. When I boot into recovery fstab has the correct UUID for /dev/md0 [22:59] Anyone here use a LSI 9260 with Ubuntu Server 10.04? Cause LSI only has official drivers and control/agent software for REHEL.. but someone told me kernel 2.6 and higher has build in drivers for the Megaraid... [23:00] any idea? [23:00] RHEL* === unreal_ is now known as unreal === pgraner-afk is now known as pgraner [23:52] anyone here using LSI cards in ubuntu./ [23:52] ? [23:55] Yosi, http://ubuntuforums.org/showthread.php?t=1242919 [23:55] last post?