[01:42] <billybigrigger> anyone here use nfs shares?
[01:49] <giovani> billybigrigger: sure
[01:52] <billybigrigger> giovani, what do you use for mount options in your fstab?
[02:03] <Doonz_> hey guys im having a weird issue. I just had a power outtage that lasted longer than my UPS could handle. Anyhow the system came back up nicely but i have 2 raid arrays that arent mounted but when i try to mount the manually by running sudo mount -a it tells me that its either mounted or the mount point is busy. when i type mount it doesnt show up that its mounted and when i umount it it says its not mounted any advice?
[02:10] <giovani> billybigrigger: uhm, hard,nosuid,udp off the top of my head
[02:10] <giovani> billybigrigger: why do you ask?
[02:12] <giovani> oh and sec=krb5i
[02:14] <clusty> just finished setting up my pptp vpn server. how can I get access to smb and afp shares from outside once i connected through the vpn server?
[02:21] <billybigrigger> giovani, because the wiki page for nfs looks outdated
[02:23] <T3CHKOMMIE> hey guys, trying to make my own google docs thing with my own server any ideas?
[02:25] <giovani> billybigrigger: outdated how?
[02:26] <Doonz_> hey guys im having a weird issue. I just had a power outtage that lasted longer than my UPS could handle. Anyhow the system came back up nicely but i have 2 raid arrays that arent mounted but when i try to      debfx
[02:26] <Doonz_>  mount the manually by running sudo mount -a ittells me that its either mounted or the mount point is busy. when i type mount it doesnt show up that its mounted and when i umount it itn says its not mounted      deegee any advice?
[02:26] <giovani> T3CHKOMMIE: I think a few of the general colaboration suites share some of Google Doc's features
[02:26] <giovani> i.e. Zimbra
[02:26] <giovani> not that I've used them
[02:27] <T3CHKOMMIE> giovani, thanks!
[02:27] <giovani> but search "open source collaboration"
[02:27] <giovani> fengoffice.com too
[02:31] <T3CHKOMMIE> giovani, you know of anything kinda free? like does oppen office suport any web/cloud stuff?
[02:31] <giovani> Zimbra is free
[02:31] <giovani> as is fengoffice
[02:31] <T3CHKOMMIE> hm,
[02:31] <giovani> openoffice is just a desktop application
[02:31] <T3CHKOMMIE> got it.
[02:31] <giovani> so no web/"cloud" stuff
[02:36] <T3CHKOMMIE> doesnt look like zimbra is in the repos.
[02:36] <T3CHKOMMIE> im a bit worried about having zimbra crash my dovecot email server :S
[02:37] <T3CHKOMMIE> thanks for the headstart giovani, gota jam!
[02:59] <X-warrior> hello! I'm thinking to put some virtual machines in my server. But I was thinking, how it works to install a new OS in a Virtual HardDisk if i'm at console?
[03:10] <clusty> X-warrior: you can create HDDs from CLI
[03:10] <clusty> and enable VNC in the VM
[03:10] <clusty> mount the iso image form cLI again
[03:10] <clusty> fire up the VM
[03:10] <clusty> and connection from a PC to the VNC
[03:11] <clusty> that is how i am doing it with virtual Box
[03:11] <X-warrior> clusty, so I need to create the virtualmachine in my desktop (for an example) and them configure a remote access system... shutdown it put in ubuntu server and start running. Right?
[03:13] <clusty> X-warrior: look at VBoxHeadless
[03:13] <clusty> VBoxManage
[03:13] <clusty> ...
[03:13] <clusty> read the doc
[03:13] <clusty> it's nicely written
[03:13] <X-warrior> clusty, ok, thanks I will take a look!
[03:16] <X-warrior> clusty,  that is nice! i didn`t know it! thanks alot!
[03:17] <clusty> X-warrior: i have done the whole shabam only a few times myself
[03:17] <clusty> i prefer usually to config the VM graphically
[03:17] <clusty> and upload tot he server
[03:18] <clusty> X-warrior: just beware that the FOSS Vbox does not support VNC
[03:18] <clusty> you want the PUEL version
[03:18] <clusty> you gotta add another repo from oracle (ex Sun) :D
[03:23] <X-warrior> clusty, I don`t have sure if I understand. Are u saying that the normal repo version don`t support this feature? So I need to add another repo from oracle?
[03:23] <clusty> yes. last time i chacked (about 1 year ago) the ose version did not support
[03:24] <clusty> http://www.virtualbox.org/wiki/Linux_Downloads
[03:24] <clusty> pick the linux version you are running
[03:25] <X-warrior> clusty,  yes i'm already at this page
[03:25] <X-warrior> ;)
[03:25] <clusty> the PUEL is free only for personal use
[03:52] <Smooch> Hi
[04:03] <Smooch> mm
[04:03] <Smooch> Talk?
[04:03] <cjs> I have  a virtual server that, due to some network misconfiguration, gives me a bunch of messages on boot such as "init: network-interface (eth2) pre-start process (491) terminated with status 1" and then just a blinking cursor: I can't seem to get a shell or login or anything else prompt. How can I recover from this?
[04:04] <Smooch> !network
[04:04] <Smooch> Hmm
[04:04] <Smooch> Ok sorry
[04:05] <Smooch> Have you tried restarting network?
[04:05] <cjs> What, on the working host, or on the broken VM?
[04:06] <cjs> Perhaps I wasn't clear: I have a VM that will no longer boot, and I can't figure out how to recover it. (This is a 10.04 minimal VM install.)
[04:06] <Smooch> Is it openvz?
[04:06] <cjs> Holding down shift or pressing ESC doesn't bring up a grub boot menu.
[04:06] <Smooch> openVZ? or Xen?
[04:06] <Smooch> VirtualBox even?
[04:07] <cjs> It's standard ubuntu KVM.
[04:07] <Smooch> Oh, sorry i have no experience with KVM
[04:07] <Smooch> Do you have access to the node?
[04:08] <Jordan_U> cjs: What happens when you try to boot? Have you tried booting with Super GRUB2 Disk?
[04:09] <Smooch> cfs: Is this a node or just a computer/server running ubuntu and kvm?, do you have root access to the host?
[04:09] <cjs> I boot the node, it gives me: "fsck from util-linjux-ng 2.17.2", "/dev/sda1: clean ..." and then messages similar to the one I posted above. Then a blinking cursor on the next empty line. The only keypress that seems to do anything is ESC, which repeats all that from the "fsck from ..." part.
[04:09] <cjs> Yes, I've got full access to everything.
[04:09] <Smooch> Ok well
[04:10] <Smooch> I don't know much about KVM but, if you can some how mount the image?
[04:10] <Smooch> That way you can edit the vms files
[04:11] <cjs> Hm. I suppose I could try that. It seems a bit...frustrating that a linux boot could get into a state where the kernel loads and userland starts, but you can't recover the system.
[04:12] <Smooch> Well if you can get into the vms files
[04:12] <cjs> "VMS files"?
[04:12] <Smooch> The vm itself, from the host
[04:12] <Smooch> You can backup some files too
[04:12] <cjs> Ah, you  mean the filesystem the virtual machine is booting from. Yes.
[04:12] <Smooch> Yes
[04:13] <Smooch> Like i said, don't know much about KVM
[04:13] <Smooch> But if you have access to the file system :)
[04:13] <cjs> Well, this doesn't really appear to be a KVM problem; it appears to be an Ubuntu server userland problem.
[04:13] <Smooch> More than likely yes
[04:14] <Smooch> fsck from util-linjux-member:ng 2.17.2, isn't that the boot image?
[04:15] <cjs> As in, "WTF won't it go single user if something is wrong, rather than effectively wedging?"
[04:16] <cjs> I would presume that the startup scripts run fsck fairly early on.
[04:16] <Smooch> mhm
[04:16] <Smooch> probably
[04:16] <Smooch> Sorry, i can't personally help you
[04:16] <Smooch> Someone else might be able to :)
[04:17] <Smooch> and remove personally from that message
[04:17] <Smooch> :)
[04:17] <Smooch> well what i mean is
[04:17] <Smooch> i don't know how to fix this certain problem
[04:20] <cjs> Ha, looks like it's a udev/rules.d/70-persistent-net.rules that's on crack.
[04:21] <Smooch> ah
[04:21] <cjs> Nope, that didn't fix it. *Sigh*.
[04:25] <Smooch> Hi kokozedman :)
[04:25] <Smooch> Lol
[04:25] <Smooch> What was your question?
[04:25] <kokozedman> heheh
[04:25] <kokozedman> the NTP does not seem to work: all servers have their own time
[04:25] <kokozedman> which is causing a lot of problems
[04:25] <kokozedman> i thought Ubuntu already came with NTP already working
[04:26] <Smooch> https://help.ubuntu.com/10.04/server/C/NTP.html
[04:26] <kokozedman> Smooch: page not found 404
[04:26] <Smooch> whoops
[04:26] <cjs> Ok, simple enough. When I edited /etc/network/interfaces, I had "auto eth1" followed by config lines, but forgot the "iface eth1 inet static" between them.
[04:26] <Smooch> This one https://help.ubuntu.com/7.04/server/C/NTP.html
[04:27] <Smooch> try running ntpdate ntp.ubuntu.com does it work?
[04:27] <monsterb> https://help.ubuntu.com/10.04/serverguide/C/NTP.html
[04:27] <Smooch> :P
[04:27] <cjs> kokozedman: Was your local time very, very close to the servers when you started ntpd? If it's too far out, and especially if your hardware clock has a large skew, ntpd will not sync.
[04:28] <cjs> BTW, "ntpdate -d <server>" will give you debug output indicating what time the remote server thinks it is.
[04:28] <kokozedman> Smooch: yes the ntpdate works all the time, but after some days, it will be weird again...
[04:28] <kokozedman> isn't it running automatically?
[04:28] <kokozedman> i mean, isn't it supposed to be so?
[04:28] <Smooch> kokozedman: If doing ntpupdate works.. why not set a cron job?
[04:29] <Smooch> maybe set the timezone again?
[04:29] <kokozedman> Smooch: i thought so, but isn't that supposed to be the case in Ubuntu Server… listening to you talk makes me think that it's not the default behavior
[04:29] <kokozedman> timezone is already set… but i have another problem with that also
[04:29] <Smooch> I'm not sure if its the default behaviour actually
[04:30] <Smooch> Something must be resetting the time zone
[04:30] <Smooch> Are you connecting to another dns server? or through proxy?
[04:30] <kokozedman> these are new servers, so i don't know what is that "something" that is causing the reset
[04:31] <Smooch> How many servers are there?
[04:31] <kokozedman> i am connecting to the server through a HTTP proxy (thru corkscrew) but it's the server itself which is the proxy
[04:31] <kokozedman> 4 servers
[04:31] <Smooch> and the server that its connecting thru a proxy has the right time zone?
[04:32] <kokozedman> yes, all of them have the right time zone… but it's not about the right timezone which is troubling, but the timezones that the applications actually see
[04:32] <kokozedman> i have several CGI and Django applications on each servers
[04:32] <kokozedman> and they all have a very weird time issues
[04:32] <kokozedman> sometimes the TZ environment variable is set to "America/Chicago"
[04:33] <kokozedman> and sometimes they are "Asia/Karachi"
[04:33] <kokozedman> the latter one is the one that is correct
[04:33] <kokozedman> the former one is totally incorrect
[04:33] <kokozedman> and related to this timezone issue is the time that the applications receive
[04:34] <kokozedman> rarely do the application get the right time, but most of the time, it's using the time in America (Chicago i suppose)
[04:34] <Smooch> https://help.ubuntu.com/community/UbuntuTime ?
[04:34] <Smooch> whoops
[04:35] <Smooch> thats desktop one :P
[04:35] <kokozedman> i've followed that many times already
[04:35] <kokozedman> lol
[04:35] <Smooch> try opening /etc/cron.daily/ntpdate ?
[04:35] <Smooch> whats in there?
[04:35] <kokozedman> it's a bash script
[04:35] <Smooch> shouldn't be
[04:35] <kokozedman> wait
[04:36] <kokozedman> i don't have that
[04:36] <Smooch> whats in  /etc/ntp.conf ?
[04:36] <kokozedman> i only have ntp
[04:36] <kokozedman> i only have /etc/cron.daily/ntp
[04:36] <kokozedman> not ntpdate
[04:36] <Smooch> try ntupdate
[04:36] <kokozedman> i guess that has something to do with the 10.04
[04:36] <kokozedman> command not found
[04:37] <Smooch> apt-get install
[04:37] <kokozedman> you mean ntpdate?
[04:37] <kokozedman> apt-get install ntpdate?
[04:37] <Smooch> mhm
[04:37] <Smooch> sudo first of course
[04:37] <kokozedman> i'm already root
[04:37] <Smooch> thats fine then
[04:38] <kokozedman> man! ntpdate is already the newest version.
[04:38] <Smooch> enter man ntupdate does anything come up?
[04:38] <kokozedman> but i don't have /etc/cron.daily/ntpdate with that
[04:39] <cjs> kokozedman: For these applications, is the time zone supposed to be the correct one for the location of the server, or always the same regardless of where the server is located?
[04:39] <kokozedman> an entry is found for man ntpdate, but not for man ntupdate
[04:39] <cjs> (Although a better question is: why would you application care about what time zone you're using? Log stuff in UTC if you work across multiple time zones; it will make life much happier.)
[04:40] <cjs> kokozedman: ntpdate is normally run just once at boot, and perhaps once in a while when you bork your system. Otherwise ntpd should be taking care of keeping things in sync on a continuous basis.
[04:40] <kokozedman> cjs: it's supposed to be always "Asia/Karachi", no matter where the servers are located… the server are serving applications to Pakistan and it has to be honoring the time there… but at this time they are having time pointed to Chicago
[04:41] <cjs> kokozedman: In that case, set the TZ variable in your startup script.
[04:41] <Smooch> where does the server ip look up to?
[04:41] <Smooch> e.g what country/place do they say in whoius
[04:41] <Smooch> *whois
[04:41] <kokozedman> cjs: do you mind telling where is that startup script?
[04:43] <cjs> You're the guys starting the application, not me! :-)
[04:43] <cjs> Is this an app you developed, or is it something someone else wrote that you installed?
[04:44] <cjs> Keep in mind, I'm talking about the *application* startup script. The idea is that the application overrides whatever it's given when it starts.
[04:45] <kokozedman> cjs: i've already set the correct timezone (TZ) inside /etc/apache2/envvars … when i do, it has the correct timezone for about 2 or 3 requests, and then it goes back to the weird Chicago one after
[04:46] <kokozedman> i have developped it, i intended to receive the local computer's time and not care about what timezone is the script in, or is the time correct … i just assume that it will get whatever time the system is in
[04:46] <kokozedman> it has worked flawlessly in Gentoo Linux for about 4 years now
[04:46] <kokozedman> and since i'm leaving control of the server to a less proficient person, i decided to change the system to Ubuntu Server to make things easier for the person
[04:47] <cjs> Hm. Sounds like something is going wrong with apache or its startup scripts, then. I can't really help with that; I've not used apache in years, and never under Ubuntu.
[04:47] <kokozedman> but now, Ubuntu's time is getting us crazy
[04:47] <cjs> But you might consider reconfiguring things so that your application deals with the timezone, and doesn't depend on the environment, which is harder to control (as we've seen).
[04:48] <cjs> Maybe changing back to gentoo would make things easier. :-)
[04:48] <Smooch> Yeah
[04:48] <kokozedman> cjs: lol hahahaha… we paid $75 for each servers to be switched to Ubuntu… no way we're paying that again to switch back to Gentoo!!!
[04:49] <kokozedman> i just assumed that Ubuntu is stable enough to have weird problems like that
[04:49] <kokozedman> but i was wrong then! :-/
[04:49] <Smooch> Ubuntu is great actually
[04:49] <Smooch> But sometimes, you have to compile things from source.. if you know what i mean ;)
[04:49] <kokozedman> yes i know… but i don't know why it's doing this kind of weirdness in the servers
[04:50] <Smooch> Did you transfer it all to ubuntu?
[04:50] <Smooch> Perhaps you should back it up and re install ubuntu
[04:50] <kokozedman> i'm actually using a lot of Ubuntus in my VMware Fusion
[04:50] <cjs> If you want stability, don't change stuff. :-/
[04:50] <kokozedman> cjs: actually, i was sick and tired of Gentoo's package system… and Ubuntu's update and security is super
[04:50] <Smooch> Actually
[04:51] <cjs> I'm not a big fan of Ubuntu, but it doesn't seem much less stable than anything else out there that gets updated regularly.
[04:51] <Smooch> Maybe its the resolv.conf?
[04:51] <cjs> kokozedman: Yes, that's one of the main reasons I use it.
[04:51] <kokozedman> Smooch: what's about it?
[04:51] <cjs> And why I live with stuff like installing 10.04 LTS may go and trash disks on your KVM virtual hosts.
[04:52] <Smooch> Well, there the nameservers right.
[04:52] <Smooch> If your ntp'ing to the server
[04:52] <Smooch> perhaps ubuntus ntp server is getting the wrong ip
[04:52] <Smooch> well the wrong location
[04:52] <kokozedman> i don't think so
[04:52] <kokozedman> it's using the OpenDNS
[04:52] <kokozedman> all of them
[04:55] <Smooch> Oh
[04:55] <Smooch> Umm
[04:55] <Smooch> I'v read tons of things saying that openDNS is not good
[05:00] <kokozedman> oh?
[05:00] <kokozedman> then, i'll use Google DNS then
[05:03] <Smooch> try it :)
[05:05] <Smooch> erm
[05:05] <Smooch> I have a question of my own :)
[05:06] <Smooch> er
[05:06] <amstan_> kokozedman: openDNS lies actually, instead of giving you an error when a domain doesn't exist and letting your browser decide it lies and tells you that it exists, and points you at a server with advertisment on it
[05:06] <Smooch> how come apt-mirror takes so much cpu?
[05:07] <kokozedman> amstan_: i don't really consider that a harm ;) … it's just business, they need to advertise to run the servers right?
[05:08] <amstan_> kokozedman: except it's their business at our expense, it sometimes breaks things
[05:08] <Smooch> true
[05:08] <amstan_> when you're trying to do dns stuff for example, and you want to ping to check if a dns works, you'll always get a response
[05:08] <kokozedman> yeah
[05:09] <kokozedman> i didn't think that far :P
[05:09] <Smooch> might make my own dns servers
[05:10] <Smooch> would anyone be interested :P
[05:11] <kokozedman> heheheh
[05:11] <amstan_> Smooch: not really. i would probably get crappy pings
[05:11] <Smooch> hehe
[05:12] <amstan_> google dns is pretty decent these days, except that my ISPs DNS servers are faster(TekSavvy)
[05:12] <kokozedman> is there a way to check that crontab syntax is correct?
[05:12] <Smooch> send your crontab via pastebin
[05:12] <Smooch> and ask if its correct?
[05:12] <amstan_> kokozedman: put it on pastebin?
[05:12] <kokozedman> hehehe
[05:12] <kokozedman> lol
[05:12] <Smooch> lol
[05:14] <kokozedman> http://paste2.org/p/903943
[05:15] <kokozedman> it is the last 3 lines which is causing things to not work
[05:15] <Smooch> *; ?
[05:16] <kokozedman> oh, i guess i see
[05:16] <kokozedman> lol
[05:16] <kokozedman> for the username
[05:16] <kokozedman> hehe
[05:17] <Smooch> hehe
[05:20] <cjs> kokozedman: Why not just run your own DNS servers? It's as easy as "aptitude install bind9".
[05:21] <kokozedman> cjs: what's wrong with Google's? i'm using that now
[05:21] <cjs> It's yet one more external dependency to go wrong.
[05:21] <GhostFreeman> How do I generate the UUID for a hard drive?
[05:21] <cjs> Not to mention that it lies from time to time, as mentioned above.
[05:21] <amstan_> cjs: to go wrong? DNS would be the last thing to go wrong
[05:22] <cjs> GhostFreeman: hard drives don't have UUIDs. Perhaps you're thinking of a partition or something like that?
[05:22] <amstan_> cjs: there's usually 3 DNS servers
[05:22] <GhostFreeman> ok, a partition
[05:22] <cjs> amstan_: DNS is one of the first things to go wrong. See above about Google's DNS lying to you.
[05:22] <GhostFreeman> what is the weapon of choice.
[05:22] <amstan_> GhostFreeman: you don't generate it, you just read it
[05:22] <cjs> GhostFreeman: What kind of partition?
[05:22] <GhostFreeman> I need to read it so I can add it to fstab
[05:22] <amstan_> GhostFreeman: ls /dev/disk/by-uuid
[05:23] <GhostFreeman> a Linux LLVM part
[05:23] <cjs> GhostFreeman: Ah! You want to know the UUID of an existing partition! "blkid" is your very, very best friend, here.
[05:23] <GhostFreeman> what is an example command for blkid
[05:23] <GhostFreeman> the comments in fstab are very vague
[05:23] <cjs> "blkid". (As root, though.)
[05:24] <GhostFreeman> got it
[05:24] <amstan_> cjs: meh.. my way doesn't need root
[05:24] <cjs> amstan_: yes, but your way doesn't give the partition types as well.
[05:25] <amstan_> cjs: so.. what about google lying?
[05:25] <cjs> Oh, that was OpenDNS. Oops.
[05:25] <amstan_> google doesn't do the advertisment on nonexisting domains
[05:25] <Smooch> got disconnected :P
[05:25] <GhostFreeman> once I edit fstab, how can I reload it?
[05:25] <amstan_> GhostFreeman: mount -a
[05:26] <cjs> GhostFreeman: It's not continuously "loaded" by anything. The mount command (and various others, such as fsck) look up data in it when they start.
[05:26] <kokozedman> cjs: so, i'm good with Google's DNS then ;)
[05:26] <GhostFreeman> thanks everyone
[05:26] <amstan_> kokozedman: yes
[05:26] <cjs> GhostFreeman: If you want to mount the filesystem you just added, just type "mount /foo" or whatever its mount location is.
[05:26] <kokozedman> :D cool
[05:26] <cjs> kokozedman: I guess. I just reckon, why rely on yet another external service when it's trivial to do yourself.
[05:26] <amstan_> kokozedman: mount -a just reads the fstab and tries to mount anything not already mounted
[05:26] <Smooch> cfs great point
[05:27] <GhostFreeman> One last question: What's a good disk partition editor that's not complicated like parted?
[05:27] <Smooch> js sorry
[05:27] <Smooch> Gparted
[05:27] <cjs> Heck, I even run separate resolving servers on my virtual hosts, even though they could use the one on the host host.
[05:27] <amstan_> cjs: hosting dns will induce extra delays on dns lookups
[05:27] <cjs> amstan_: ?
[05:27] <GhostFreeman> ...that works in a shell
[05:27] <GhostFreeman> (so no gparted)
[05:27] <Smooch> fdisk
[05:28] <amstan_> cjs: well.. the local dns server will have to check the database, and if not there already check with the upper servers, why not just skip the local dns and make all comps use those external servers?
[05:28] <cjs> amstan_: you mean, resolving stuff yourself is slower than having someone else do it for you? Only if it's cached in theirs and not yours. If you both have it cached, using the local copy will be slightly faster.
[05:29] <cjs> It's also a security issue, of course. You have to trust Google quite a lot to use their DNS.
[05:29] <amstan_> but you have to trust someone either way
[05:29] <amstan_> local dns doesn't magically make you not need to ever trust another dns server
[05:29] <cjs> amstan_: Your characterization of a DNS lookup is not correct; walk through it slowly.
[05:30] <cjs> amstan_: And the issue is not that you have to trust someone, it's that you have to trust Google *as well as* anybody else you'd also have to trust.
[05:30] <amstan_> isn't a local dns server just a cache? so you have to tell that server to use another server to lookup the unknown domains?
[05:31] <cjs> It's a decision you have to make, of course. If typing "aptitude install bind9" is really that much work, or the result uses up too much disk space, or whatever, sure, go ahead. But you are certainly (if possibly only in a very tiny way) increasing your changes of DNS resolution failing and security problems.
[05:31] <cjs> Any resolving DNS server is just a cache. Google's is no different from yours (though they might be using something other than bind9).
[05:32] <amstan_> ok.. so knowing that, what dns resolver do you give to your local dns server?
[05:32] <cjs> But when you query their server on a.b.c.d rather than your own on 127.0.0.1, either way the server will go through the exact same process to resolve the name.
[05:32] <cjs> amstan_: There is no DNS resolver for your local server. That's the point. Your local server is the resolver.
[05:33] <cjs> It only ever asks for non-recursive answers, and follows the chain itself.
[05:33] <amstan_> cjs: but where does it get its info from?
[05:33] <kokozedman> cjs: how do i make the ntp (which is starting ntpd) service started on start-up?
[05:33] <kokozedman> sorry, i didn't mean to highlight cjs
[05:33] <kokozedman> :P
[05:33] <cjs> amstan_: how does it know the root servers? /etc/bind/db.root. It's a set of "well known" data.
[05:34] <cjs> kokozedman: If you just did standard apt-get of it, it should start itself. Check first for /etc/init.d/*ntp*, and then /etc/rc?.d/*ntp*
[05:34] <amstan_> kokozedman: according to http://www.howtoforge.org/perfect-server-ubuntu8.04-lts-p7 it's enough just to install it
[05:34] <kokozedman> amstan_: well, i think 10.0
[05:34] <amstan_> kokozedman: same thing for this particular thing
[05:34] <kokozedman> 10.04 have it installed by default
[05:34] <kokozedman> right?
[05:34] <amstan_> i don't think so
[05:35] <kokozedman> no way man! i have not installed that service on my own… but it's there
[05:35] <kokozedman> in all servers
[05:35] <kokozedman> i mean: /etc/init.d/ntp exists in all servers
[05:35] <amstan_> idk then, i did not say i'm certain
[05:36] <kokozedman> but here is what i noticed: when i start that service, i will not be able to run ntpdate
[05:36] <kokozedman> and thing is: i can run ntpdate freely on ALL servers
[05:36] <cjs> It depends on which flavour of server install, too. There's, e.g. "minimal" vs. regular, and minimal has that extra "Basic Ubuntu server" option in the package install screen in the installer which I don't know just what it does.
[05:37] <kokozedman> which means, they have not been run at start-up
[05:37] <cjs> kokozedman: Yes. You can run ntpdate with -d, to see the difference, but if you try to run it without that it tries to use the port that ntpd is already listening on.
[05:37] <kokozedman> cjs: it's the normal
[05:37] <cjs> And anyway, you always want to stop ntpd before running ntpdate, and start it again afterwards.
[05:37] <amstan_> yeah, i just tought to check an existing install @hypertriangle.com and i get  5 Jul 00:41:51 ntpdate[7191]: no servers can be used, exiting
[05:38] <Smooch> erm
[05:38] <kokozedman> cjs: exactly!! i did not have to stop ntpd and ntpdate worked well
[05:38] <cjs> Yes, but is ntpd still happy?
[05:38] <kokozedman> if ntpd is running, then i'll get something like:  5 Jul 09:38:50 ntpdate[12209]: the NTP socket is in use, exiting
[05:39] <kokozedman> what you mean?
[05:39] <cjs> And by how much did ntpdate adjust the time?
[05:39] <cjs> kokozedman: That message means that ntpdate didn't do anything.
[05:39] <kokozedman> the point i'm trying to proove is that ntpd is NOT start at boot time
[05:39] <cjs> Well, to prove that, reboot and then type "ntpdc -p".
[05:40] <kokozedman> otherwise the first time i tried ntpdate, i would get that error because ntpd is already running
[05:40] <cjs> Though I have six Ubuntu 10.04 servers here that say otherwise. :-)
[05:41] <kokozedman> i'll have to wait for tonight to reboot, because people are using the services :P
[05:41] <qman__> ntpdate does not work correctly, use ntpdate-debian
[05:41] <cjs> kokozedman: Oh, BTW, do you use etckeeper? If not, you really want to. You really, *really* want to if you might have to come back to the installation after someone else has been administering it for a while.
[05:41] <qman__> it's because of how the package is configured
[05:41] <cjs> kokozedman: Pffft. Users. Don't let such unimportant things get in the way of your work.
[05:42] <kokozedman> lol
[05:42] <qman__> kokozedman, ^
[05:43] <qman__> that problem stumped me at first as well
[05:43] <kokozedman> qman__: i'll try that… but please confirm: does ntpdate-debian run ON STARTUP?
[05:43] <qman__> ntpdate is present but will not work correctly, at all
[05:43] <qman__> ntpdate-debian runs periodically
[05:43] <qman__> it's in cron
[05:43] <kokozedman> qman__: thanks for confirming this problem
[05:44] <Smooch> :)
[05:44] <kokozedman> cool
[05:44] <qman__> I'm also fairly certain it runs post if-up
[05:44] <Smooch> you may see that i'm randomly doing emotions
[05:44] <Smooch> its so i don't get disconnected
[05:44] <qman__> so it would effectively run on startup
[05:44] <kokozedman> Smooch: lol… why the disconnection?
[05:45] <Smooch> kokozedman: irc servers auto disconnect idle connections some times
[05:45] <qman__> not this one
[05:45] <kokozedman> ??? not on mine
[05:45] <Smooch> ok
[05:45] <Smooch> also
[05:45] <kokozedman> to the errors i see, it is actually your connection which is closing
[05:45] <Smooch> does anyone know how to successfully setup a irc server with nickserv on ubuntu 10.04?
[05:46] <qman__> I have not done it myself
[05:46] <kokozedman> neither did i
[05:46] <Smooch> not sure if i should reinstall a vps with centos of ubuntu for this
[05:46] <kokozedman> why would you want to anyway?
[05:46] <qman__> I've heard that unrealircd is best, but I can neither confirm nor deny
[05:46] <Smooch> i need to create an irc channel for a commercial project
[05:46] <kokozedman> oh… i see
[05:47] <Smooch> gtg
[05:47] <qman__> about your disconnection issues
[05:47] <qman__> make sure your client is sane
[05:47] <qman__> mIRC has a habit of doing that, but I can see you're not using it
[05:47] <Smooch> collyquy mac
[05:47] <Smooch> colloquy
[05:48] <kokozedman> Smooch: running on ADSL?
[05:48] <kokozedman> i mean ADSL router?
[05:48] <Smooch> not right now
[05:48] <qman__> yeah, some ADSL routers like to disconnect you when idle
[05:48] <qman__> it's rather annoying, but usually configurable
[05:48] <kokozedman> disconnection also happens at the ISP side, they reset your IP at times
[05:48] <Smooch> normally cable router
[05:48] <kokozedman> when that happens, you get disconnected
[05:49] <kokozedman> i use an almost undisconnectible technique ;) :D
[05:50] <kokozedman> i run my own kind of TCP implementation… so i don't get disconnected ever, even if the ISP will do their stupid resets
[05:51] <kokozedman> qman__: what is the name of the packet again? i can't find ntpdate-debing
[05:51] <kokozedman> ntpdate-debian*
[05:51] <qman__> should be in your path, one moment
[05:51] <qman__>  /usr/sbin/ntpdate-debian
[05:51] <kokozedman> ??? who am i supposed to use that?
[05:52] <KurtKraut> Smooch, you won't face any diference in seting up a IRC server with Ubuntu or CentOS.
[05:52] <qman__> you just run it
[05:52] <qman__> and it updates your local time
[05:52] <chrismsnz> hey guys - anybody have any experience with running ipvs/keepalived on a recent version of ubuntu? I have reason to suspect that UFW is interfering with the operation of the load balancer
[05:52] <qman__> based on the settings you have configured
[05:52] <kokozedman> qman__: what about the cron? do i have to set that up manually?
[05:52] <qman__> no, it is configured out of the box
[05:53] <qman__>  /etc/cron.daily/ntp
[05:55] <kokozedman> qman__: here is my concerns: will it run again at startup? will it continue to run in the background or just one shoot?
[05:55] <qman__> it runs daily
[05:55] <qman__> whenever all your other daily tasks run
[05:55] <kokozedman> ok
[05:56] <qman__> it also runs whenever your interface goes up
[05:56] <qman__>  /etc/network/if-up.d/ntpdate
[06:00] <Smooch> Hi
[06:01] <kokozedman> lol
[06:01] <kokozedman> Smooch: there is a ptunnel program which you can use to avoid being disconnected too much
[06:02] <KurtKraut> Smooch, you won't face any diference in seting up a IRC server with Ubuntu or CentOS.
[06:02] <kokozedman> it is sending ICMP packets rather than TCP packets
[06:02] <Smooch> well
[06:02] <Smooch> rebuilding vps with ubuntu 9.04
[06:02] <kokozedman> and it doesn't care which IP or route or … you're sending the packets, as long as it arrives you're connected
[06:03] <Smooch> 10.04 = corrupted template
[06:03] <GhostFreeman> I forgot the command to generate the UUID for a partition
[06:03] <Smooch> going to use http://news.softpedia.com/news/Building-Your-Own-IRC-Server-With-Services-40772.shtml to setup the irc
[06:07] <Smooch> server.
[06:11] <Smooch> hi?
[06:17] <Smooch> ?
[06:37] <GhostFreeman> Should a newly-created linux partition have a lost+found directory in it?
[06:38] <lifeless> yes
[06:39] <GhostFreeman> oh
[06:42] <GhostFreeman> ok thanks
[07:52] <kaushal> Hi
[07:52] <kaushal> I am using pxe image to install ubuntu server on all the servers
[07:54] <ljungk> I'm trying to set up a mail server using postfix. my isp blocks port 25. will i still be able to make it recieve mail?
[07:54] <kaushal> the issue is that it installs a generic kernel
[07:55] <kaushal> I have both server kernel and generic kernel
[07:55] <kaushal> basically i need to install server kernel
[07:55] <kaushal> what changes i need to do on the pxe image to install server kernel ?
[07:59] <Snadder> Anyone know if its possible to add a machine with a diffrent processor to a UEC setup?
[08:02] <qman__> Snadder, UEC will run on pretty much any computer which has hardware virtualization
[08:03] <Snadder> qman__, but in normal virtualization.. you can't have one cluster with diffrent processor types..
[08:05] <qman__> Snadder, if by processor types, you mean x86 vs sparc vs mips vs alpha, then yes
[08:05] <qman__> but if by processor types you mean intel core 2 vs intel i7 vs AMD phenom, then no
[08:05] <Snadder> qman__, I mean.. if you upgrade to a faster x86 processor.. then you need to create a new cluster.
[08:05] <qman__> not with UEC
[08:06] <Snadder> qman__, NICE :-)
[08:06] <qman__> UEC is more similar to VMWare than it is to traditional clustering
[08:06] <qman__> the cloud bits are all handled in higher level software
[08:06] <qman__> as long as the hardware is fast enough and supports the right features, it will work
[08:07] <Snadder> qman__, how come really.. won't it be very ineffective to not run in instance directly on the hardware.. with a layer in between?
[08:07] <Snadder> an*
[08:07] <qman__> it does, using hardware virtualization features
[08:07] <qman__> it uses a common set of processor extensions
[08:08] <qman__> however, memory and addon device features are handled in software
[08:08] <qman__> so that, regardless of the actual hardware, your virtual environment is the same
[08:08] <Snadder> qman__, But if UEC runs on 2 diffrent x86 processors,  how is it then possible to move an instance from one type to another?
[08:09] <qman__> the instances do not make use of features that are not common across all supported hardware
[08:09] <Snadder> qman__, so it will be transparant to which type of processor it runs on?
[08:09] <Snadder> Cool.
[08:09] <qman__> yes
[08:10] <Snadder> qman__, is it any other large benefits of using UEC compeard to virtual private server setups?
[08:10] <qman__> UEC scales better
[08:11] <Snadder> explain.. in what way?
[08:11] <qman__> if you have lots of instances and lots of hardware, UEC can better manage what goes where
[08:11] <qman__> where with regular VPS, you must decide ahead of time how to divide your resources
[08:12] <Snadder> Ahh.
[08:12] <qman__> which is fine for a few servers, but gets very cumbersome with a large load
[08:12] <Snadder> How many servers do we need to get the benefits of UEC?
[08:13] <qman__> well, it's not really a strict number, but UEC also requires a controller machine
[08:13] <qman__> so you must evaluate for yourself
[08:13] <qman__> but if you've got more than ten servers and more than 100 regular instances, UEC is definitely worth trying
[08:14] <Snadder> We have app. 500 physical servers..
[08:14] <qman__> then it is definitely worth looking into
[08:14] <kaushal> qman__, hi
[08:14] <qman__> try setting up a lab environment
[08:14] <Snadder> But don't know how many of those we will virtualizing.
[08:15] <qman__> see if it performs to your needs
[08:15] <Snadder> qman__, is it possible to run UEC on hyper-v?
[08:15] <qman__> UEC itself must be run on physical hardware
[08:15] <qman__> because it makes use of the virtualization feature
[08:15] <lifeless> not true
[08:15] <lifeless> you can run it with qemu
[08:15] <lifeless> its obviously slower
[08:16] <qman__> really?
[08:16] <lifeless> see kirkland's demo image as an example of doing this
[08:16] <qman__> still, qemu is not anywhere near as fast as hardware virtualization
[08:16] <qman__> and won't give you a good idea of how it will perform
[08:16] <lifeless> of course
[08:16] <lifeless> it performs like kvm :)
[08:16] <lifeless> there really isn't any need to use UEC to assess *that* :P
[08:17] <Snadder> We have some old vmware clusters we can run it on also.. if thats better.
[08:17] <Snadder> Linux on hyper-v sucks..
[08:17] <qman__> vmware is a bit faster than qemu, but it's still not going to give you an accurate picture of the performance
[08:18] <qman__> however, it will give you an experience of how it behaves and how to use it
[08:18] <Snadder> Yeah.
[08:18] <lifeless> I believe there is a vmware backend, but we explicitly don't support it.
[08:19] <qman__> running virtual machines inside virtual machines is naturally inefficient and complex
[08:20] <Snadder> Ok.. I will try to get some hardware for it. :-)
[08:23] <Snadder> qman__, lifeless how much memory is required to run UEC?
[08:23] <lifeless> Snadder: a couple GB is best for the cloud controller
[08:24] <qman__> I wouldn't attempt with less than 1GB, but more is always better
[08:24] <lifeless> a hundred MB or so for the node controller on each node
[08:24] <Snadder> Is 4GB enouch to run all 3 machines to get UEC up?
[08:29] <rahman> Hi, I have a squid proxy running. When I do a "whatismyip.com" it says "Possible Proxy Detected: 1.1 apache:8888 (squid/2.7.STABLE6)". How can I prevent this? I want to make the proxy users to connect to internet with the proxy servers ip address. I don't want the squid to modify anything else in the http headers.
[08:29] <Snadder> I can alternative use two physical machines with 4gb memory each.. or is one machine enough?
[08:31] <lifeless> 2 is easiest
[08:31] <lifeless> I documented how to do it on one on the help.ubuntu.com wiki though
[08:31] <kim0_> rahman, google for X-Forwarded-for
[08:35] <kaushal> hi
[08:36] <kaushal> I am using ks.cfg http/tftpd/pxe server install Ubuntu 8.04 server over the network method
[08:36] <kaushal> the issue is that it installs generic-kernel instead of server kernel
[08:36] <kaushal> is there a way to fix it on the pxe image ?
[08:37] <kaushal> Please suggest
[08:40] <Snadder> lifeless, one psysical machine with Cloud controller.. another one with cluster controller and node controllers?
[08:40] <lifeless> one with cloud/cluster, one with node controller (== one node)
[08:40] <Snadder> Ah, ok.
[08:43] <kim0_> lifeless, I had tried the one node installation coz that's only what I have and it was failing at registration (on 10.10)
[08:43] <kim0_> lifeless, was there some known problem
[08:43] <lifeless> kim0_: did you see the docs on help.ubuntu.com ?
[08:44] <kim0_> I was following an extermal article
[08:44] <kim0_> don't think it was on the wiki
[08:45] <Snadder> lifeless, any docs you recommend to read before setting UEC up?
[08:46] <lifeless> https://help.ubuntu.com/community/UEC
[08:46] <Snadder> I got 2 psysical Opteron machines with 4gb memory each.
[08:46] <lifeless> kim0_: https://help.ubuntu.com/community/UEC/Topologies
[08:47] <kim0_> lifeless, thanks .. will give it another shot
[08:47] <lifeless> Snadder: https://help.ubuntu.com/community/UEC/PackageInstall also for you
[08:49] <Snadder> lifeless, I have debian already installed on theese machines.. can I fire up UEC without reinstalling?
[08:50] <Snadder> I guess not.
[08:51] <qman__> while I suppose it's theoretically possible, installing ubuntu will make things much, much simpler
[08:52] <Snadder> Yeah.. I'll do that.
[08:56] <rahman> kim0_: I am new to squid so I can be wrong but isn't "X-Forwarded-for" is to keep and use users real ip in the header instead of proxy servers ip?
[08:58] <kaushal> can someone please guide me about my post on https://lists.ubuntu.com/archives/ubuntu-server/2010-July/004402.html
[08:59] <kim0_> rahman, I'm no squid expert either .. you might wanna ask in #squid
[08:59] <rahman> kim0_: Ok, thanks
[08:59] <kim0_> rahman, in general .. I think you want to hide "Via, Forwarded, X-Forwarded-For and Client-ip headers" from your headers so the 2nd party doesn't know there's a proxy
[09:03] <Snadder> lifeless, qman__ I only have 2x40gb scsi disks in each machine.. do you think its possible to run it in two partitions with those?
[09:04] <lifeless> easy as
[09:04] <lifeless> you can get by with a 2GB flash drive if you have too :)
[09:04] <lifeless> (Don't try though - use the 40GB :)
[09:04] <Snadder> lifeless, here it says 40gb is minimum.. but 200gb is sugested: https://help.ubuntu.com/community/UEC/PackageInstall
[09:05] <lifeless> 'meh'
[09:05] <lifeless> for a test environment - you will be fine
[09:05] <lifeless> theres lots of caching can happen
[09:05] <Snadder> Ok.
[09:06] <Snadder> lifeless, so there is no point puttin in two 40gb in both machiines?
[09:07] <huats> morning
[09:41] <kaushal> checking in again for my query ?
[09:44] <kaushal> can someone please guide me about my post on https://lists.ubuntu.com/archives/ubuntu-server/2010-July/004402.html
[09:55] <DizzyDoo> Quick question from a Ubuntu Server newbie, how do I change my networking settings from using eth0 to eth1?
[09:56] <kim0> DizzyDoo, /etc/network/interfaces ?!
[09:56] <qman__> DizzyDoo, change in /etc/network/interfaces
[09:56] <DizzyDoo> Right, I did that, apparently that's not the problem I have. I'll go troubleshoot some more as to why I'm not getting a connection
[09:56] <qman__> if your question is how to change eth1 to eth0, it's in /etc/udev/rules.d/70-persistent-net.rules
[10:07] <Gorlist> hi, quick question. I want to secure my tmp and var/tmp directorys. Is using a loopback just as good as making a new partition?
[10:10] <Snadder> qman__, lifeless : do you know if iscsi is supported with UEC?
[10:10] <lifeless> should be
[10:46] <naftilos76> hi guys, i just need to confirm with you whether the cookies or the server-side sessions way is the most secure way to maintain on a website. I have read in the net but i am a little bit confused. Can you advise?
[10:47] <RoyK> Gorlist: should work well
[10:47] <Gorlist>  ;) okay
[10:47] <RoyK> Gorlist: you can use the same filesystem for both
[10:48] <Gorlist> would that cause problems with plesk control panel?
[10:48] <Gorlist> also ive made is 1 gig, big enough?
[10:49] <RoyK> that depends on how much writing there is to /tmp
[10:49] <RoyK> plesk?
[10:49] <RoyK> ubottu: plesk?
[10:50] <Gorlist> plesk control panel
[10:50] <Gorlist> I might make two file systems
[10:50] <Gorlist> just on the safe side
[10:53] <RoyK> Gorlist: 1 gig might be on the low side - anyway, use something like nagios to monitor the filesystems
[10:53] <Gorlist> if I increase the size, what should i have for the count e.g. "bs=1024 count=1000000"
[10:54] <Gorlist> so say for 2 gig, do I just double the count?
[10:57] <Gorlist> i understand
[10:57] <Gorlist> confusing my self, bs is byte size and the count is the total size
[11:06] <cjs> Damn I am just having the worst week ever. Another system falling to pieces.
[11:06] <cjs> How do I fsck a filesystem that starts 2048*512 bytes into the block device on which it resides?
[11:07] <lifeless> loopback
[11:07] <Smooch> Hey
[11:08] <Smooch> i'm having a problem setting up unrealircd and anope services on ubuntu 9.04
[11:08] <cjs> losetup -v -o $((2048*512)) /dev/mapper/prod
[11:08] <cjs> loop: can't get info on device /dev/mapper/prod: Inappropriate ioctl for device
[11:08] <cjs> It's a block device that was created by cryptsetup.
[11:08] <Smooch> lost connection
[11:08] <Smooch> sorry if someone said something before
[11:10] <cjs> lifeless: any thoughts? I have no idea why it's refusing to "mount" it.
[11:11] <RoyK> Gorlist: to make 2GB files, bs=1M count=1k
[11:11] <RoyK> erm
[11:11] <RoyK> Gorlist: to make 2GB files, bs=1M count=2k
[11:11] <cjs> Or I'm open to ways of convincing the VM using it to give me a command line of any sort, rather than refusing all input after telling me that fsck failed on boot.
[11:11] <tola> Hi, I started up my Ubuntu Enterprise Cloud environment this morning which was working OK last week. Now every time I start an instance they stay "pending" for a long time and then immediately terminate. The only errors I can see in the eucalyptus logs are "shawn(): network state maintainance failed" and "vnetAttachTunnels(): bad input params". Can anyone suggest where I should start to diagnose this problem?
[11:12] <RoyK> cjs: cryptsetup? you mean it's encrypted?
[11:12] <lifeless> cjs: break=top
[11:12] <lifeless> cjs: or whatever - see the debugging boot wiki pages
[11:12] <tola> cancel that, I fixed it by restarting the cluster controller with clean=1
[11:13] <Gorlist> ive made it 20GB
[11:13] <cjs> RoyK: the partition underlying /dev/mapper/prod is encrypted. /dev/mapper/prod is the decrypted version.
[11:13] <Gorlist> might seem excessive but never know on backups etc
[11:13] <cjs> lifeless: Oh, sorry, you didn't see about my earlier issue. How do I get a grub menu? Holding down shift doesn't seem to work.
[11:13] <lifeless> its a vm
[11:14] <lifeless> set the parameters in the config file
[11:15] <cjs> lifeless: Ah! Where is this config file? Under /etc/libvirt?
[11:15] <cjs> Or are you talking about the grub menu file in the VM's partition?
[11:15] <Snadder> Does UEC support IBM svc san controll?
[11:16] <lifeless> cjs: somewhere
[11:16] <lifeless> Snadder: if kvm does
[11:16] <cjs> lifeless: Is it a grub config option or a kvm config option?
[11:16] <lifeless> kvm, the kernel is booted outside the vm
[11:16] <lifeless> kindof
[11:17] <cjs> Well, that would explain my issues!
[11:18] <RoyK> cjs: ah
[11:18] <RoyK> cjs: do you have space somewhere to take a dump of /dev/mapper/prod ?
[11:19] <cjs> lifeless: Hm. Are you sure it's booted outside of kvm? I don't see anything in the libvirt config that looks like anything diskwise, except the one raw partition it uses as the HDD.
[11:19] <RoyK> if /dev/mapper doesn't support that ioctl call, moving the data out might be a way to go
[11:19] <lifeless> pretty sure. IMBW
[11:19] <Snadder> lifeless, is it possible to run UEC instances over nfs from another machine?
[11:19] <cjs> RoyK: I think so, and I've already started a dump of that. If it doesn't fill up my entire disk, it should be done in a couple of hours. Then an fsck, then a couple of hours to copy back....
[11:20] <lifeless> Snadder: ?! no idea.
[11:21] <Snadder> lifeless, since I might not be able to get the ibm san working.. then I will be abit short with disk.
[11:21] <lifeless> Snadder: you have 80g to work with, thats _tonnes_
[11:21] <lifeless> to play with
[11:21] <Snadder> ok
[11:21] <lifeless> its really really important to plahy with it
[11:21] <lifeless> get a feel for it.
[11:21] <lifeless> *then* do planning.
[11:22] <lifeless> you can't reason about how to deploy it until you feel how it works.
[11:22] <Snadder> OK :-D
[11:23] <Snadder> lifeless, reading a pdf named "ubuntu enteprise cloud architecture" from august 2009.. about how it all works.. should I maybe be reading the ubuntu.com links you gave me earlier instead.?
[11:23] <lifeless> I think you should install it
[11:23] <lifeless> and play :)
[11:24] <Snadder> Ok.. I will do reading today.. installing tomorrow.
[11:24] <Snadder> have booked 3 hours at the datacenter tomorrow..
[11:29] <tola> Why does a eucalyptus instance set to 5GB capacity in the Ubuntu Enterprise Cloud web UI only have a 1.4GB root partition and then 3GB mounted to /mnt?
[11:37] <RoyK> tola: perhaps asking on #ubuntu-virt may give you better answers
[11:40] <tola> RoyK: thanks
[11:47] <cjs> Boy, that was silly. It just wasn't clear from the help text that losetup *must* be provided with either a -f option or a loop device.
[11:48] <cjs> Well, the error message didn't exactly help, there.
[12:04] <blackthor> greetings.  is there anyone that could confirm that 10.04 LTS is running fine HP ML 150 G6 ?  on the HP partner page of canonical there is only info about 9.04 LTS  and the 150G6 isn't on it :(
[12:27] <kaushal> Hi
[12:27] <kaushal> is there a way to create Netboot images ?
[12:39] <kaushal> I got a reply from https://lists.ubuntu.com/archives/ubuntu-server/2010-July/004402.html
[12:40] <kaushal> How can i integrate the server kernel into the PXE Netboot image
[12:40] <kaushal> can some one please guide me
[12:40] <TREllis> kaushal: here's a good guide, http://www.ubuntu.com/system/files/u1/AutomatedDeploymentsWP-20090126.pdf
[12:41] <kaushal> TREllis, Thanks
[12:42] <kaushal> I have a working setup already in place
[12:43] <kaushal> the issue is that it by defaults installs generic kernel and not server kernel
[12:47] <TREllis> kaushal: are you using a kickstart file or preseed file?
[12:47] <kaushal> ks.cfg
[12:48] <kaushal> yeah kickstart file
[12:48] <TREllis> kaushal: right, not sure for the solution if using kickstart. I would myself use preseed as it's the native way provide answers to the debian installer
[12:49] <TREllis> and the second mail on that thread gave you the answer, "d-i base-installer/kernel/override-image string linux-server", if using preseed you need to include that line in the file
[12:50] <kaushal> TREllis, i totally agree
[12:50] <kaushal> but i dont use preseed method
[12:51] <kaushal> can i customize the Netboot image ?
[12:52] <TREllis> it sounds like you do not really want to "customize the netboot image"
[12:52] <TREllis> it sounds like you are doing network installs and just want the correct kernel installed?
[12:53] <kaushal> ok
[12:53] <kaushal> yes
[12:55] <kaushal> TREllis, is that possible ?
[12:55] <TREllis> kaushal: not sure sorry, I would go straight for a preseed file and not a kickstart, then you can use the d-i option above
[12:57] <kaushal> TREllis, ok. where can i seek help for my use case ?
[13:03] <zul> morning
[13:22] <skaag> I upgraded an ubuntu 10.04 server which has a really small /boot/ partition (only 46mb :-( ), and it has failed to boot
[13:22] <skaag> now support have booted a microknoppix and I have mounted the original drive
[13:22] <skaag> and I'm trying to find out why it failed the boot process
[13:23] <skaag> I just upgraded from 2.6.32-22 to 2.6.32-23
[13:23] <skaag> 2.6.32-22 worked fine
[13:24] <pmatulis> skaag: try removing the old kernel to make space after booting with a ubuntu rescue cd (live or alternate)
[13:24] <skaag> I removed and now all I have are those files:
[13:25] <skaag> actually I don't want to list them here, too long, don't want to spam the channel
[13:25] <pmatulis> skaag: how did you remove?
[13:25] <skaag> I erased the files in /boot/ and updated menu.lst
[13:25] <pmatulis> skaag: bad boy
[13:25] <skaag> :-)
[13:26] <pmatulis> skaag: you should always use apt to manage packages
[13:27] <pmatulis> skaag: pastebin the contents of /boot
[13:27] <pmatulis> !pastebin
[13:28] <skaag> http://paste.ubuntu.com/459447/
[13:28] <skaag> pmatulis: I did upgrade the kernel with apt
[13:29] <skaag> the thing is that because the /boot/ partition is so limited in size, for historical reasons, I mount --bind /boot to /boot.tmp
[13:29] <skaag> I then do the upgrade
[13:29] <skaag> and I then move files manually back to the real /boot/
[13:29] <skaag> quite unfortunate, that I have to do this for every kernel upgrade
[13:29] <pmatulis> skaag: geez, and why /boot so small?
[13:29] <skaag> that's how that hosting company set it up for me :-(
[13:29] <skaag> they claim they usually make it 100mb
[13:29] <pmatulis> skaag: i would re-install if possible
[13:30] <skaag> I'm going to abandon that server by end of this month
[13:30] <skaag> but until then I must regain access to it for a little while
[13:30] <skaag> just want to make sure it can boot again
[13:30] <pmatulis> skaag: i now never use /boot less that 512 MB, got tripped up when using 256
[13:31] <skaag> yes I know, I actually allot 1gb for my /boot/ partitions, just to be safe, and space is so ample... why not... :)
[13:31] <pmatulis> skaag: 'xactly
[13:31] <skaag> kernels are just growing in size..
[13:32] <skaag> I've also just updated grub:
[13:32] <skaag> http://paste.ubuntu.com/459448/
[13:32] <skaag> I've mapped /dev and /proc properly, mapped /dev/sda1 to /media/sda3/boot/ and chrooted to /media/sda3 (root), so it's like i'm in my real ubuntu install
[13:32] <skaag> so apt, grub, and all the utilities work like before
[13:33] <pmatulis> skaag: great
[13:33] <skaag> grub is installed on /dev/sda1, still, so I believe I don't need to reinstall grub itself to the boot sector...
[13:33] <skaag> /dev/sda1 = /boot and /dev/sda3 = /
[13:33] <pmatulis> skaag: how much room in /boot now?
[13:33] <skaag> what would you recommend I verify now, before I reboot? :)
[13:34] <skaag> /dev/sda1              46M   32M   12M  74% /media/sda3/boot
[13:34] <skaag> 12mb free
[13:34] <skaag> because there's just 2 kernels in there
[13:36] <pmatulis> skaag: i guess reboot and see
[13:37] <skaag> is there some magic I can do in grub to allow me to automatically regain access to the machine?
[13:38] <pmatulis> skaag: how can you access a machine remotely that is not booted?
[13:38] <skaag> I ask the support over there, and afer a very long time, they boot microknoppix for me ;-)
[13:39] <skaag> I just wondered if there's something I can do such that if grub fails booting, it will enter some special mode where I can telnet into it
[13:39] <pmatulis> skaag: no
[13:40] <skaag> ok then
[13:40] <pmatulis> skaag: this is where IPMI/DRAC/KVM comes in
[13:40] <skaag> I'll just reboot and pray
[13:40] <skaag> yah, I need to find a good US hoster with IPMI/KVM such as I have in europe
[13:40] <skaag> with that, I don't need support at all, I just fix everything myself...
[13:40] <pmatulis> skaag: yeah
[13:41] <pmatulis> skaag: you can always reinstall a specific kernel
[13:41] <skaag> maybe I should do that
[13:41] <skaag> before I reboot
[13:41] <skaag> just to be sure
[13:41] <pmatulis> skaag: (meaning the latest one)
[13:42] <skaag> how do I do this for 10.04
[13:42] <skaag> latest kernel
[13:42] <skaag> apt-get install --reinstall linux-image-2.6.32-23-generic-pae?
[13:43] <bogeyd6> How can I find who built a particular package?
[13:43] <pmatulis> skaag: linux-image should be enough but your command should hurt
[13:43] <pmatulis> should not hurt
[13:43] <skaag> bogeyd6: apt-cache show joe
[13:43] <skaag> ok
[13:45] <bogeyd6> hmm just says ubuntu developers as the maintainer
[13:46] <skaag> bogeyd6: hich package?
[13:46] <skaag> which
[13:46] <bogeyd6> zoneminder
[13:46] <bogeyd6> someone built it with a static control script
[13:46] <skaag> this is what I get:
[13:46] <skaag> Maintainer: Ubuntu MOTU Developers <ubuntu-motu@lists.ubuntu.com>
[13:46] <skaag> Original-Maintainer: Peter Howard <pjh@northern-ridge.com.au>
[13:47] <skaag> when I do apt-cache show zoneminder
[13:47] <skaag> at the top
[13:47] <skaag> you must be seeing this as well?
[13:47] <skaag> ok rebooting...
[13:48]  * skaag prays to the universe
[13:49] <pmatulis> skaag: did the re-install do anything at all?
[13:49] <skaag> it reinstalled, ran update-initramfs, depmod, etc. all the usuall stuff.
[13:49] <skaag> and grub-update
[13:49] <skaag> it looked good, and produced no errors or warnings.
[13:49] <skaag> so I'm hopeful...
[13:49] <pmatulis> skaag: yes, sounds good
[13:49] <skaag> waiting for machine to become available again
[13:50] <pmatulis> skaag: 32-bit right?
[13:50] <skaag> yes.
[13:50] <skaag> old machine...
[13:53] <skaag> ok still won't boot into the OS
[13:53] <pmatulis> bogeyd6: check the changelog on packages.ubuntu.com or download the source package
[13:53] <skaag> I don't know why, can't see the screen
[13:55] <pmatulis> skaag: could be another problem then, access again and *remove that kernel
[13:55] <bogeyd6> pmatulis, unfortunately that wont fix the bugs for everyone else. im ironing them out right now
[13:55] <pmatulis> bogeyd6: your question was how to determine the packager
[13:56] <bogeyd6> pmatulis, yeah, that didnt change, and i havent asked another question since.
[13:57] <pmatulis> bogeyd6: so your question is therefore answered
 bogeyd6: check the changelog on packages.ubuntu.com or download the source package   << assumed the download source package comment was meant to help fix my problem, not the developer
[14:06] <trapmax> root-account login not working from direct console access.
[14:08] <pmatulis> ok
[14:08] <skaag> pmatulis: yah, and just go back to -22 yah?
[14:08] <skaag> from -23
[14:09] <pmatulis> skaag: if that's what was working before, yes
[14:09] <pmatulis> skaag: were any other packages recently updated?
[14:10] <skaag> nope
[14:10] <skaag> not that I know of
[14:47] <Mateo_> Hi everyone !!
[14:47] <Mateo_> i have a problem with my vhosts ... i have added a conf file in site-available, i've made a a2ensite myconf  , but the domain direct me to another directory (fromanother site conf)
[14:48] <reisi> any ideas on how to pam_unix.so actual log something with the debug option?
[14:49] <reisi> we have a "small problem" of not getting su or logging as root in login working; it always results as Authentication failure. (as we really rarely need this it might had been broken during 8.04 -> 10.04 upgrade)
[14:50] <Mateo_> reisi: i don't think you can use su with the last version of ubuntu
[14:50] <Mateo_> i don't know if i'm right but you have to use sudo
[14:51] <reisi> Mateo_: at least the documentation only specifies that only disabling action is not to set the passwd, and we have set the password
[14:51] <reisi> sudo is not an option as we have to refactor the system file structure
[14:51] <Mateo_> ok
[14:53] <bogeyd6> you can use su
[14:54] <bogeyd6> you just simple "sudo su" and it will su the root user
[14:54] <bogeyd6> however
[14:54] <bogeyd6> !noroot reisi
[14:54] <reisi> bogeyd6: but the user will still be logged as we transfer his/her home dir
[14:54] <bogeyd6> !noroot | reisi
[14:54] <reisi> !wfm'
[14:54] <reisi> !wfm
[14:54] <reisi> !root
[14:55] <bogeyd6> reisi, you just "sudo su" and type in your password
[14:56] <reisi> bogeyd6: wont it be a problem that i'm going to mount my home dir from another disk while running the root shell?
[14:56] <bogeyd6> only in that all the files you create are owned by root
[14:56] <bogeyd6> you can chown -R user /home/folder
[14:57] <reisi> hmm i'm not sure you are getting my point; we are going to MOVE /home from the current filesystem of / (root) to a new LV and mount the new LV as the /home
[14:57] <bogeyd6> i think you are right
[14:58] <bogeyd6> cuz to me i thought "i wanna copy everything from one directory to another"
[14:58] <Mateo_> rhaaaa i really don't understand why it keep on direccting me to another directory ...
[14:59] <reisi> not to cause any problems with, well anything i'm not aware i'd like to login as root (whose home is at /root, not under /home which we are moving)
[14:59] <bogeyd6> reisi, see and i would say you just copy /home/ and not worry about using the ~
[15:00] <bogeyd6> ala cp -R /home/ to /some/device/
[15:01] <bogeyd6> then mount /some/device /home
[15:01] <reisi> never do that with -R; always use -a; otherwise you'll lose all timestamps, owners, groups and rights
[15:01] <bogeyd6> right right, sorry
[15:02] <reisi> strange, now that i changed "auth required pam_unix.so debug use_first_pass" to "auth requisite ..." with a pam_deny.so as the last entry it works
[15:04] <p1l0t> Why does changing /etc/network/interfaces have no effect on my network settings? I do not have NM installed
[15:04] <p1l0t> Lucid 10.04 LTS server
[15:05] <pmatulis> p1l0t: restart networking?
[15:06] <p1l0t> It says failed to bring up eth0
[15:06] <RoyK> p1l0t: pastebin it
[15:07] <RoyK> !pastebin
[15:07] <p1l0t> Wish I could, but the server is not online
[15:07] <giovani> serial console / ipmi
[15:07] <RoyK> what is the exact error message?
[15:07] <RoyK> giovani++
[15:07] <p1l0t> Failed to bring up eth0
[15:08] <RoyK> are you logged in?
[15:08] <RoyK> if so, type 'ifconfig -a' to see what it says
[15:09] <p1l0t> It shows eth0 being up with settings that are different from /etc/network/interfaces
[15:09] <p1l0t> this is whats strange it seems editing interfaces has no effect
[15:09] <giovani> p1l0t: ok, so, set the interface manually for now
[15:09] <giovani> to get the machine online
[15:09] <giovani> then we'll troubleshoot further
[15:09] <pmatulis> p1l0t: using the old init script should work
[15:09] <giovani> 'sudo ifconfig eth0 1.1.1.1 netmask 255.255.255.0'
[15:10] <giovani> 'sudo route add default gw 2.2.2.2'
[15:10] <giovani> replace 1.1.1.1 with your server's IP, 2.2.2.2 with the router/gateway, and change the netmask if required
[15:12] <p1l0t> I have done that and now I can see my web page online, lol - but I can't access the internet from it...
[15:12] <p1l0t> ping says network unreachable but yet derek.doesntexist.org:1013 will probably show you a picture of me departing from Block Island
[15:12] <giovani> I'm betting you can, but you haven't set DNS
[15:13] <giovani> so you can't resolve anything
[15:13] <giovani> 'sudo nano /etc/resolv.conf' and add your nameservers if you want -- but we'll get this fixed anyway -- it's just temporary
[15:14] <p1l0t> resolv.conf seems to be set properly
[15:14] <giovani> and no -- your server isn't available to the internet
[15:15] <p1l0t> Oh maybe I only see it on the local network
[15:15] <giovani> so if you do a 'ping 8.8.8.8'
[15:15] <giovani> does that work?
[15:16] <p1l0t> try http://derek.selfip.net it works for me but maybe because I am on the local network with my netbook
[15:16] <p1l0t> ping -c 1 8.8.8.8 says network unreachable
[15:16] <giovani> you added the gateway?
[15:17] <p1l0t> ummm lol maybe not
[15:17] <p1l0t> ifconfig doesn't show anyway gateway info
[15:17] <giovani> I can't help you if you're not following directions
[15:17] <giovani> 10:10 < giovani> 'sudo route add default gw 2.2.2.2'
[15:18] <p1l0t> ok I can ping google public dns now
[15:19] <giovani> ok, so now your server is accessible
[15:19] <giovani> so ssh into it
[15:19] <giovani> and pastebin /etc/network/interfaces
[15:19] <p1l0t> ok
[15:21] <p1l0t> installing openssh-server give me one sec
[15:23] <p1l0t> http://pastebin.com/W2YXuxRZ
[15:25] <giovani> p1l0t: invalid syntax
[15:25] <giovani> who gave you this format?
[15:26] <kaushal> hi again
[15:26] <p1l0t> where did my syntax go wrong?
[15:26] <giovani> hwaddress
[15:26] <giovani> requires "ether" after it
[15:26] <p1l0t> hwaddr?
[15:26] <p1l0t> oh
[15:27] <giovani> but it's unecessary if you only have one interface
[15:27] <giovani> it's only used to differentiate multiple nics
[15:27] <p1l0t> I do have two physical cards
[15:27] <giovani> so the line should read "hwaddress ether 00:0e:e8:e3:a9:fe"
[15:27] <giovani> ok
[15:27] <p1l0t> ok
[15:29] <p1l0t> perfect
[15:29] <p1l0t> giovani = you are WIN
[15:29] <p1l0t> Thank You
[15:42] <RoyK> p1l0t: why do you want to override the mac address?
[15:44] <p1l0t> I just wanted to make sure it doesn't read the wrong network card
[15:46] <RoyK> p1l0t: overriding the mac address won't help you there
[15:47] <RoyK> see /etc/udev/rules.d/70-persistent-net.rules for the device mappings
[15:47] <p1l0t> :) oh thanks wilco
[15:50] <RoyK> basically, you never want to override the mac address unless you're doing something special
[15:50] <RoyK> setting the mac address in /etc/network/interfaces, will only override the mac address of the given interface defined in udev
[15:52] <p1l0t> I'm not doing anything that special just yet ;)
[15:54] <RoyK> overriding the mac address is nice if you want to spoof a switch into hub mode :)
[15:54] <RoyK> but then, you rarely want to do that
[15:57] <p1l0t> Right now I am failing at trying to use my server as a proxy. (Most FBO's at local airports have free wifi but filter anything worth looking at.) I tried ssh -C -D 9999 me@mydomain but then when I set firefox to 127.0.0.1:9999 it says its refusing the connection
[16:01] <p1l0t> oh maybe my router needs the port forwarded...
[16:03] <p1l0t> nopes
[16:15] <p1l0t> must be something I need to allow from the server side...
[16:21] <RoyK> p1l0t: try -L
[16:21] <RoyK> p1l0t: no, your router won't need anything
[16:22] <RoyK> ssh -C -L 9999:localhost:9999 you@yourbox
[16:22] <RoyK> or
[16:23] <RoyK> ssh -C -f -n -N -L 9999:localhost:9999 you@yourbox
[16:23] <RoyK> that implies taht yourbox listens to port 9999
[16:24] <p1l0t> Makes more sense let me try that
[16:25] <Daviey> hmm
[16:26] <Daviey> p1l0t, Sounds like what you really want is a socks proxy..  ssh -D9999 user@domain.com
[16:26] <Daviey> p1l0t, then you can set the proxy type as socks in firefox, as "localhost" and port 9999
[16:28] <p1l0t> oh no space after -D
[16:31] <p1l0t> Thats odd, now it stopped saying conection refused but all I get is a blank white page no matter what address I type in
[16:31] <p1l0t> I am connected via SSH
[16:35] <RoyK> I don't think spaces will matter
[16:36] <p1l0t> No its not the spaces, but now it stopped saying connection refused but I just get a blank white page no matter what address I put in
[16:37] <p1l0t> and firefox says done at the bottom too
[16:37] <RoyK> is it squid running on that server or what is it?
[16:37] <p1l0t> I don't even know what squid is
[16:38] <RoyK> oh :)
[16:38] <RoyK> what sort of proxy is it?
[16:38] <p1l0t> ssh
[16:40] <RoyK> erm - what do you proxy on the server?
[16:41] <p1l0t> I'm trying to access the internet with firefox on my netbook via a ssh connection to my home server
[16:42] <p1l0t> or I should say surf web pages via my home server
[16:42] <RoyK> and what software are you using on your home server to do the proxying?
[16:42] <p1l0t> I was trying to use ssh as a SOCKS proxy
[16:42] <p1l0t> openssh-server
[16:42] <RoyK> it's easier with squid
[16:42] <RoyK> apt-get install squid
[16:42] <RoyK> on the home server
[16:42] <Daviey> p1l0t, Hmm.. Are dns lookups working for you?
[16:43] <RoyK> ssh -C -f -n -N -L 9999:localhost:3128 you@yourbox
[16:43] <Daviey> RoyK, Please don't confused the matter atm.. i really don't think he needs squid for this.
[16:43] <RoyK> ok
[16:43] <RoyK> Daviey: are you p1l0t ?
[16:44] <Daviey> RoyK, huh?
[16:44] <RoyK> Daviey: does he have a socks proxy on that host?
[16:45] <Daviey> RoyK, Sorry.. you are confusing?  I'm not sure what you mean
[16:46] <RoyK> Daviey: p1l0t asked about using an ssh tunnel to another box for proxying - afaik you need a proxy server on the destination box to do this
[16:46] <Daviey> RoyK, no.. this is one of the magical freebies you get with sshd
[16:47] <Daviey> RoyK,  ssh on it's own can act as a socks5 proxy
[16:47]  * RoyK checks
[16:53] <RoyK> tried with firefox, and no data
[16:53] <RoyK> just empty page
[16:56] <RoyK> Daviey: the ssh docs are clear, that yes, it should work as a socks proxy, but it doesn't work
[17:01] <Daviey> RoyK: I use it daily.. with a default install of ubuntu server, it does.
[17:02] <RoyK> I tried with firefox, and it didn't work too well
[17:02] <p1l0t> I lost my wireless for a bit
[17:03] <p1l0t> Today is full of fail for me
[17:03] <RoyK> p1l0t: try with -D - if it works, use it, if not, install squid and use -L
[17:03] <Daviey> RoyK: Okay, i've just tried it on a fresh install of ubuntu desktop with firefox, and a lucid and maverick server.. it works.
[17:04] <Daviey> RoyK: If it's not working, then someone has changed a setting on the server, or you are doing it wrong.
[17:04] <RoyK> Daviey: the server is unchanged - basic ssh install - my current client is OS X with openssh5.2p1
[17:04] <RoyK> server is lucid
[17:05] <p1l0t> -D stops it from saying connection refused but any web page loads up as blank and says done - I will have to try squid
[17:05] <Gorlist> I found out how my server was comperised, it was via the tmp directorys. Ive done a reinstall and they've just dumped aload of files back in their, however tmp is set to nonexcute etc
[17:05] <Daviey> RoyK: i recently used it in safari on osx.. that worked
[17:05] <Daviey> p1l0t: what did you put as proxy settings?
[17:05] <Gorlist> how could I back track to find whos doing this, and block their ips - and on top of that make sure that these scripts arin't being run?
[17:06] <p1l0t> Daviey: 127.0.0.1:9999
[17:06] <Daviey> Gorlist: Finding out who is doing it, is not a good way.. you really need to find out how they are getting in.. Is it a webserver?
[17:07] <Gorlist> yes
[17:07] <Gorlist> fresh install this morning
[17:07] <Gorlist> and somehow their accessing the tmp /var/tmp and possible dev/shm (which ive yet to secure
[17:08] <Daviey> Gorlist: check your auth.log to see if it is ssh
[17:08] <Gorlist> rgr
[17:11] <Daviey> p1l0t, What boxes in the firefox proxy settings are you putthing them in?
[17:11] <p1l0t> all of them
[17:11] <RoyK> Daviey: worked with safari, and firefox too, after some fiddling
[17:12] <Daviey> p1l0t, erm.. not quite what you want
[17:12] <Daviey> p1l0t, Only fill the SOCKS box
[17:12] <p1l0t> ok I checked the use this for all box I'll fix that
[17:13] <p1l0t> Daviey: WIN
[17:13] <p1l0t> Thank you
[17:15] <Daviey> p1l0t, super!
[17:15] <Daviey> p1l0t, Keep in mind that you'll be doing DNS lookups locally, rather than over the proxy
[17:15] <Gorlist> nothing in the auth.log apart from someone hammering the ftp
[17:16] <Gorlist> better check my fail2ban qucikly
[17:16] <Daviey> p1l0t,  firefox can be configured to do DNS lookups over the SOCKS5 proxy, if that is what you want.
[17:17] <Daviey> Gorlist, last <-- will give you a list the last few shell logins.. should be an indicator.
[17:17] <Daviey> Gorlist, What services are you running..  I now know you are running an ftp service.
[17:18] <Gorlist> plesk, so that includes apache, mysql, qmail etc
[17:19] <Daviey> Gorlist, Hmm.. i assume that is plesk shipped binaries of services, not ones from the ubuntu repo?
[17:19] <Gorlist> test     ftpd5148     79.172.195.193   Mon Jul  5 10:14 - 10:14  (00:00)
[17:19] <Gorlist> yes,
[17:19] <p1l0t> Daviey: I do want
[17:19] <Gorlist> right thats in "last"
[17:19] <Gorlist> that is unknown
[17:19] <Daviey> Gorlist, In that case.. i can't really help..  firstly you need to make sure the services that are being ran are up to date on security issues
[17:20] <Daviey> <--- not a fan of plesk
[17:20] <Gorlist> np, thanks. Well im doing the best I can but I cannot figure out how their doing it....
[17:21] <Daviey> Gorlist, Hmm.. My first thought is possibly weak ssh password or a php based webservice.
[17:22] <Daviey> Gorlist, Actually rule out ssh, as i doubt they'd be using /tmp
[17:22]  * Daviey goes back to thinking http
[17:22] <Daviey> Gorlist, the files in /tmp, who are they owned by... $ ls -l /tmp
[17:23] <Daviey> Gorlist, you should see: -rw------- 1 www-data www-data 343 2010-07-05 11:12 somefile... for example
[17:24] <Gorlist> good idea
[17:27] <Gorlist> Daviey, -rw-r--r-- 1 www-data www-data 95493 2010-07-02 15:59 scan.txt
[17:27] <Daviey> Gorlist, Yep.. that confirms it's an attack through one of your webservices
[17:27] <Daviey> Gorlist, http...
[17:27] <p1l0t> ok so now firefox wants to know what program I want to use to open a .php file....
[17:28] <Gorlist> right
[17:28] <Daviey> p1l0t, use vim.. everyone seems to love that :)
[17:28] <Daviey> p1l0t, clear your browser cache and restart it.
[17:28] <Daviey> p1l0t, Is this for every php based site, or one of your own servers?
[17:29] <Daviey> Gorlist, Are you *just* running plesk.. or any websites?
[17:29] <Gorlist> plesk + hosted domains
[17:29] <Gorlist> compermised domain do you think?
[17:29] <Gorlist> because just looking through the ftp logs one of the clients had a breached subdomain login after many attempts
[17:30] <p1l0t> Daviey: sites that I have been using recently haven't tried any others
[17:30] <Daviey> Gorlist, Almost certainly either a rouge php script, a vulnerability in the scripting (ie, injection) or a generic webservice with a major vulnerbility
[17:31] <Daviey> Gorlist, If the FTP service has been compromised, it's easy enough for someone to then upload a php file with bad stuff in it - then execute it.
[17:32] <p1l0t> Daviey: it only does it when I am using SSH as a proxy
[17:32] <Gorlist> yep
[17:32] <Daviey> p1l0t, did you clear your cache and restart your browser?
[17:32] <Gorlist> Daviey,  do think the server is already compromised, should I reinstall now?
[17:33] <Gorlist> then reset all of the ftps and step through it over night
[17:33] <p1l0t> Daviey: I'lll try it now
[17:33] <Daviey> Gorlist, TBH.. i never trust a compromised server.. Once someone has got it, you never really know what they've done.. If it was me, it'd reinstall
[17:33] <Gorlist> okay will do that over night
[17:33] <Gorlist> bummer
[17:34] <Daviey> Gorlist,  But even so.. something is insecure.. so simply reinstalling and restoring from backup will put the vulnerability back
[17:34] <Gorlist> well thank you for the help.
[17:34] <Daviey> Gorlist, no problem.. Sorry it happend :(
[17:34] <p1l0t> clearing cache didn't help php is definitely fail using ssh as a proxy
[17:34] <Gorlist> yes I agree, I was going to restore, go through and reset every domain ftp passwordand check the php
[17:35] <Daviey> p1l0t, Using a proxy and php sites is unrelated.. The php is executed server side and presented to you as html..
[17:35] <Daviey> p1l0t, Is this doing it on *every* site?
[17:35] <p1l0t> Daviey: yesand only while using the proxy
[17:36] <Daviey> p1l0t, can you visit http://erk.daviey.com/test.php ?
[17:36] <Daviey> with proxy on
[17:38] <p1l0t> It wants to know what program I should use to open test.php
[17:39] <Daviey> p1l0t, Okay.. I'm not convinced your browser settings are correct
[17:40] <p1l0t> proxy off says test complete
[17:42] <p1l0t> They should be 127.0.0.1:9999 for only SOCKSthen maybe I had http proxy set to that as well
[17:42] <Daviey> p1l0t, p1l0t it should look like: http://socks.daviey.com/
[17:42] <Daviey> where 4000 == the value you put for -D4000
[17:43] <p1l0t> Yeah I had http proxy set to localhost:9999 as well
[17:43] <Daviey> you don;t want that :)
[17:43] <Daviey> p1l0t, Have you made it look like mine?
[17:44] <p1l0t> Yes and it is working now 100%
[17:44] <p1l0t> :) Thanks again
[17:44] <Daviey> p1l0t, can you visit http://erk.daviey.com/test.php WITH the proxy enabled
[17:44] <Daviey> and without it please
[17:44] <Daviey> p1l0t, I just want to check something..
[17:45] <p1l0t> test complete
[17:46] <p1l0t> test complete off as well
[17:46] <Daviey> p1l0t, erm... Something isn't right
[17:47] <p1l0t> what's not right?
[17:47] <Daviey> p1l0t, Your request came from the same IP address twice... which means it isn't going via the proxy
[17:47] <p1l0t> :(
[17:47] <p1l0t> Oh well I am at home right now
[17:47] <p1l0t> I would probably have to go somewhere else and try it
[17:48] <Daviey> p1l0t, ah yes.. you are ssh'ing to a server @ home?
[17:48] <Daviey> and are @ home at the moment?
[17:48] <p1l0t> yes and yes
[17:48] <Daviey> p1l0t, Okay, that explains it.. Well it looks like it's all set then!
[17:49] <p1l0t> but I will be going to the airport around 4ish (EST) I can try it there
[17:50] <Daviey> p1l0t, Keep in mind this can probably not be used to get "free" internet.. if that is your intention.
[17:50] <Daviey> (and i'm not purely speaking ethically)
[17:51] <p1l0t> No, I just prefer to be more secure. (and not be filtered either)
[17:51] <Daviey> ahh.. ok.. good
[17:52] <Daviey> p1l0t, Ok, in the address bar put about:config
[17:52] <Daviey> p1l0t, pressed "ok", in the filter type "socks"
[17:53] <p1l0t> It says I might void my warranty lol
[17:53] <Daviey> change the option for "network.proxy.socks_remote_dns" to true
[17:53] <Daviey> p1l0t, Yeah.. that option means you do your dns lookups over socks when available.
[17:54] <p1l0t> wilco
[17:55] <p1l0t> network.proxy.socks_remote_dns = true
[17:56] <Daviey> yup.
[17:58] <p1l0t> I can't wait to try it, only three hours to go, lol
[18:27] <zul> Daviey: ping can you have a look at bug #601087
[18:37] <Mo__> hey guys trying to install samba on ubuntu and then bind it to active directory for a single sign-on. I have been messing around with likewise open source. i was wandering if any of you awesome people had any experience doing the same thing and can point me in the right direction. I am very new at this. Any help would be much appreciated
[18:41] <drew-buntu> hey all, im having an issue with postfix binding to the wrong port
[18:41] <drew-buntu> my config is correct
[18:42] <drew-buntu> but postfix keeps wanting to bind to port 25 and thats the port the spam filter binds to
[18:43] <drew-buntu> postfix is supposed to be binding to port 25125
[18:43] <pmatulis> drew-buntu: is this for a private network?
[18:43] <drew-buntu> public/production server
[18:43] <drew-buntu> ive had no emails on this box since 3am
[18:44] <Daviey> zul: i thought i already did an update for it
[18:44] <Daviey> zul: oh, seems i didn't
[18:44] <pmatulis> drew-buntu: the spam filter cannot bind to port 25, how would the mail come in?
[18:44] <drew-buntu> its not
[18:44] <drew-buntu> thasts the problem
[18:45] <drew-buntu> postfix keeps wanting to bind to 25, and thats not the port in my cf
[18:45] <drew-buntu> let me post my master.cf real quick
[18:46] <drew-buntu> http://pastebin.com/JY4N4Rs6
[18:49] <drew-buntu> tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      30334/master
[18:49] <drew-buntu> and as you can clearly see, its binding to the wrong port
[18:51] <drew-buntu> anyone?
[18:51] <pmatulis> drew-buntu: where do you get 25125 from?
[18:52] <drew-buntu> thats an abritary port i have postfix listening on to pass email from the spam filter to postfix
[18:54] <pmatulis> drew-buntu: i don't see it
[18:56] <umarmuha> guys i have a mixed environment windows+linux+mac. Trying to look for a single sign on solution so i can bind all my users to linux server or active directory. If anyone has any experience with this please send some helpful links. Thanks
[18:57] <drew-buntu> umarmuha: likewise
[18:57] <drew-buntu> macs already work with AD
[18:58] <umarmuha> drew-buntu: excellent thats exactly the solution i was going to try out but wasnt sure if its legit. Thanks for the info bud
[18:59] <drew-buntu> sure
[19:38] <drew-buntu> i dont mean to be impatient
[19:38] <drew-buntu> but i could use some help with this please
[19:49] <X-warrior> hello! is it possible to disable some commands to a user? Disable who, ps, top, and others to some specific users?
[19:50] <drew-buntu> if you chroot them, then they will not have access to most of those until you set up symlinks inside the jail
[19:56] <giovani> drew-buntu: your question sounds very postfix-specific
[19:56] <giovani> drew-buntu: I'd suggest #postfix -- but if you pastebin your main.cf I'll take a look for you
[19:57] <giovani> also pastebin 'postconf'
[20:20] <Krazyderek> having trouble getting a usb printer working, i've got something shared and installed on a windows client but nothing prints
[20:20] <Krazyderek> someone want to help me make sure i have it installed right?
[20:22] <giovani> Krazyderek: printing from a server? or you're trying to set up a print server?
[20:23] <Krazyderek> @giovani print server, i installed cups, and the printer shows up after i create it in webmin but i'm not sure it's right
[20:27] <guhcampos> I'm trying to setup apache to authenticate against an active directory domain through Kerberos, but I keep getting an "Unsupported key table format version number" error
[20:27] <guhcampos> any help would be appreciated =)
[21:08] <Krazyderek> gtg i'll try back tomorow
[21:08] <Krazyderek> exit
[21:32] <Yuein> hi is php, python, and perl installed by default on ubuntu?
[21:37] <cloakable> no
[21:38] <cloakable> Yuein: no
[21:38] <cloakable> well, perl and python is, iirc.
[21:38] <cloakable> php isn't
[21:38] <Gorlist> evening, quick question - im trying to secure /dev/shm by setting it to "nosuid,noexec" etc, but it doesn't appear in my fstab like the online guides suggest?
[21:38] <Gorlist> can I use a loopback file like ive done with tmp and var/tmp
[21:41] <io> Hi I am getting the message 'No PAM profiles have been selected.'. I just purged a handful of packages that were not being utilized
[21:50] <mikelifeguard> In my crontab, I have a MAILTO= line so I get emails in my actual inbox. But I have one job that should send email elsewhere. Anyone know how I can do that?
[23:01] <dolittle> Guten Abend
[23:04] <dolittle> Does anybody know if dhcp3-server supports secure dynamic updates to an windows dns-server?
[23:07] <chrismsnz> Hey guys - has anybody had any experience running keepalived/ipvs on a recent version of Ubuntu with UFW?
[23:07] <chrismsnz> UFW seems to be interfering with the load balancer and I'm just looking for some advice
[23:16] <spartan07_> hey guys any recommendations on a small business server solution that runs on ubuntu? need something where I can gather all emails from co and have a centralized place for files and info sharing <running server 8.04>
[23:19] <wurc> spartan07 checkout http://www.turnkeylinux.org/ Zimbra
[23:35] <spartan07_> wurc, very nice thank you!! exactly what I was looking for
[23:38] <wurc> Glad it helped
[23:40] <giovani> wurc: interesting project