[00:16] <_Neytiri_> how do i setup a vpn server and route traffic from the remote pc's through it [00:17] <_Neytiri_> i have pptpd in stalled and configured and remote clients can connect but i cant get the internet traffic to route [00:18] _Neytiri_: PPTP? ouch [00:18] <_Neytiri_> point to point tunneling server [00:19] <_Neytiri_> http://forums.bit-tech.net/showthread.php?t=132029 [00:19] <_Neytiri_> i used that tutorial [00:24] _Neytiri_: PPTP design is broken and weak, consider IPsec or SSL/OpenVPN tunnel [00:24] <_Neytiri_> ok how do i install that and is there a tutorial [00:25] _Neytiri_: yes, go to openvpn.net [00:25] <_Neytiri_> if i can do it over a ssh connection all the better [00:25] <_Neytiri_> and on openvpn.net there isnt a verson for ubuntu 10.4.1 [00:25] <_Neytiri_> which is wha ti am running === Wandrewvious is now known as WALoeIII [00:43] _Neytiri_: check the 10.04 server guide [00:46] hi guys any suggestion or idea im getting this tons of erro when i do apt-get update -----> http://pastebin.com/t7KXFFdb [00:51] _Neytiri_, ubuntu has openvpn in the repository, you don't (and shouldn't) install it from openvpn.net yourself [00:52] openvpn isn't related to ssh though [00:52] if that's what you were thinking [00:52] ruben23, your dns is down [00:52] or something along those lines [00:53] cwillu_at_work: im using google public--> 8.8.8.8 and 8.8.4.4 [00:53] ruben23, what does "host security.ubuntu.com" say? [00:53] cwillu_at_work: thats my error when i do it [00:54] ? [00:54] http://pastebin.com/t7KXFFdb [00:54] ruben23, I want you to type "host security.ubuntu.com" into a terminal and tell me exactly what it says [00:54] the pastebin is the output of your apt-get [00:57] cwillu_at_work: connection time out: no server could be reached [00:58] ruben23, your dns configuration is messed up then. pastebin the contents of /etc/resolv.conf [00:59] apt-get pastebinit; pastebinit /etc/resolv.conf [00:59] er, nevermind, you can't apt-get :p [00:59] just pastebin the file the normal way [01:06] nameserver 8.8.8.8 and nameserver 8.8.4.4 [01:10] * cwillu_at_work realizes that he has better things to do than retyping his instructions over and over until ruben23 finally does them, and goes for lunch instead [01:22] cwillu_at_work:) [01:28] * cwillu_at_work gets back from lunch [01:39] cwillu_at_work: 18 minute lunch? [01:39] pmatulis, it's also 6pm. problem? :p === freeflyi1g is now known as freeflying [02:13] Hi all, I've got a server running 8.04, and am trying to work out what is telling logrotate to rotate /var/log/auth.log and /var/log/syslog. There is no reference to either file in /etc/logrotate.conf or /etc/logrotate.d/* === [1]iclebyte is now known as iclebyte === harrisonk_away is now known as harrisonk [03:13] I am looking for a good bare metal recovery solution for an ubuntu 10.04 server. The box has RAID1+LVM and I have tried mondo and clonezilla on a test system with no success over the last three days. (clonezilla does not support soft RAID), and mondo restore always fails to restore :( [03:18] bgsmith: recovering from what? [03:18] e.g. the server being destroyed, the HDDs dying, someone with root running an rm -rf /... [03:19] bare metal recovery [03:19] new machine [03:19] same specs [03:20] worst case scenario disaster recovery planning [03:20] I have filesystem level backup and archiving policies in place [03:23] but setting up RAID, partition tables and the configuration etc would perhaps be too much to ask of a sys admin not too proficient with linux during a crunch. [03:26] <|rt|> hey guys I'm trying to setup a driver using dkms but while a driver is being built at /var/lib/dkms/arcmsr////module/arcmsr.ko update-initramfs -v shows that this driver isn't not being included in the initrd any ideas? [03:28] <|rt|> if I make install the driver it puts the .ko file in the /lib/modules//extra and update-initramfs shows that the driver is being included in the initrd [03:29] bgsmith: so your DR plan has to cope with an ignorant sysadmin? [03:31] in the current scenario ... unfortunately ... yes. this is a small company, and I am the only linux guy here. [03:31] we will expand and get more people on board, but that will take around 3 months. [03:32] so, automated re-creation of partition tables, RAID and filesystem restoration is needed. [03:32] (a la norton ghost / acronis true image) [03:33] <|rt|> the raid in this case is software raid? [03:33] mondoarchive seems to be able to do this ... except that it is failing in many ways with our setup. [03:33] yes ... it is software raid. [03:34] the bigger HP servers (couple of them) have hardware raid controllers [03:34] <|rt|> partimage will do what you're looking for [03:34] and will be backed up by clonezilla [03:34] <|rt|> clonezilla works for that too [03:35] the clonezilla website still says that soft RAID + lvm is not supported [03:35] <|rt|> actually clonezilla is a bit better I think [03:35] <|rt|> ah....i take it you're running lvm on top of this software raid [03:35] yes lvm is running on it [03:36] <_Techie_> is there a really good tutorial on getting a parallel port printer working with cups and hplip? [03:36] <|rt|> bgsmith: dd isn't an option? [03:37] dd it seems will not work if /boot is on LVM [03:37] <|rt|> how is that possible? dd is just a block stream image of the block device [03:39] http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1286246340448+28353475&threadId=79940 [03:39] that is just what I thought [03:40] I need to attend a meeting for an hour :( will be back! tnx [03:40] bgsmith: I'm not aware of any magic that can do what you're asking properly [03:40] <|rt|> i don't think lvm on hpUX is the same as on linux [03:41] hmmm I will test dd today. [03:41] actually mondoarchive claims to do just that. [03:41] <|rt|> I know my wife used to work on the LVM equivalent on HPUX when she was at HP and I'm pretty sure it's a different animal there [03:41] bgsmith: I have a DR solution for similar "dumb" customers, but it assumes that the "real" sysadmin manually performs partitioning ahead of time, and manually duplicates any lvextends and such on the DR box. [03:42] twb: mondoarchive claims to do just that ... and works fantastically in a non RAID-lvm environment, and the manual says that it should handle raid+lvm as well ... [03:42] Is that one of the DVD-RW based solutions? [03:43] can do network based recovery or disk based [03:43] One of *my* core requirements was also that the end user not need to do anything like rotating media each week [03:43] (Because they forget to do so.) [03:43] hmm [03:44] !dpkg -l mondo [03:44] Error: I am only a bot, please don't think I'm intelligent :) [03:44] Grmph [03:44] ubottu should be forked off the dpkg bot, instead of being its own damn silly supy instance [03:44] Error: I am only a bot, please don't think I'm intelligent :) [03:44] http://www.mondorescue.org/ ... I will do the dd thing, and run a couple of more tests with mondo after one hours worth of meetings [03:45] bgsmith: OK, yeah, that's "mondo" in apt. [03:45] right ... but that was old [03:45] I had to get the latest [03:45] from the website [03:45] in order for the backup to work. [03:45] I remember looking at it but not why I dismissed it. Possibly because it looked overkill [03:45] (the restore still isn't) [03:45] brb! [03:46] upstream ships 2.2.9.4, squeeze and karmic onwards ship 2.2.7. That's not a big jump... [03:55] <_Techie_> is there a really good tutorial on getting a parallel port printer working with cups and hplip? [03:56] _Techie_: don't you just plug it in and browse to :631 and follow the prompts? [03:57] <_Techie_> apparantly not [03:57] <_Techie_> i installed the hp drivers hplip [03:57] <_Techie_> but whenever i run hp-setup -i, i only get USB and net [03:58] Personally I avoid printers that don't have onboard ethernet and PostScript [03:58] <_Techie_> well, this printer was given to me for free and my new desktop machine doesnt have a lpt port [03:59] Cheapass printers are loss leaders for the consumables. [04:00] <_Techie_> this isnt a cheapass printer [04:00] <_Techie_> its a HP laserjet 2100m [04:00] If it doesn't have a RAM upgrade slot, it's a cheapass printer :P [04:00] <_Techie_> it does have a RAM upgrade slot [04:00] <_Techie_> comes with 4mb default [04:00] <|rt|> simms maybe :) [04:00] So why are you connecting to it via the parallel port? [04:01] <_Techie_> keep it in mind, its not exactly a new printer [04:01] <_Techie_> twb, because i dont have the ethernet module for it [04:01] Jetdirect boxes aren't very expensive. [04:02] <_Techie_> yeah, but im trying to make do with what i already have [04:02] I've got a parallel-ethernet print server device for such situations [04:02] _Techie_: bummer [04:02] _Techie_: well, anyway, as you may have guessed I can't help with the immediate problem :P [04:02] <_Techie_> i figured, but its nice to atleast chat [04:03] but yeah, no reason not to buy network printers anymore [04:03] when you can get a laser with ethernet for $100 [04:04] <_Techie_> qman__, i would love to have an ethernet printer, but sometimes you gotta make do with what you already got, eg 2x 17" CRT's [04:04] <_Techie_> and a 16" [04:08] I kept those for ages because CRTs can do a much higher resolution that these bloody new-fangled LCDs [04:11] i'm trying to install ubuntu server...which option should i select ubuntu enterprise cloud or server ? [04:11] mobasher, are you installing onto a cloud? [04:12] mobasher: if you do not know what a cloud is, you want the latter [04:12] i have no cloud just this amd box and one intel with ubuntu desktop on it [04:13] mobasher, so -server [04:14] ok thanks...i guess cloud is more for like server grid computing ? [04:14] mobasher: well, cloud is for cloud computing [04:15] yeah; you're look for less hardware support and more virtualization support [04:15] But IMO it's mostly buzzword wankery [04:15] spoken like somebody who doesn't know what they're talking about <3 [04:15] thanks guys..appreciate it ;-) [04:16] cwillu_at_work: you know it [04:16] although I don't know for a fact that ubuntu's cloud stuff has memory ballooning and so forth enabled [04:16] twb, the concept of using-all-of-the-available-memory-on-cache fails hard in a virtual environment [04:17] the typical bandaid is to tell the vm that it only has 256mb available or whatever [04:18] far better is to say that it has several gb available (as is true), but that it should minimize its use of those resources [04:18] I'm of the opinion that clouds have their place [04:18] otherwise you end up having cache on disk, with the vm thinking it has that data available quickly, and the host having little idea what can actually be pushed to disk [04:18] and that my 20 node network isn't it [04:19] cwillu_at_work: erm, can't you jsut set stuff like vm.swappiness=0? [04:19] twb, that has nothing to do with this :) [04:19] (OK, that's swap not cache, but you get the idea) [04:19] twb, and you don't necessarily _want_ swappiness at zero [04:19] really, you probably want swappiness at 100, so that the vm is perfectly aware of when it needs to go to disk, rather than it thinking that gee, my memory is really slow today! [04:20] all this to say that yes, you really do want a different distro for vm than you do for real hardware [04:20] whether vm itself is useful to you is another matter [04:21] I guess I call it 'buzzword wank' because it mostly seems to be stock standard virtualization with a shim to allow rapid (de)provisioning of stateless VM images across a farm. [04:21] ... as qman__ mentions [04:21] it's useful technology, but it is littered with buzzwords [04:21] cwillu_at_work: where "different distro" mostly means a handful of kernel .config changes and sysctl.conf, I guess. [04:22] and it really isn't all that different from the virtualization we've been using for the last decade [04:22] qman__, this is true. But the solution to that isn't to focus on the wankery :p [04:22] twb, yes, that's what distro's do [04:22] I mean the difference between ubuntu and kubuntu is a set of default packages [04:22] I don't consider kubuntu to be a different distro [04:22] and the difference between fedora and ubuntu is the packaging manager [04:23] cwillu_at_work: and the packages [04:23] twb, not nearly as much as you may think [04:23] and all the other infrastructure, like the ticket system and the PR team [04:23] both distros want to be as stock as possible [04:23] twb, you're conflating the companies and the distros [04:23] fedora is very different [04:23] hmm [04:23] yeah, I see your point [04:23] I'll say flavour instead :p [04:23] Nod. [04:24] kubuntu and -server are "flavours" of Ubuntu [04:24] nonetheless, it's significant enough differences that not having to configure a lot of things by hand is nice [04:24] I *might* say CentOS is a flavour of RHEL :-) [04:25] hi guys... how can i configure a Raod warriror vpn tunnel using racoon, setkey and shorewall on ubuntu server ? [04:25] twister004: you have a roaming server? [04:25] twister004, I suggest finding a tutorial via google or something [04:25] so far i have been hardcoding.. as the public adresses are static.. but now, I have a dynamic address with a dns name... how can i incorporate this dns name in my ipsec setup on ubuntu? [04:26] it's not roaming [04:26] I use dynamic dns with my openVPN without issue, but I don't use ipsec, so not sure how that works [04:27] qman__: it's basically like openvpn only more difficult :P [04:28] it's like openvpn, except they reinvented _every_ aspect [04:28] ipsec is a core part of ipv6, so you WILL need to learn it sooner or later [04:29] yeah [04:29] you don't use the normal os routing tables, you don't use standard encryption, you don't use standard key management, it's recommended to use it via kernel-space modules rather that user-mode binaries and daemons... [04:29] I've had classes and such touch on it, but I've never actually used it [04:33] Nobody has any ideas about my logrotate query yet? [04:35] mattcen, did you grep for auth in /etc/logrotate.d? [04:36] I just checked my remaining hardy server, there are none [04:36] might be hard coded? [04:36] cwillu_at_work: It returns nothing. [04:37] mattcen, oh, I missed that you were on hardy [04:37] sec [04:37] I'm guessing it uses the general rules in logrotate.conf [04:37] weekly, rotate 4, create [04:39] though that doesn't add up, since I have syslog going up to 6 [04:41] hmmm [04:44] Basically, to articulate my *actual* question, I want to change logcheck from running hourly, to daily, and therefore need it to run just before logrotate shifts the logs, but I was looking for evidence that logrotate is *actually* what's doing the rotation in this case. [05:07] is LXC stable enough to use in a production environment? [05:45] anyone available to assist with installing driver for usb wifi card? [05:51] Herron [05:51] Hewro [06:04] Having an issue where an external usb drive randomly disappears... [06:04] I've never used irc before, so not sure if anyone can see this [06:05] rementis: we can see this [06:05] help needed [06:05] Error deploying virtual machine: Failed to create domain [06:05] error in the one_vmm_log file [06:05] what causes this error [06:05] any help will be appreciated [06:06] any help ?? [06:07] What u deploying [06:07] hardfire, it would help to mention what software you're using and what you did that resulted in this error [06:07] Vmware or box [06:08] installed opennebula cloud using 2 machines [06:08] one as contreller and other as node [06:08] ubuntu 9.10 [06:08] trying to deploy a windows xp image [06:09] Why neb vs box? [06:09] And why 9.10 vs 10.04 [06:10] rementis: what exactly do you mean by disappear? [06:11] i mean it looks mounted, but the usb device isn't there. can't even run fdisk on it [06:11] was trying the nebula express installer in 10.04 didnot work [06:11] so using this as a guide right now https://help.ubuntu.com/9.04/serverguide/C/opennebula.html [06:11] rementis: maybe an issue with USB suspend not working correctly? [06:11] if i turn the usb hard drive off, then on, it reappears and I can mount it. maybe power management? [06:12] can i disable power management for usb [06:13] you can, but I'd have to look up how [06:13] franksterville, der ? [06:13] It would be awesome if you could find out how to do it, I've been looking and can't find anything [06:15] any help for open-nebula would be appreciated [06:15] ubuntu box - 1 cc and 1 worker node [06:15] cannot deploy vm [06:15] Error deploying virtual machine: Failed to create domain [06:25] rementis: you can write -1 to /sys/bus/usb/devices/.../power/autosuspend where ... is the device [06:26] wow, let me try that [06:26] can i ask where you found it? [06:26] in the linux kernel docs ;) [06:27] any way i can determine which device my usb hard drive is? [06:27] it's not obvious at all [06:27] rementis: lsscsi is what i use [06:28] and will i need to reboot after writing the -1? [06:28] perfect on lsscsi, thanks! [06:28] rementis: np [06:28] AFAIK your drive going into suspend shouldn't cause errors, but if it does, this might help [06:29] Can anyone point me to documentation about the difference between linux-image-virtual and linux-image-generic, and whether or not VMware tools is necessary when running linux-image-virtual under VMware Server? I've searched Google and come up with no rationale for the existence of linux-image-virtual, nor any explanation of the difference between it and linux-image-generic. I can diff the kernel config files, but i'm far fro [06:29] and reboot would reset this setting, so certainly don't reboot ;) [06:29] yeah [06:29] if you want to set it permanently, do so in sysctl [06:30] i see this: [06:30] as qman__ says [06:30] root@steeler:/sys/bus/usb/devices/usb1# lsscsi [06:30] [0:0:0:0] disk ATA WDC WD400BB-23DE 05.0 /dev/sda [06:30] [0:0:1:0] disk ATA ST3320620A 3.AA /dev/sdb [06:30] [1:0:1:0] cd/dvd COMPAQ DVD-ROM GD-8000 0011 /dev/sr0 [06:30] [5:0:0:0] disk WDC WD10 EAVS-32D7B1 /dev/sdc [06:30] and this [06:30] root@steeler:/sys/bus/usb/devices# ls [06:30] 1-0:1.0 1-5 1-5:1.0 2-0:1.0 3-0:1.0 4-0:1.0 usb1 usb2 usb3 usb4 [06:30] so which device is the WDC WD10? [06:30] and how do i put this setting in sysctl? [06:31] rementis: ask hdparm [06:32] rementis: use pastebin.com for stuff that long [06:32] rementis: sysctl is for /proc/sys, not /sys [06:33] IIRC power management of USB devices is on by default for only one kind of device... I can't remember which kind... hubs? [06:37] I thought they were going to enable it again for other devices too? [06:38] not sure what kernel etc. that would apply to [06:39] rementis: does your external USB drive have its own power? if not, it might suffer from a power loss... [06:39] oh... [06:55] JanC: AFAIK, not done as at 2.6.32 [06:55] Obviously if you pm-suspend or pm-hibernate, the device will fall over and get a new name when you resume. === sailerboy is now known as zz_sailerboy [07:43] hi [07:43] can someone please guide me about fcron scheduler ? [07:44] kaushal: `man fcron`. what's your concrete question? [07:45] Sc [07:47] joschi: I do get fcron emails, is there a way to find out the receipient list ? [07:48] and also is there a way to edit the subject line of fcron emails [07:48] I dont see anything in /etc/fcron.conf [07:48] kaushal: check your (f)crontabs for the MAILTO variable [07:49] joschi: how do i find out ? [07:49] I did sudo fcrontab -l [07:49] kaushal: `man 5 fcrontab`, or http://manpages.ubuntu.com/manpages/lucid/en/man5/fcrontab.5.html for the online version [07:49] kaushal: well, `sudo fcrontab -l` will only show the crontab of 'root' [07:50] yeah [07:50] kaushal: /var/spool/fcron should be a good starting point (or the directory given for fcrontabs in your fcron.conf) [07:50] but don't edit these files directly [07:51] heh [07:51] how many times have I said that to myself? [07:51] man.. F cron. [07:52] SpamapS: I'm pretty sure that the f in fcron stands for 'fine' ;) [07:53] joschi: just like in rtfm! [07:53] joschi: I checked /var/spool/fcron/root.orig [07:53] SpamapS: that depends on the context ;) [07:53] shall i pastebin the /var/spool/fcron/root.orig ? [07:54] <_Techie_> is there anything extra i need to do to have dovecot authenticate against users with /etc/passwd ? [07:55] I dont see MAILTO variable [07:55] not sure i understand that [07:59] I have not hardcoded any MAILTO in the fcrontab [08:00] dont understand why mails are being sent to specific users [08:03] joschi: you around ? [08:15] can someone please guide me about my fcron issue ? [08:20] <_Techie_> could you quickly explain what fcron is? [08:20] _Techie_: yeah sure [08:20] its a scheduler [08:20] <_Techie_> does it differ from cron? [08:20] yes [08:20] <_Techie_> how exactly? [08:21] <_Techie_> i might not be able to help, but im interested [08:21] for fcron it does not require that the server being up 24*7*365 [08:22] <_Techie_> i see [08:22] <_Techie_> so rather than specifying a time to do a job, you can scedule a job to run X hours after boot [08:23] i was interested in the MAILTO directive [08:23] <_Techie_> thats actually quite nifty [08:23] <_Techie_> what about it? [08:24] <_Techie_> hrmm [08:24] <_Techie_> just read all the scrollback [08:24] Anacron provides similar functionality [08:25] Also, vixie cron supports @reboot. [08:25] <_Techie_> interesting question, ill have a poke around in cron and see if anythign jumps out [08:25] <_Techie_> cron also supports @reboot [08:25] <_Techie_> i use it all the time [08:25] vixie cron *is* cron, as far as ubuntu is concerned [08:25] <_Techie_> i see [08:28] <_Techie_> hrmm, i cant seem to turn up anything on my sytem that would be of any help with your issue [08:28] <_Techie_> do you want to recieve cron mail? [08:29] I am receiving fcron email [08:29] <_Techie_> yes [08:29] <_Techie_> do you want to recieve it [08:29] I want to disable it [08:29] kaushal: remove the MTA, then [08:29] <_Techie_> i have a way, but its only a tempoary fix [08:29] <_Techie_> twb, it uses system mailboxes [08:30] twb: is there a way to disable the receipients ? [08:30] cron cannot deliver mail unless there is an MTA installed [08:30] <_Techie_> twb, and most people like to have mail functionality on their server [08:30] _Techie_: yeah, I know :-) [08:30] <_Techie_> kaushal, after each fcron command, add this >/dev/null 2>&1 [08:31] <_Techie_> that will stop it from giving any output [08:31] <_Techie_> and then it wont send you emails [08:31] ok [08:31] <_Techie_> its not a proper fix, but it will stop it untill a fix can be found [08:32] so is it fcrontab -e and then add 30 02 * * * /usr/local/bin/scripts/gziptomcat4.sh >/dev/null 2>&1 ? [08:32] <_Techie_> perfect [08:32] twb: is that correct ? [08:32] Hmm? [08:32] Looks OK to me [08:33] Apart from you running tomcat :P [08:33] basically i want to stop sending emails to particular users [08:33] kaushal: man newaliases [08:33] Or ask #postfix how to blacklist users, I guess [08:34] <_Techie_> twb, except the mail is sent by the user that the cronjob runs as, to the user that the cronjon runs as [08:34] <_Techie_> so blacklisting users isnt really a good idea [08:34] _Techie_: Thanks [08:34] <_Techie_> wait [08:34] <_Techie_> sorry [08:34] <_Techie_> sent from cron@domain.com to the user [08:34] _Techie_: ? === cs278| is now known as cs278 [08:35] <_Techie_> so blacklisting could work [08:35] _Techie_: shall i pastebin the email ? [08:35] <_Techie_> nah [08:35] <_Techie_> i know what it looks like [08:35] 30 02 * * * /usr/local/bin/scripts/gziptomcat4.sh >/dev/null 2>&1 would do the fix ? [08:35] <_Techie_> i have my cronjobs send me email, i find it handy to know when services dont start properly [08:35] <_Techie_> yeah that would fix it [08:36] so that line means the script would get executed and it wont send emails ? [08:36] <_chris_> hej all [08:37] <_Techie_> yep [08:37] Can anyone tell me whether there is a programmatic way to find out whether a reboot is required after an automated upgrade? [08:37] <_Techie_> kaushal, it pipes all output to /dev/null and reports back that it ran properly.... no output... no email [08:38] _Techie_: ok [08:38] <_chris_> im pretty new to linux and want to put a service to autostart, im wondering if can also define dependencies ? for example service x should not start before service a b and c are started ? [08:39] <_Techie_> !upstart | _chris_ [08:39] _chris_: Most of that happens automatically with Ubuntu server [08:39] _chris_: Upstart is meant to replace the old Sys V Init system with an event-driven init model. For more information please see: http://upstart.ubuntu.com/ [08:40] <_chris_> ty : [08:40] <_Techie_> blahdeblah, you mean other than logging into ssh and have it blatantly tell you that a system reboot is required? [08:40] <_chris_> :) [08:45] _Techie_: yes. "programmatic" means i don't want to have to log in - i want to find out via shell script or something like that [09:05] when I login to my server via ssh I am getting the notice - 47 packages can be updated. [09:05] 19 updates are security updates. [09:05] sudo apt-update isn't fixing this.... [09:06] *sudo apt-get update [09:09] kucumber: apt-get update just refreshes the package lists; apt-get upgrade is what you want [09:09] <_chris_> can i see what program are in autostart already ? [09:09] <_chris_> *programs [09:09] _chris_: list /etc/init (or /etc/event.d, in 8.04) [09:10] <_chris_> twb, no command 'list' found [09:11] Based on that response, I think you don't know enough to safely write new upstart jobs === sanderj__ is now known as Snadder [09:11] However, all packages you install via the package manager should already be configured to "autostart", as it were. [09:12] blahdebblah excellent, thank you [09:15] <_chris_> twb, nvm already got it, stupid me ^^ [10:27] New bug: #655039 in apache2 (main) "package apache2.2-common 2.2.14-5ubuntu8.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/655039 [10:48] hi...my pre-installed server seems to have been configured in a way that's not recommended...it had one user account, root. so, to correct this, i've created a new user, but when i try to add that user to a group admin, i'm told group 'admin' does not exist... [10:48] does this mean i need to manually add my user to the sudoers list??? [10:49] (i want my user to have the ability to elevate its privileges with sudo) [10:53] Correct; there is no "admin" group. [10:53] There is a "sudo" group, but it is probably not allowed to sudo by default. [10:53] You can check by examining /etc/sudoers for a %sudo entry (% denotes a group match). [10:55] twb: my /etc/sudoers file contains 2 lines, Defaults env_reset and root ALL=(ALL) ALL... [10:55] twb: everything else (including the entry you mention) are commented out [10:58] twb: could you spare 1 minute and check the 3 commands in the snippet http://dpaste.com/253304/..basically making /etc/sudoers writable, then adding a single line, then removing write from the file...is this a safe way to give a user the ability to elevate their privileges? [10:59] Try "%sudo ALL=(ALL) ALL" [10:59] Use visudo to edit it [10:59] sudoers should NOT be writable. [11:00] twb: thanks, i thought it was a bit hacky :) does the entry you suggest mean any user can elevate their privileges, but must enter their password first? [11:02] Modulo your wishy-washy terminology: yes. [11:02] twb: thanks :) [11:11] New bug: #655058 in clamav (main) "freshclam apparmour error : type=1502 operation="inode_permission" requested_mask="r::" denied_mask="r::" name="/proc/28071/status" " [Undecided,New] https://launchpad.net/bugs/655058 === [1]iclebyte is now known as iclebyte === [1]iclebyte is now known as iclebyte [12:10] hi..may a noob ask a question? i've followed the disk partitions my isp created in their standard build of my server...my /home partition has the majority of space...i will be hosting a database backed web application on the server (postgresql/apache2)...i'm reading seemingly conflicting statements about /home online...i'd like to put my application database and source in directories in /home...is this a bad ide [12:15] alternatively, should i re-partition my disk so that /var contains the majority of space? [12:16] i'm looking for best-practice really as i'm a developer learning on the job trying to set up a server for my app [12:24] kinygos: shouldn't matter where it is [12:25] kinygos: I think I would have repartitioned /home and made most of it a separate fs for /var [12:25] just my thought, though [12:25] RoyK: that's what i'm thinking now...just feels wrong having data directories in /home alongside user directories (not that i'm gonna have many user directories) [12:26] as in - set a root password, login as root directly to avoid keeping files open on /home, move any data on /home somewhere else, repartition, create new filesystems for the new /home and /var partitions, rsync the old /var to the new one, mv /var /oldvar, mkdir /var, mount /dev/asdf /var [12:26] more or less [12:26] that is, rsync _after_ you have mounted /var (obviously) [12:28] RoyK: awesome, i see where you're going with that...thanks again :) [12:30] good reason to use lvm. [12:31] jo-erlend: i've realised that now too...i had enough drama installing RAID remotely :) [12:32] :) [12:44] RoyK: erm...sorry to bother you again, but what device is /dev/asdf? i don't have it mounted at the moment..i have a RAID partition mounted on /var [12:44] <_Techie_> anyone in here know their way around the exim configuration files? [12:47] kinygos: :) [12:47] kinygos: /dev/asdf was meant as /dev/something [12:48] http://asdf.com/whatisasdf.html [12:49] RoyK: lol :) [12:50] _Techie_: not really - I use postfix :รพ [12:50] RoyK: reminds me of a riddle...i am h i j k l m n o but only 5 letters...what am i? [12:51] <_Techie_> RoyK, darnit, i need to enable exim to suthenticate without tls, and the debian way of doing the config files is extremely confusing [12:53] kinygos: no idea :) [12:53] RoyK: i'll tell you later :) === rgreening_ is now known as rgreening [13:34] Quick bind9 question: how does it load named.conf.default-zones? [13:37] what do you guys recommend for a backup solution for 10 servers? I have a storage array, but should i just write a bash script to run rsync? or is there something more sophisticated that I could do? [13:42] raubvogel, the files are included from named.conf [13:44] qman__, this is the 4th time I looked at that file and the first time I noticed default-zones is there as the last entry. Thanks! I feel better now. [14:04] Daviey: are you on that axis2c i386 build failure ? [14:05] Also if you can't reproduce it I'll drop Bug 653154 from server-mrs [14:05] Launchpad bug 653154 in dovecot "package mail-stack-delivery (not installed) failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [High,Incomplete] https://launchpad.net/bugs/653154 === luis__lopez is now known as luis_lopez [14:36] http://imgs.xkcd.com/comics/golden_hammer.png [14:38] Hello to all; I've a bug report about a IBM x3560 that don't boot from MM CD. I'm not expert in server side. At wich package assign ? https://bugs.launchpad.net/ubuntu/+bug/654936 [14:38] Launchpad bug 654936 in ubuntu "Maverick 10.10 server RC does not boot on IBM x3650 M2" [Undecided,New] [14:38] Thanks in advance [14:49] I want to mount a windows share from shell, how should I do it? [14:49] RoyK: water...and the groans begin :) [14:51] Mounting unprotected (guest) network folders [14:51] Assumed that: [14:51] Network connections have been configured properly. [14:51] The Windows computer name is servername, this can be either an IP address or an assigned name. [14:51] The name of the share is sharename. [14:51] You want to mount the share in a folder mountname. [14:51] First, let's create the mount folder. You will need a separate folder for each mount. [14:51] sudo mkdir /media/mountname [14:51] Then edit your /etc/fstab file (you need root privileges) to add this line: [14:51] /servername/sharename /media/mountname cifs guest,uid=1000,iocharset=utf8,codepage=unicode,unicode 0 0 [14:51] Where [14:51] guest indicates you don't need a password to access the share, [14:51] uid=1000 makes the Linux-user with specified uid or username owner of the mounted share, thereby allowing that user to rename files, [14:51] the combination iocharset=utf8,codepage=unicode,unicode allows access to files with names in non-English languages. This doesn't work with shares of devices like the Buffalo Tera Station, or Windows machines that export their shares using ISO8895-15. With these the codepage argument has to be codepage=cp850, otherwise characters like the German 'Umlaute' are displayed as garbage. [14:51] After you added the entry to /etc/fstab type: [14:51] sudo mount -a [14:51] !paste | franksterville [14:51] franksterville: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic. [14:52] https://wiki.ubuntu.com/MountWindowsSharesPermanently?highlight=(Samba) [14:52] sorry lol [14:52] my god that was hidioud [14:53] franksterville, cifs did not work [14:53] it says wrong fs [14:54] elb0w: try smbfs ? [14:54] ye smbfs [14:54] but then I have to mount as root [14:54] I want a normal user to have write priv [14:55] elb0w: I think that in that case you need to specify mount options to allow the user to have access to the mount point [14:55] I have not done this much mounting, would you happen to know the option? [14:57] elb0w: in your command line "man mount", then look for "The non-superuser mounts." [14:58] I have to do it in the fstab then? [14:59] I didnt have to do all this last time [15:00] elb0w: you can still do it from the command line afaik, look in the man page... [15:00] :) [15:03] elb0w: prolly something like mount.smbfs /source /dest -o rw,user,noauto etc etc [15:04] when I do a sudo mount it makes everything owned by the root [15:04] with those options [15:05] elb0w: well an awful hack would be to change the permisions to mount [15:06] elb0w: I can't really help you miuch more given that I don't have any samba share to test [15:07] elb0w: but I'll prolly do it in /etc/fstab for automounting [15:07] yeah, I like keeping it seperate === jeipur is now known as jaypur [16:01] can someone help me with a simple postfix problem? [16:09] I need some postfix help on ubuntu. I can't seem to get smtpd_sender_restrictions=check_sender_access map:/etc/postfix/regexp to work [16:11] smoser: You probably know this.. Does Eucalyptus update console output in real time or does it do what EC2 does? [16:37] soren: it should get the last 64k, but there was a bug on it (from smoser), and I have not checked lately === ivoks-afk is now known as ivoks [16:51] soren, it updates in real time [17:01] which is nice, but probably not going to scale well (i've always assumed scalability is why it is as it is on ec2) [17:01] smoser, ttx: I am probably missing the meeting today, I am still pretty sick [17:01] bummer dude. [17:02] can i get one question in ? [17:02] I didn't have anything to bring up, should I get another kt member to cover [17:02] regardin g the t1.micro and java bug. any progress there ? [17:03] jjohansen, ^ [17:03] smoser: no I haven't looked at it all [17:03] sorry [17:04] * jjohansen has been learning the dm/scsi layer and having fun with that :( [17:04] ok. I think that would be the biggest issue from our perspective plaging kernel right now. [17:05] the other one being the still delinquent proc/loadavg bug [17:08] is there a package for vrrpd or do i need to compile it from source? [17:09] need a web editor for ubuntu equivalent to dreamweaver pls [17:09] i think there is a bluefish project [17:09] am running ubuntu server, lamp on my machine [17:12] * kinygos thinks dreamweaver is evil [17:14] i wish i had the time to develop a dreamweaver type app for ubuntu...would be an awesome project imho [17:14] yes it is [17:15] something like that could be a killer app for ubuntu-desktop [17:16] New bug: #655215 in postfix (main) "package postfix 2.7.0-1 failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/655215 [17:16] Since this is #ubuntu-server, I'm going to suggest vim. :P === [1]iclebyte is now known as iclebyte === jjohansen is now known as jj-afk [17:21] New bug: #655220 in bacula (main) "Bacula Installation Failure" [Undecided,New] https://launchpad.net/bugs/655220 [17:21] maswan: :) === cs278| is now known as cs278 [17:43] jiboumans: ping [17:44] I make use of a Perl CPAN module which is not packaged in the Ubuntu repos: Devel::Trace. 1) How can I install is so that is available to all users and 2) how could I request it be packaged? [17:48] for right now, i have a server that provides many services on my network, but i don't want to configure all my clients to point to myserver.mydomain for every service; how can it be configured so that mail.mydomain, psql.mydomain, www.mydomain point to the same host (for now) [17:50] set those records up in your name service [17:50] all pointing to your server [17:52] mdlueck, apt-cache show dh-make-perl [18:00] ChmEarl: Sounds excellent, thanks! [18:01] ChmEarl: Are perl modules x32 / x64 cross platform? Can I build it on my x32 test server and then install it on an x64 server? [18:01] ChmEarl: nice - I didn't know the show argument :) === martin- is now known as martinp [18:02] mdlueck: perl modules are written in perl, a script language, so as long as the underlying library is compatible, the module will be [18:03] mdlueck: and I guess some 95%+ of the current code is quite compatible between x86 and x64 [18:03] mdlueck: there's no such thing as x32, btw, it's the old x86, which is 32bit [18:03] RoyK: Very good. Yes in fact the Ubuntu version is identical between test and prod, just the x32 / x64 difference. === martinp is now known as martin- [18:04] I'd use the same platform for test/prod if I were you, though, at least if the platform is business critical [18:04] RoyK: Me knods about x86 = x32 [18:05] RoyK: Can't run x64 code at present in the test environment. Best I can do. [18:05] well, most stuff will probably work [18:06] Surprisingly well in Ubuntu land! :-) [18:06] I don't think I've seen _any_ 32/64 bit incompatibilities yet... [18:07] we're running ubuntu on 20+ servers at work, most of them on 10.04 atm, and mostly on x64 [18:08] Question: Ever sence I "upgraded" to 10.04.01 when I SSH into my box, i loose all my samba shares for about 1 minnet , then they fix themselves. I tried purgeing and re-installing the SSH stuff, deleteing the config file and everything, and it still semi-nukes my serve every time i atempt to ssh in.... any suggestions? [18:08] hey_pig: samba and ssh aren't related [18:10] hey_pig: only related on netstack level. [18:11] hmmm [18:11] hey_pig: one reason could be some strange firewall rule [18:11] hey_pig: and if it cut connection dmesg should show them if reason is on kernel level [18:13] that was good english :) [18:15] thanks simplexio ill check dmesg [18:22] hey_pig: and check firewall rules on both machines [18:36] if i password a web directory using .htaccess on my server, if I connect to a media file locally via mplayer and point to my server directory would it just deny access or ask for a password for that directory? [18:39] Point throught the webserver ? Yes... Accesing the file on disk directly, no [18:40] no pointing though to the webserver directory to "stream" the file via mplayer [18:42] Like mplayer /var/www/file.avi ? [18:43] you can use http://username:password@domain.com/filename.avi === harrisonk is now known as harrisonk_away [18:45] doubleD - yes [18:45] Laverne - in what way? Oh you mean once the .htaccess password is set [18:45] it wont ask for a password, the .htaccess file is only read/used by apache [18:46] if you access it locally, then the permissions on the directory/file are only taken into account [18:46] so setting a password via htaccess is still vulnerable? [18:46] its not accessing it locally [18:47] it's streaming from my server and just saving on space... [18:50] Does anyone know of any nice mysql query guis for ubuntu? I used to use heidisql. Looking for something similar === xfaf is now known as zul [19:02] Mysql-query-browser? [19:14] mdlueck, did you build libdevel-trace-perl yet? [19:14] ChmEarl: Currently working through it... [19:15] mdlueck, call dh-make-perl as user, not root [19:16] ChmEarl: Indeed I did [19:16] ChmEarl: Working through fixing up the files in ~/Devel-Trace-0.10/debian then to start looking for how to build a .deb [19:17] mdlueck, this worked dh-make-perl -e 'Joe Hacker ' --build --cpan Devel::Trace [19:18] ChmEarl: Any suggestions how to package.... oh, I guess I will start over with that more verbose syntax... [19:18] no need to touch ./debian [19:18] does anyone know where the command to start postgresql automatically at boot time is in ubuntu-server 10.04? [19:18] after running that cmd, a DEB was found in ~ [19:18] my google searching fails miserably :( [19:19] ChmEarl: Cool!!! :-) [19:19] prob in the init script [19:20] @kinygos: Really, in 10.04? I do not happen to use postgresql, but am surprised that with the packages properly installed it would not auto-start. [19:21] mdlueck: apologies...it does autostart, i just want to modify the options it starts with [19:22] @kinygos: No problem... for example back in 9.04, one package installed itself as a service, just would not auto-start the service. That was corrected in 9.10. [19:24] i looked in the /etc/init.d/postgresql-8.4 script, which itself runs /usr/share/postgresql-common/init.d-functions which is a long script that i can't believe i need to edit, so i'm convinced i'm doing something wrong :( [19:25] kinygos: it probably also sources /etc/default/postgres-8.4 or something like that too. [19:29] webmin really saves my bacon on stuff like this [19:29] ChmEarl: I see libdevel-trace-perl_0.10-1_all.deb at long last! [19:29] slight gui without actual hardware access needed [19:29] !webmin [19:29] webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead. [19:30] hmmm no more webbmin? [19:30] oh noooos im doomed [19:30] !ebox [19:30] ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox [19:30] looking now [19:31] RoyK: water btw (h..o) :) [19:31] Guys, I just restored my server from backups... There was one folder I found (/var/cache/man) that had the permissions messed up. However, everything else seems to be running perfectly. Can any of you reccomend a "stress test" of sorts that might let me know if I'm having other problems of which I'm not aware (yet)? [19:31] hmmm seriously [19:31] ebox? [19:32] kinygos: Dihydrogen monoxide is bad for you [19:34] kinygos: lol..the epic hoax :) [19:34] wth??? [19:34] RoyK: there's even a wikipedia article on that hoax [19:34] I know :) [19:34] it's a pretty neat hoax, though [19:36] RoyK: indeed :) [19:36] so the webmin issues stem from needing an old perl module? [19:39] franksterville: afaik the webmin issues are bound to redhat/fedora linking of config files [19:39] so ubuntu is okee? [19:39] franksterville: but then, I don't use web-based configs, so I might be wrong [19:40] well i use it as a crutch... trying to ween myself to terminal only [19:40] franksterville: no, webmin uses redhat/fedora-style configs, that are incompatible with debian/ubuntu [19:40] ahhh so why is this an issue in 10.04 [19:40] worked perfectly in8.04 [19:42] franksterville: I only know what's been told me, that webmin isn't designed for debuntu, but for rpm-based distros and later ported, for what I hear, erronumous, to dpkg-based distros. It might work, but AFAIK it's not well supported [19:43] Royk: gotcha.... any experience with ebox? [19:44] franksterville: as I said, no, I use the commandline [19:48] How can I tell libvirt to use my manually configured bridge instead of hacking up the 192.168 network that it does? [19:51] Guys, I just restored my server from backups... There was one folder I found (/var/cache/man) that had the permissions messed up. However, everything else seems to be running perfectly. Can any of you reccomend a "stress test" of sorts that might let me know if I'm having other problems of which I'm not aware (yet)? [19:58] I have had dpkg stop functioning 3 different times while running apt-get to install something. What steps can I take to begin troubleshooting this, because it feels dangerous to kill it in the middle of installing a package [20:13] what is the something? [20:14] first time it was mrtg [20:14] second time I don't remember [20:14] are you out of disk space? [20:14] this time it is a package meant for jaunty, so a little bit risky to begin with [20:14] lol, no [20:14] I have a 550GB array [20:15] Why are you installing packages from another release? [20:15] 5 drives in RAID 5 with spare [20:15] Did you check backports? [20:15] the size of the array says nothing of the filesystem that you are installing to [20:15] yeah, it is an HP support package I had to download from HP [20:15] What does it do? [20:16] it is a small repository of packages to monitor the hardware of my server, including a server management homepage [20:16] I see [20:17] Does it contain kernel modules? [20:19] the majority of the packages installed successfully, and I don't think that the package I am currently installing is the issue seeing as dpkg is doing this recuring [20:19] Any information in your logs? [20:19] what logs should I check [20:19] any kvm virt experts in the house? how come win2k3 worked great on hardy, but fails horribly on lucid? [20:19] prolly /var/log/syslog and /var/log/dpkg.log [20:20] osmosis: I wish there were some in the house, cause I could use one also [20:22] aegis: you run an fdisk? [20:22] n3kl, whats your issue? [20:23] http://pastebin.com/qGeqdiQs [20:23] I have manuallly configured a bridge in my interfaces file and I can't get my vmbuilder build vms to use it. [20:24] osmosis: I fail to understand why when I remove the symlink for the default network and restart libvirt, the iptables rules and second bridge is created. [20:25] osmosis: I just want to have all my vms use the bridge I provide them, with --bridge=br0 somewhere inthe command line or something [20:26] n3kl, dunno that one, sorry [20:26] osmosis, did you see my pastebin link? [20:28] I'm seeing abnormally high query times in mysql slow-query log on lucid...example Query_time: 18446744073709.550781 [20:31] and the Putty window just timed out [20:51] I just changed some limits in "/etc/security/limits.conf", how do i reload that configuration without restarting? [20:51] CharlieSu: that file is only processed during user login through PAM, so just log in again [20:52] I can't kill a dpkg process, it doesn't seem to be a zombie (it has no parent) and sudo kill -9 doesn't even force it to die. This is the third time it has happened, and this is not a computer I can restart without considerable preparation [20:53] demonspork: does anything show up in dmesg to indicate it getting stuck? unkillable usually means stuck I/O [20:53] so how do I check that? [20:53] kees: thanks for the help.. not sure it worked.. can you look here? https://gist.github.com/0717e4d2b18fa7249e0f [20:53] i'm looking for best-practice/recommendation again...i'm about to install django on my ubuntu server...should i install the package in my /home partition and create a symlink to it in /usr/local/lib/python2.6/dist-packages...or should i just install it there? the people in #django were busy discussing other stuff [20:54] !crosspost | demonspork [20:54] demonspork: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support. [20:54] * kinygos hides cos he just did the same thing [20:55] demonspork: dunno, does dmesg have any clues? [20:56] I have no idea, I am seeing some stuff about INFO: task mandb:25191 blocked for more than 120 seconds. followed by a bunch of lines of jibberish [20:56] demonspork: yeah, sounds like bad disk or RAM, off hand. but try "ubuntu-bug linux" and get it reported into LP for people to look at [20:57] CharlieSu: trying it locally, one sec [20:57] well crap [20:58] kees: yeah i tried.. but it doesn't persist when i logout and login again. [20:58] CharlieSu: works fine for me. [20:58] CharlieSu: you can't sudo though, that has a separate PAM config without pam_limits, IIRC [20:59] CharlieSu: e.g. it comes from pam_limits.so, which is in /etc/pam.d/sshd [20:59] CharlieSu: but sudo is handled by /etc/pam.d/sudo [20:59] one thing I am worrying about right now is inodes. I have an application that is generating thousands if little bitty files, but it only is using about 500MB of space with those files [20:59] ahh that is why [20:59] CharlieSu: oddly, pam_limits is listed in sudo .... [20:59] hmm [20:59] * kees switch to #ubuntu-devel [21:00] what would happen if i connect a laptop with dhcp if i have two DNS servers running in the same network segment, two different ip range pools, the only difference would be the default gateway? [21:02] istevenmon: why is my question [21:03] sorry DHCP servers [21:05] franksterville, I've used webmin a bit with ubuntu - mainly because I converted from fedora about 4 1/2 years ago - were you asking about webmin? [21:05] well they say since 10.04 not working and no support [21:06] working fine here [21:06] wondering whats up [21:07] Ah, well I've not tried it in lucid. [21:07] franksterville: thats a long story and not since 10.04 only, essentially all debian based distros have their config files organized in a way so that webmin might mess them up [21:08] guntbert: would a purge of webmin be advisable? [21:09] franksterville: no need to purge it, if you just use it to view config details it will do no harm, but be warned (ebox is in no way an alternative) [21:11] guntbert: so ebox=fail lol... Well I do mess with perms and shares on occasion with webmin. I suppose I should go terminal only... [21:13] franksterville: seems advisable :-), I only use it for squid, dhcp and so on where the config follows standards [21:13] guntbert: just file/print server here so gui helps with printers... === istevenmon_ is now known as istevenmon [21:15] franksterville: I'd say read up on the issues (iirc there *are* steps to get it back to debian/ubuntu but...) [21:16] guntbert: dont NEED it just like it. I like well running server better LOL [21:16] gaaaah, I still can't kill that process - this is driving me insane [21:17] last time I just left it for 24 hours and it vanished [21:21] how can i preserve vrrpd configuration over reboot ? [21:23] istevenmon: just curious, what are you doing with vrrpd? [21:24] istevenmon: and you could use puppet to restore a configuration file if you needed. [21:24] n3kl: doing gateway redundancy [21:24] istevenmon: is that box your most external facing? [21:25] yes [21:25] but the configuration is not done with a config file [21:25] but with comands [21:25] Ahh [21:25] lame [21:25] is there a "write me" command [21:25] ? [21:26] i dont know, i think i will create a startup script with the commands to be run [21:31] is booting to software raid5 possible with either 10.04 or 10.10? [21:33] I doubt it [21:33] raid 5 boot issues have plauged linux for a long time [21:34] baggar11:what I do is boot a usb stick as my root, then mount /var and /usr from the raid to speed up applications. Works like a charm. Then I have only one array, and if the usb ever dies, debootstraping a new one is easy [21:35] if anyone is familiar with the request tracker package...i keep trying to install it with a postgres db configuration, but it keeps using sqlite [21:35] thanks, just checking [21:46] someonehere? [21:47] mata: many :-) [21:47] i have an ubuntu server, and i dont know how to compile an pvpgn 199 with mysql [21:47] i mean is the first time using the ubuntu server [21:49] ?? [21:50] !copmpile | mata [21:50] !compile | mata [21:50] mata: Compiling software from source? Read the tips at https://help.ubuntu.com/community/CompilingSoftware (But remember to search for pre-built !packages first) === ivoks is now known as ivoks-afk [21:53] is hard, my first time, someone can help me_ [21:53] ? [22:02] mata, try it out and ask specific questions about what you are having issues with [22:02] CharlieSu: you need explicit lines for root in your limits.conf. root isn't included in "*" [22:26] <_Neytiri_> how do i setup a vpn server and have the remote clients use that mahcines internet connection [22:27] _Neytiri_: have you tried ssh tunneling or do you need local network access as well [22:30] <_Neytiri_> local network access [22:30] !vpn | _Neytiri_ [22:30] _Neytiri_: For more information on vpn please refer to https://wiki.ubuntu.com/VPN [22:31] <_Neytiri_> i have been there and was havineg issues with that tutorial [22:31] <_Neytiri_> i need to get it to run over a ssh connection tho [22:32] <_Neytiri_> the way our servers are sewtup is that they all have a private address on the lan i am trying to get to. [22:32] <_Neytiri_> our public ip's are 1 to 1 natted to the private addresses [22:33] How can I change the SSH banner "SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4" so that it doesn't include the "Debian-3ubuntu4"? [22:33] _Neytiri_: most servers listen to ssh [22:33] tsrk: why? [22:34] RoyK: My PCI compliance scan considers it to be OS disclosure [22:34] tsrk: AFAIK that's compiled into sshd [22:34] <_Neytiri_> RoyK| i know that i need to vpn over that and have remote and local network access [22:34] RoyK: Unless it's getting the OS from SSH somewhere else... is there somewhere else it's "disclosing the OS"? [22:35] tsrk: you shouldn't be afraid of disclosing your OS, you should secure it [22:35] RoyK: I'm not, but I need to follow PCI policy, and they consider it an unnecessary risk. [22:35] tsrk: there are people around that think disclosing the OS is a security breach, but it's not, the security breach is not securiing the OS [22:36] RoyK: Try telling that to PCI [22:36] PCI? [22:36] RoyK: https://www.pcisecuritystandards.org/ [22:36] tsrk: if that is a risk, add a firewall in front [22:36] RoyK: For transmitting/storing CC info [22:37] RoyK: It's a remote machine, so I need remote SSH access [22:37] to be quite honest, security by obscurity is no way to go [22:37] RoyK: Would limiting it by IP be the best solution? [22:37] even if you remove that from ssh, I can find the OS with an nmap scan [22:37] RoyK: How's that? [22:38] nmap uses tcp fingerprinting, unique to the OS [22:38] and can detect OSes quite nicely [22:38] RoyK: I think that was one of the things that I already had to disable [22:38] just beleive me - don't go for obscuring your system, just secure it [22:38] tsrk: nmap -O your-server-ip [22:39] RoyK: It's not my choice... Visa/MasterCard will fine me broke if I don't do what they want me to [22:40] tcp fingerprinting isn't something you can really avoid. it uses tiny differences in how different network stacks handle things [22:40] if I had to come up with an analogy, it'd be accents rather than replies [22:41] tsrk: then add a firewall in front [22:41] RoyK: Ok, I guess that'll work [22:42] tsrk: it'll work if the firewall adds proxies for the apps like ssh and apache [22:42] RoyK: I was thinking just block SSH from everywhere except where I need access from [22:42] well, that works too [22:43] /etc/hosts.deny etc [22:43] sshd reads tcpwrapper files [22:43] RoyK: Oh yeah, that'd be simpler... forgot about those files [22:43] or use iptables/ufw if you like to [22:43] <\sh> tsrk: read http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2003-02/0757.html about that issue [22:44] RoyK: oh, what do the hosts.... files apply to? [22:45] tsrk: I think \sh's answer is better [22:45] RoyK, \sh, Ok, thanks, I'll read that thread [22:45] tsrk: still, security should be on the host, not trying to camuflage the host [22:45] <\sh> tsrk: the version banner is within the protocol spec. you can just change it in the sourcecode, but you need to provide at least the default stuff... [22:46] RoyK: I know, I don't do this on any of my other servers, but I need to on this one because it handles CC data [22:46] * RoyK wonders why anyone would add it as a so-called security arrangement to disallow the version of the OS [22:47] <\sh> the important message is http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2003-02/0770.html in this thread...it says all you need to know about that matter...tell your PCI it's not worth a dime ;) close the port via port filter from the outside allow ssh logins only from trusted ips eventually only via vpn [22:47] I don't care - any OS should be secured, never mind its version [22:48] ssh is a sort of vpn [22:49] <\sh> RoyK: yes...vpn was more in the meaning of a trusted access point to your inner network...eventually do the jumphost game [22:49] RoyK: I think these standards are designed for people running MS software... one of the requirements is running anti-virus software [22:50] tsrk: hehe [22:50] * RoyK isn't running anti-viral software and doesn't have to [22:51] * \sh runs anti-vir software all the time...it's a good tool...named Ubuntu/Fedora/OpenSUSE/Gentoo/etc ;) [22:51] what Windows users call antivirus, is not really antivirus. They scan for trojan horses, etc, which are not unique to Windows. [22:51] RoyK: also, I had to make apache and PHP hide their versions because the scan was detecting the old version numbers and telling me to upgrade, not taking into account of course the backported patches that ubuntu (and I assume everyone else) uses [22:52] we do have antirootkitscripts, etc. [22:52] \sh: unfortunately I don't think that'd count if they audited me [22:52] <\sh> tsrk: it's a problem with those companies...they don't care about distros but only about upstream versions [22:52] \sh: so I installed clamAV and hope that it counts [22:53] \sh: yep [22:53] PCI should just have one requirement that says "don't be a moron" and be done with it [22:54] <\sh> tsrk: our pentest company did the same, and then I gave them a shell on a honeypot server they tried to break into the systems in the backend...they failed [22:55] \sh: heh yep.... stuff is a lot more secure these days than it used to be I guess [22:55] <_Neytiri_> how do i setup a vpn server and have the remote clients have local and remote netwrok access over a ssh connection [22:56] <\sh> the only mistake I made was to provide an uudecode tool..so they pushed their pentest software (shared linked as I saw later) and uudecoded the binary..but invane, our libs etc. were incompatible with their apps...and they weren't able to static link them, because of "no clue about static linking" ;) [23:03] \sh: hah nice! [23:08] <\sh> now end of business for today..heading home :) [23:11] Oh nice irc from my iPhone [23:11] Frank__: I just wish a network with decent coverage had the iPhone :) [23:12] they do :) lots of them. just not in the US :p [23:12] True I know but AT&T actually been pretty good for me [23:12] shauno: yeah, the US is a little bit slow on these technologies [23:13] Freaking dems taking all the r and d cash [23:13] Frank__: i go enough places that they don't cover that it'd be a problem [23:13] I'm not sure slow is the right term. I imagine blanketing every city in ireland was a significantly easier task [23:13] shauno: yeah, but still [23:13] shauno: sorta unrelated but look at the freaking measurement system [23:14] shauno: americans don't like change, be it measurements or cell phone tech [23:14] Lol I love starting an argument [23:14] Frank__: i started the argument! [23:15] I'm not arguing :) I've lived in the US, so I've seen both sides. [23:15] the grass is only greener here because it never stops raining :) [23:15] <_Neytiri_> how do i setup a vpn server and have the remote clients have local and remote netwrok access over a ssh connection [23:15] shauno: i live here now and everyone is stupid [23:16] I've discussed this with someone before. that is something I found very curious [23:16] I found very, very few americans I didn't like. but their "hive mind" is something completely different. I'm still not sure how that works [23:17] (way off-topic, I know) [23:20] shauno: hive mind? [23:22] the group-think doesn't seem to match the individuals, at all [23:23] shauno: can you give an example? i still don't understand [23:23] shauno: i probably suffer from this hive mind you speak of [23:24] it is odd to explain. I found you could have a perfectly reasonable conversation about politics with one or two people, and it be fine [23:24] you get a group of them, and suddenly you're terrified of being the foreigner that's criticizing their country [23:24] <_Neytiri_> can someone tell me how to route all traffic over a ssh tunnel? [23:25] I think all traffic would be difficult; ssh will tunnel individual ports. you'd likely want a http or socks proxy on the other end, depending on the actual application [23:26] if you actually want to set the tunnel as a route, you're probably better looking into vpns [23:26] <_Neytiri_> shauno: i have tired vpns wint no luck [23:27] shauno: i think i see what you mean.... i've never seen anything different though so i guess it seems normal to me, but i think it's just the majority being the majority and acting based on what they have in common [23:27] <_Neytiri_> i also have a limeted number of ports that are poked through the firewall [23:28] Vpns alway make me crazy from slowness [23:28] I use ssh & tinyproxy for http; I really can't think of a sensible way to send literally everything [23:29] shauno: can't you dynamically forward using socks? [23:29] like ssh -D 1080 ... [23:29] and locally connect to port 1080 as a socks proxy? [23:30] I assume socks would work because it's targetted as a single port, rather than a host/route. but that I haven't tried [23:31] (it's not a no, just a genuine "I've no idea how to create a new route without having it exposed to the OS as a network interface@) [23:38] I found an awesome explanation of PCI requirements: https://www.pcisecuritystandards.org/about/pcidss_rocks_video.shtml [23:40] <_Neytiri_> well is there a way i can do a vpn over 22? [23:42] Hey, I have a modem with 4 wired ports on it. one of the ports connects to a wireless router, which also has 4 wired ports. The computes hooked to the wireless router can ping computers on the modem ports, but the modem ports cannot ping the computers on the wirless ports. Is that even possible? [23:43] 22 is sftp [23:43] Fross: the router is NAT'ing the computers connected to it [23:43] Fross: (most likely) [23:44] Is the wireless bridged or sep nw [23:44] Fross: if you want them to be on the same network as the ones connected to the modem, you should disable the router's DHCP server and connect the modem to a standard port on the router (rather than the WAN one) [23:45] tsrk: thank ill try that out quick [23:49] Should the router still have the wireless capabilitys with this configuration? [23:54] Fross: yes [23:56] anyone else want to help give me ideas on how to troubleshoot failing win2k3 guest instances using qemu-kvm on ubuntu 10.04? [23:58] Who's password is required for straight 'su' command? All i'm getting is 'Authentication Failure'. I'm trying to access a folder which i'm denied from (/var/lib/folder/). [23:58] iarp: for 'su', the target's password [23:59] for 'sudo', your password [23:59] Ok now my system that is connected to the wireless router port has the same local ip as the modem, but i still can not ping the system [23:59] iarp: by default, there's no password that works with Ubuntu's "su" command (since root has no password)