[02:29] <Techie> i am currently using iptables for my gateway, however this does not seem to support uPnP port forwarding, is there an alternative that does support uPnP?
[02:31] <Patrickdk> ya, iptables :)
[02:31] <Patrickdk> linux-igd
[02:31] <Techie> do explain?
[02:32] <Techie> does linux-igd work with iptables, or is it a gateway software itself?
[02:33] <Patrickdk> that is why google exists
[02:33] <Techie> i was hoping you might be able to inform me while i furiously search, however google does make the world go roun
[02:33] <Techie> round*
[02:36] <Techie> hrmm, will be back in a bit, gotta put my server back into the network
[08:49] <aslan> hi, i work in hospital and we have almost 150 client, we try to use Active Directory Domain Controller, but if we do this, we will have so much money to pay for licence. i want to install computers ubuntu. our hospital software works in linux. and i want to make something like windows Active Directory system, i hear about openldap and pfsense. i take a look of them and these are so confused for me. does anyone suggest me a good software same active
[08:49] <aslan> directory ? but i want software that can be controlled with a good user interface. thanks.
[09:16] <volkan> Heey! Saturday morning terror... I wanted to install some packages on our ubuntu server and after a connection error the amazon based server was unavailable. Only stopping and starting the instance got the server back to life. Now i tried dpkg --configure -a to finish the installation but the server got unavailable again.... Heeeelp?
[09:50] <raphink> volkan: first you could try running the dpkg --configure in a screen
[09:50] <raphink> in case the configure steps cut the ssh connection, it will at least allow them to continue while the ssh is cut
[09:51] <volkan> heey! Thank you...
[09:51] <raphink> and then you can reattach later
[09:51] <volkan> @raphink: dpkg: --configure needs at least one package name argument
[09:51] <raphink> volkan: -a I mean
[09:51] <raphink> the one you were trying
[09:51] <raphink> maybe it could be interesting to see the list of packages yet to configure
[09:52] <raphink> dpkg -l | grep '^iU'
[09:52] <raphink> will tell you that
[09:52] <raphink> that migth give you a hint on which package is the issue
[09:52] <volkan> Thes server get's unavailable when i run dpkg --configure -a...
[09:52] <raphink> I understood that part volkan
[09:53] <volkan> I just activated multiverse to install the ec2 admin tools... The last ssh output is: Setting up openjdk-6-jre-headless
[09:53] <raphink> so I'm suggesting ways to find out why and fix it
[09:53] <volkan> update-alternatives: using /usr/lib/jvm/java-6-openjdk/jre/lib/jexec to provide /usr/bin/jexec (jexec) in auto mode.
[09:53] <volkan> Uh... Nice:
[09:53] <raphink> by unavailable, what do you mean exactly?
[09:54] <raphink> does the ssh connection reset
[09:54] <raphink> do other services still work?
[09:54] <raphink> does the server crash (and do you have anything in dmesg then?)?
[09:54] <volkan> ssh connections hangs... apache off everything is gone...
[09:54] <raphink> alright
[09:54] <volkan> what is dmesg?
[09:54] <raphink> kernel messages
[09:55] <raphink> useful to debug when a machine crashes
[09:55] <raphink> type "dmesg" in a console
[09:55] <volkan> i did dpkg -l | grep '^iU' Do you want the output?
[09:55] <volkan> ok
[09:55] <raphink> you could paste the output of dpkg -l | grep '^iU' in a pastebin
[09:55] <raphink> pastebinit is a useful too for that by the way
[09:55] <raphink> dpkg -l | grep '^iU' | pastebinit
[09:55] <volkan> ok one moment!
[09:56] <raphink> (apt-get install pastebinit)
[09:56] <raphink> forget about that last one if you don't want to make your server crash again ;-)
[09:56] <volkan> no apt-get :)
[09:56] <raphink> just copy and paste into a pastebin :-)
[09:56] <raphink> or use pastebinit from your local machine :-)
[09:57] <raphink> ssh ubuntu@ec2-instance dpkg -l | grep '^iU' | pastebinit
[09:57] <volkan> http://pastebin.com/Z58tfutt
[09:57] <raphink> :-)
[09:57] <raphink> ok, that's dmesg
[09:57] <volkan> http://pastebin.com/166JW6hc
[09:58] <raphink> just these 6 lines?
[09:58] <volkan> Yes!
[09:58] <raphink> ok
[09:58] <raphink> and when you run dpkg --configure -a, you see
[09:58] <raphink> update-alternatives: using /usr/lib/jvm/java-6-openjdk/jre/lib/jexec to provide /usr/bin/jexec (jexec) in auto mode
[09:58] <raphink> and then it crashes
[09:58] <raphink> right?
[09:59] <volkan> new pastebin:
[10:00] <volkan> http://pastebin.com/F9avmFJk
[10:00] <raphink> ok
[10:01] <raphink> lets see
[10:01] <volkan> And when i do -a
[10:01] <raphink> can you paste the contents of /var/lib/dpkg/info/penjdk-6-jre-headless.postinst?
[10:01] <volkan> http://pastebin.com/HMuTPHi1
[10:01] <volkan> oh that was something else... Yes one minute...
[10:01] <raphink> sorry, missing an o
[10:01] <raphink> can you paste the contents of /var/lib/dpkg/info/openjdk-6-jre-headless.postinst?
[10:02] <raphink> ;-)
[10:03] <volkan> http://pastebin.com/HEVqzLQZ
[10:03] <raphink> sooo
[10:04] <raphink> the update-alternatives commands in run in the loop from 37 to 59
[10:04] <raphink> these work fine it seems
[10:04] <raphink> sorry, even down to 65 actually
[10:04] <volkan> Oke....
[10:04] <raphink> that's the jexec alternative
[10:04] <raphink> which we see works fine
[10:05] <raphink> or not actually
[10:05] <raphink> let me see :-)
[10:05] <volkan> By the way: Thank you! :)
[10:05] <raphink> we see
[10:05] <raphink> update-alternatives: using /usr/lib/jvm/java-6-openjdk/jre/bin/tnameserv to provide /usr/bin/tnameserv (tnameserv) in auto mode.
[10:05] <raphink> and then it crashes
[10:06] <raphink> tnameserv is listed in jre_tools, so it's in the loop from 37 to 59 probably that it crashes
[10:06] <raphink> or right after
[10:06] <volkan> Can't i just cancel that install?
[10:07] <raphink> you could
[10:07] <raphink> but I'd rather find why it does that :-)
[10:07] <volkan> Ok!
[10:07] <volkan> Better!
[10:09] <volkan> By the way: i'm doing all the server stuff but i'm kind of an advanced noob... Are you available for paid support sometimes?
[10:09] <raphink> I don't have a company to bill
[10:09] <raphink> canonical provides server support, you know?
[10:09] <raphink> :-)
[10:10] <raphink> let's see
[10:10] <raphink> can you try running this (long command)?
[10:10] <volkan> haha... ehm... i don't have the company that can pay for it :)
[10:11] <raphink> update-alternatives --install /usr/bin/jexec jexec /usr/lib/jvm/java-6-openjdk/jre/lib/jexec 1061 --slave  /usr/share/binfmts/jar jexec-binfmt /usr/lib/jvm/java-6-openjdk/jre/lib/jar.binfmt
[10:11] <raphink> can you run that?
[10:11] <volkan> ok...
[10:11] <volkan> update-alternatives: using /usr/lib/jvm/java-6-openjdk/jre/lib/jexec to provide /usr/bin/jexec (jexec) in auto mode.
[10:12] <raphink> and it doesn't crash?
[10:12] <volkan> but seriously we could buy you stuff at amazon... Is actually better than getting payed... You will get presents!
[10:12] <volkan> nope!
[10:12] <raphink> ok
[10:12] <raphink> let's try another one
[10:12] <volkan> it's still there..
[10:12] <raphink> (thanks for the suggestion ;-)
[10:13] <raphink> hmmm
[10:13] <raphink> edit  /var/lib/dpkg/info/openjdk-6-jre-headless.postinst
[10:14] <raphink> and add "set -x" after the line that says "set -e"
[10:14] <raphink> so that will add a line 6 before current line 6
[10:14] <raphink> right
[10:14] <raphink> ?
[10:14] <volkan> yes!
[10:14] <raphink> save the file
[10:15] <raphink> then run
[10:15] <volkan> did it..
[10:15] <raphink> dpkg --configure -a
[10:15] <raphink> again
[10:15] <volkan> :)
[10:15] <raphink> that will make the whole thing verbose
[10:15] <raphink> so we see where exactly this "Timeout, server not responding" message comes from
[10:16] <volkan> http://pastebin.com/mx7nFfiD
[10:16] <volkan> oke stopping and starting the instance again...
[10:16] <raphink> is that all you saw?
[10:17] <volkan> Yes...
[10:17] <volkan> And the timeout server not responding...
[10:17] <raphink> ah, you did see it
[10:18] <raphink> so you're crashing at line 80
[10:19] <raphink> line 74 is nuts
[10:19] <raphink>     case java-6-openjdk in
[10:19] <raphink>         *cacao|*shark);;
[10:19] <raphink>         *)
[10:19] <raphink> etc.
[10:19] <raphink> the string "java-6-openjdk" will never match *cacao or *shark
[10:20] <raphink> from your package list yet-to-be-configured
[10:20] <raphink> I see you have cacao, so I guess you want to use that
[10:20] <raphink> and the statement at line 74 is wrong and gets you in the default case when  you should enter the first one, which does nothing
[10:20] <raphink> and hence does not crash ;-)
[10:20] <volkan> sorry no idea what cacao is but it some dependency...
[10:21] <raphink> you know what
[10:21] <raphink> change line 74 (which is now 75 for you with set -x)
[10:21] <raphink> sorry, line 75, now 76
[10:21] <raphink> into
[10:21] <raphink>    *|*cacao|*shark);;
[10:21] <raphink> save and run dpkg --configure -a again
[10:21] <raphink> ;-)
[10:22] <raphink> so you don't get into the case that crashes for you
[10:22] <volkan> instance isn't up already... just a sec...
[10:22] <raphink> ok
[10:24] <volkan> YEEEY!
[10:24] <volkan> Hero of my weekend!
[10:25] <raphink> now you have to make sure that java actually works ;-)
[10:26] <volkan> Do you a quick test?
[10:26] <volkan> Do you know a quick test?
[10:26] <raphink> well I don't know, there's probably a reason why you have java installed on this server, no?
[10:26] <raphink> :-)
[10:27] <volkan> dependency of amazon tools... I just tried them seems to work!
[10:27] <raphink> ok then that should be fine
[10:27] <raphink> :-)
[10:27] <raphink> that said, it might not hurt to open a bug on this package
[10:27] <raphink> with your fix and a note on how the case statements look very weird ;-)
[10:27] <volkan> Really thank you... You saved my weekend... should i do it or do you want to do it?
[10:27] <volkan> I will do it!
[10:28] <raphink> thank you
[10:28] <raphink> you can subscribe me
[10:28] <volkan> How?
[10:29] <raphink> there's a subscribe someone link to the right of each bug
[10:29] <raphink> put "raphink"
[10:29] <raphink> :-)
[10:29] <volkan> oke! You are not interested in amazon stuff are you :) ?
[10:29] <volkan> I have some performance problems on a lamp stack...
[10:43] <jfb_h20> suddenly my computer won't boot when a external USB drive is plugged in... any suggestions on what to check?
[11:20] <a7ndrew> bios boot order?
[12:06] <peta> hello everybody
[12:06] <peta> i'm faced by a tricky challenge
[12:10] <peta> i got a remote machine based on 10.04. during the the last days i set it up, did finetuning and securing. now i want to "clone" the system, transfer the image via ssh to my local machine and use it in a virtual machine. the remote machine has has a 2x750gb RAID1 setup. the problem is that i only want to "clone" the actual os files (users,groups,packages, settings, asf.) without the grub settings, so that i can just copy the image 
[12:10] <peta> use it without a neat.
[12:12] <peta> might it be sufficient to do a remote rsync, or some other "simple" file/folder copy action?
[13:25] <downloadSSH> ei
[13:25] <downloadSSH> in BIOS of my old computer there is an option for "shared memory"
[13:25] <downloadSSH> what is that
[13:26] <downloadSSH> I think it's related with the graphics card
[13:28] <downloadSSH> so.. should I disable it since I am running ubuntu server?
[13:59] <froud> Hi, have Ubuntu Server Ubuntu 10.04.2 LTS with LAMP stack installed and Postfix. Having trouble enabling php mail to send mail from apps like joomla and weberp, but when I run my own script using phpmail it works. I've tried removing postfix for sendmail but the result remains the same, cannot send messages from phpmail functions. Anything one may suggest I have missed. The same problem is...
[13:59] <froud> ...on two servers.
[14:07] <downloadSSH> ok so now I have another issue
[14:07] <downloadSSH> in TTY
[14:07] <downloadSSH> im trying to type !
[14:08] <downloadSSH> but it adds some chars
[14:08] <downloadSSH> I am using alt + !
[14:34] <downloadSSH> do you know what this means
[14:34] <downloadSSH> "ac97 codec read timeout"
[14:34] <downloadSSH> in tty
[15:21] <DrDetroit> Dovecot seems to have loaded at install, and I have postfix also installed, but not running. Can someone point me to a good howto on how to get postfix and dovecot working correctly on ubuntu-server 10.04
[15:22] <TTY_problem> "With some keyboard layouts, AltGr is a modifier key used to input some characters, primarily ones that are unusual for the language of the keyboard layout, such as foreign currency symbols and accented letters. These are often printed as an extra symbol on keys."
[15:23] <TTY_problem> AltGr key replacement:
[15:23] <TTY_problem> than i dont know what to choose
[15:27] <jmarsden> TTY_problem: With some (many) other keyboard layouts, there is no AltGr key... so if you do not have one, leave it out :)
[15:27] <TTY_problem> U have it
[15:27] <TTY_problem> I
[15:28] <TTY_problem> jmarsden
[15:28] <TTY_problem> it's next to space bar
[15:28] <TTY_problem> jmarsden: http://i55.tinypic.com/2dkfern.png
[15:28] <jmarsden> TTY_problem: You have one labelled AltGr?  or you are trying to fake an AltGr key by using some other 'replacement' key?
[15:29] <TTY_problem> jmarsden: I have one key saying alt gr
[15:30] <TTY_problem> ¬££££§@@££@@£
[15:30] <jmarsden> if it is just to the right of the space bar, the default "Right Alt" is probably the one you want.
[15:30] <TTY_problem> see
[15:30] <TTY_problem> ok
[15:30] <TTY_problem> :)
[15:30] <TTY_problem> now it's asking for a compose key
[15:31] <TTY_problem>                  │ The Compose key (known also as Multi_key) causes the computer to interpret the next few keystrokes as a combination in order to produce a character not found on the keyboard.                           │
[15:31] <jmarsden> Same deal.  if you don't have one, tell it you don't have one.
[15:31] <TTY_problem> jmarsden: when I use thr arrows in TTY it types characters
[15:31] <TTY_problem> :s
[15:32] <jmarsden> That might not be a keyboard-configuration issue, you can usually fix that with entries in ~/.inputrc
[15:33] <jmarsden> But for now use the tab key to move around, or try ctrl-n for next and ctrl-p for previous instead of using the arrow keys.
[15:35] <TTY_problem> jmarsden: right arrow = [C
[15:35] <TTY_problem> damn
[15:35] <jmarsden> DrDetroit: the dovecot-postfix package does the configuration work for you...
[15:36] <jmarsden> TTY_problem: That's fine, that can be fixed with .inputrc and is not a keyboard layout issue.
[15:36] <DrDetroit> jmarsden: i get an error /etc/main.cf not found
[15:36] <TTY_problem> how jmarsden ?
[15:36] <TTY_problem> I just want to fix the ! and 1 problem
[15:37] <jmarsden> DrDetroit: Did you install postfix from the Ubuntu package, or from a tarball??
[15:38] <DrDetroit> jmarsden I chose it when I did the initial server installation
[15:38] <DrDetroit> I can see dovecot is running, and I assume when I get a main.cf in the /etc dir it will run also
[15:38] <RoyK> DrDetroit: iirc, that should be /etc/postfix/main.cf
[15:39] <DrDetroit> Royk: I know, but it is not there
[15:39] <DrDetroit> I am wondering if i have to run some sort of postconf command to get one
[15:39] <TTY_problem> ok it's in /etc/imputrc
[15:39] <TTY_problem> how do i fix it
[15:40] <jmarsden> DrDetroit: The package version of postfix looks in /etc/postfix for main.cf not in /etc/
[15:40] <DrDetroit> i apoligize, I am in /etc/postfix and main.cf is not there
[15:40] <jmarsden> TTY_problem: Try  as a test    export INPUTRC=/etc/inputrc
[15:40] <RoyK> DrDetroit: postfix comes with a generic one
[15:41] <DrDetroit> there is no main.cf in the /etc/postfix directory
[15:41] <RoyK> or (iirc) dpkg --configure postfix will create one
[15:41] <jmarsden> DrDetroit: OK, so can you do    sudo dpkg-reconfigure dovecot-postfix
[15:41] <TTY_problem> jmarsden: what does the command do?
[15:41] <RoyK> erm, dpkg-reconfigure - yes
[15:41] <RoyK> ignore my post above
[15:41] <DrDetroit> ok thank you I wil try that
[15:41] <jmarsden> TTY_problem: sets a variable that makes your shell read that file of key mappings
[15:42] <DrDetroit> jmarsden: ah dovecot-postfix is not installed
[15:43] <TTY_problem> jmarsden: im sshing to the computer and other keyboard is connected but im stuck at login prompt
[15:43] <TTY_problem> because of keyboard layout
[15:43] <jmarsden> DrDetroit: Yu can either configure each of them separately, or use that package to do both together.  Using dovecot-postfix is, I would say, easier for beginners.
[15:44] <DrDetroit> can i istall that package with apt-get install dovecot-postfix?
[15:44] <jmarsden> TTY_problem: Do you have this issue on your local machine, or only over SSH?
[15:44] <TTY_problem> jmarsden: the problem is the keyboard in TTY
[15:44] <TTY_problem> over SSH works fine
[15:44] <jmarsden> DrDetroit: Yes.  Might be good to sudo apt-get purge dovecot postfix    # first, to remove the ones you have installed now.
[15:45] <jmarsden> TTY_problem: You said: <TTY_problem> jmarsden: im sshing to the computer and other keyboard is connected but im stuck at login prompt
[15:45] <jmarsden> So now I am confused, which is it? :)
[15:46] <TTY_problem> jmarsden: im stuck localy
[15:46] <jmarsden> Ah, that's not what I thought you said earlier.
[15:46] <TTY_problem> jmarsden: because I need to type ! for the password ;)
[15:46] <jmarsden> WHy would arrow keys not working prevent you from logging in locally?
[15:46] <TTY_problem> but 1 or ! chars dont work
[15:47] <TTY_problem> and arrows also dont work
[15:47] <TTY_problem> and backspace
[15:47] <TTY_problem> and delete..........
[15:47] <TTY_problem> got it?
[15:47] <TTY_problem> :p
[15:47] <TTY_problem> all this in TTY from where im trying to login
[15:48] <jmarsden> And there is a 1 or a ! in your password??
[15:48] <TTY_problem> yes
[15:48] <TTY_problem> there is a !
[15:49] <TTY_problem> and it shows "login incorrect" becuaseo obviously the password was not typed correctly because of keyboard
[15:49] <TTY_problem> because*
[15:50] <DrDetroit> jmarsden: one final question, when configuring postfix, i am assuming I do NOT choose use procmail, since dovecot will used, is that correct?
[15:51] <TTY_problem> this is really annoying problem
[15:51] <jmarsden> DrDetroit: From memory, don't specify postfix as the local delivery agent unless you need it.  procmail and dovecot do different things
[15:51] <jmarsden> TTY_problem: Sounds like at install time the wrong kind of keyboard was specified, or else there is a bug somewhere in how Ubuntu handles your keyboard...
[15:52] <jmarsden> But let me play a little before I give you more things to try...
[15:52] <DrDetroit> jmarsden: thank you I will play arround with this for a while
[15:52] <jmarsden> DrDetroit: You're welcome
[15:52] <TTY_problem> jmarsden: when I installed it everything worked fine
[15:52] <TTY_problem> now doesnt
[15:52] <TTY_problem> really weird.
[15:53] <jmarsden> TTY_problem: OK... so what changed just before it stopped working?
[15:54] <TTY_problem> nothing
[15:54] <TTY_problem> just installed things on the server
[15:56] <TTY_problem> :s
[15:56] <jmarsden> What things?  Anything keyboard or input related?
[15:57] <jmarsden> OK, one more thing to try:   sudo dpkg-reconfigure console-setup   # Did you do this already?
[16:03] <TTY_problem> jmarsden: yes
[16:05] <jmarsden> OK... I'm running out of ideas... does the output of     grep  ^X /etc/default/console-setup      look reasonable for your keyboard?
[16:05] <jmarsden> (on the ssh session, obviously, since you can't yet log in locally)
[16:05] <TTY_problem> jmarsden:
[16:05] <TTY_problem> the problem is the key "1"
[16:06] <TTY_problem> it's adding chars
[16:06] <TTY_problem> :P
[16:07] <jmarsden> You mean you have a sticky '1' key, a hardware issue with the keyboard??
[16:07] <TTY_problem> jmarsden: output http://pastebin.com/raw.php?i=keSY0y1j
[16:08] <jmarsden> Seems sane to me.  Can you check whether other Linux/Ubuntu PCs you have that work fine have the same settings there?
[16:09] <TTY_problem> jmarsden: I even counted the keys
[16:09] <jmarsden> I'm guessing you have a desktop machine or laptop, as well as the server?
[16:09] <TTY_problem> it has 105 keys
[16:09] <TTY_problem> then i searched for the model on the  wweb and  found a site say my model is 107/108 keys
[16:09] <TTY_problem> :P
[16:19] <jmarsden> TTY_problem: One more (maybe strange?) idea: Can you swap the keyboard of the server with the keyboard of some other PC, just to check that the issue is not a hardware problem in the keyboard itself?
[16:20] <TTY_problem> jmarsden: ill try
[16:20] <TTY_problem> jmarsden: btw im in recovery mode now
[16:20] <TTY_problem> and im browsing the system with root user
[16:20] <TTY_problem> o.o
[16:20] <TTY_problem> i didnt type the password but i logged in
[16:20] <jmarsden> Why?  You were browsing it over SSH just fine before... Anyway... try swapping keyboards and see if that helps.
[16:44] <TTY_problem> changed the keyboard now it works.
[16:45] <jmarsden> TTY_problem: OK, so it was a hardware issue... annoying, but buying a new keyboard should be inexpensive :)
[16:49] <TTY_problem> jmarsden: I installed Ubuntu with another keyboard but I was convinced that i didnt :P
[16:50]  * RoyK renicks TTY_problem to PEBKAC_problem
[16:52] <TTY_problem> jmarsden: using recovery mode I edit /etc/hosts file without typing a password
[16:53] <TTY_problem> isnt this really dangerous..
[16:53] <RoyK> TTY_problem: just set a root password
[16:54] <RoyK> sudo passwd root
[16:54] <RoyK> it's all documented in the handbook
[16:54] <RoyK> !handbook
[16:54] <RoyK> wtf
[16:55] <RoyK> !guide
[16:55] <RoyK> sorry
[16:58] <jmarsden> TTY_problem: Anyone with physical access to your machine can fairly easily do anything they want to it anyway (e.g. boot from a CD, or even remove its hard drives!), so recovery mode not needing a password is not a significant weakness in practice.  Servers need good physical security.
[17:00] <TTY_problem> jmarsden: yeah but I would know that I got "robbed"
[17:00] <TTY_problem> if they edit files I wont notice xP
[17:00] <jmarsden> TTY_problem: So if they boot from a CD, edit files and reboot, how is that different from booting into recovery mode in terms of damage done or discoverability?
[17:02] <TTY_problem> jmarsden: couldnt 'they' install a  keylogger..
[17:02] <TTY_problem> jmarsden: Im just worried with the system not the hardware
[17:03] <jmarsden> Yes, either by booting from CD or using recovery mode :)  Physical security is important.  Secure your server.
[17:03] <TTY_problem> so I just need to set a root password right?
[17:03] <jmarsden> No, that does not prevent someone walking up to the sevrer and booting it from a CD.
[17:03] <jmarsden> You "just" need to physically secure your servers.
[17:04] <TTY_problem> jmarsden: ah you disabling boot from cdrom
[17:04] <TTY_problem> in bios
[17:04] <TTY_problem> and setup a password etc?
[17:05] <TTY_problem> you mean*
[17:05] <TTY_problem> or just lock the server on a room?
[17:05] <TTY_problem> :p
[17:05] <jmarsden> Then they remove the drives, connect them to their laptop and edit the files, then put your drives back in.
[17:05] <jmarsden> I mean you physically secure your servers.
[17:05] <TTY_problem> ye
[17:05] <jmarsden> Locking them up is one way to do that, yes.
[17:05] <TTY_problem> jmarsden: if I encrypt the disks
[17:05] <TTY_problem> they cant edit
[17:06] <TTY_problem> the files right
[17:06] <TTY_problem> they cant access
[17:06] <jmarsden> Yes, if you use full disk encryption and get it exactly right you can avoid that kind of attack.  Is the risk of such attack really worth the extra work and issues of using full disk encryption for your circumstances?
[17:08] <TTY_problem> jmarsden: no
[17:08] <TTY_problem> jmarsden: Im just trying to understand how to secure a server
[17:08] <TTY_problem> but in practice i dont need it
[17:08] <TTY_problem> at least now
[17:09] <jmarsden> There are books written on that subject... read them when you need them.
[17:11] <TTY_problem> k
[17:11] <TTY_problem> jmarsden: should I use a password in BIOS?
[17:11] <TTY_problem> if I lost it how can I reset it?
[17:12] <jmarsden> That depends on the motherboard, usually there is a BIOS reset jumper you can use to set the BIOS back to a default state...
[17:14] <DrDetroit> Jmarsden: thanks for your help, I have my postfix sending mail, but not receiving it, but thats ok for now anyways, since I am trying to set up a replacement server and can't set the correct domain name until i retire the old box
[17:15] <DrDetroit> jmarsden:
[17:15] <jmarsden> DrDetroit: You're welcome.
[17:15] <DrDetroit> now onto configuring the eth0 for a fixed ip, even though I dont want to use that yet
[17:15] <TTY_problem> jmarsden: yeah I've reset it phisically
[17:16] <TTY_problem> ok so that's it
[17:16] <TTY_problem> doesnt matter to use password in bios if the "attacker" can open the computer
[17:16] <TTY_problem> :p
[17:18] <jmarsden> DrDetroit: https://help.ubuntu.com/10.04/serverguide/C/network-configuration.html see section titled "Static IP Address Assignment"
[17:18] <DrDetroit> jjmarsden: thanks again! I have 2 ethernet ports, currently using eth1 for my connection, but will try and set eth0 as a fixed ip interface for when I put the box in place
[17:19] <jmarsden> TTY_problem: Right.  So you end up back at "physically secure the machine" :)
[17:20] <TTY_problem> :)
[17:31] <RoyK> TTY_problem: a good approach is to monitor system uptime and react if the system was taken down - then - if your data requires safety, encrypt the data part.
[17:31] <RoyK> or, as jmarsden says, simply secure the physical system
[17:32] <RoyK> TTY_problem: a server secured by 100 tons of cement, not connected to a network, will be safe, but not very usable :P
[17:36] <TTY_problem> heh
[17:36] <TTY_problem> :)
[17:36] <TTY_problem> later
[18:30] <TTY_problem> back
[18:52] <TTY_problem> damn
[18:53] <TTY_problem> I can type ! and 1 in gedit
[18:53] <TTY_problem> but in terminal it adds characters
[18:53] <TTY_problem> really weird
[18:53] <TTY_problem> if i type 1 it writes  ~1
[18:59] <kb_problem> damn lulz
[19:31]  * davygravy greets ubuntu-server-gurus, acknowledges their network expertise... clears throat and proceeds to ask his question...
[19:31] <davygravy> not ubuntu-server oriented specifically, but was referred here after visiting ubuntu channel
[19:33] <davygravy> I've got a bootloader on an embbedded/NAS device that will only boot if it can ping & get a response from a specific (hardcoded) ip addy
[19:34] <davygravy> what console utility (cli) will send a spoofed response to it, spoofing that ip?
[19:37] <jmarsden> davygravy: Just add that IP as an alias on one of your existing network interfaces; the network stack will respond to pings, not any cli tool :)
[19:38] <davygravy> hmmm... the hardcodded ip addy belongs to a dev machine ...  which because it is powerhungry 700W beast, is turned off frequently
[19:39] <jmarsden> Then change the dev machine to use some other IP and then proceed as I suggested :)
[19:40] <davygravy> dev machine provides a tftp server that sends initrds to the embedded devices when their drives die, allowing them to go into an emergnecy/maintenance mode
[19:42] <jmarsden> davygravy: Either use that "dev machine" as a tftp server and leave it on 24x7, or migrate that tftpd function to some other less power guzzling machine that you leave on 24x7 -- either it is a server that can be expected to be around, or it is not, you can't have it both ways :)
[19:42] <davygravy> tftp server addy is hardcoded, as well, into the bootloaders
[19:42] <davygravy> yeah, the router runs uclibc optware, so I should be able to migrate stuff to it
[19:44] <jmarsden> davygravy: hack the bootloaders to use DHCP or BOOTP, maybe, to get that tftp server address dynamically?  Hard coding things like that is ... not pretty.
[19:46] <davygravy> thanks, jmarsden- I'm thinking that I can go in and tinker w/ nvram maybe... maybe not-so-hard-coded
[19:46] <davygravy> thanks for the chance to bounce ideas  ;)
[19:48] <davygravy> the router can run netcat/nc (so I can manipulate the boot process via netconsole), as well, so problem might be solved
[19:54] <jmarsden> davygravy: You're welcome :)
[19:55] <storz> I have a bit of an easy question but I have a feeling that there is alot more to it than just this.
[19:55] <storz> I'm following the guide https://help.ubuntu.com/10.04/serverguide/C/postfix.html
[19:55] <storz> What would be my imap username, server, and password?
[19:56] <jmarsden> storz: (a) if you are running imap on your own server, you should know what your own username, password and hostname are ; (b) if you use IMAP provided by an ISP, ask them for that info :)
[19:56] <jmarsden> storz: IMAP is not something provided by postfix, btw, so you might be a little confused?
[19:57] <uvirtbot`> New bug: #743280 in samba (main) "Folder-watching is broken" [Undecided,New] https://launchpad.net/bugs/743280
[19:59] <storz> @jmarsden: I'm running it myself.  I've installed dovecot as per that guide so imap should be working, correct?  And yes, I am incredibly confused.  This is my first go at a mail server.
[19:59] <storz>  assume that my username would be the username I set up (storz@mydomain.com) and my password.  But I'm getting password mismatch errors when I attempt to connect in my mail log.
[19:59] <storz> Mar 26 12:47:16 ve dovecot: auth-worker(default): pam(storz@ve.7hnjx2yh.vesrv.com,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?)
[20:00] <jmarsden> storz: Unless you are using virtual domains in some way, your username is probably storz, not storz@mydomain.com
[20:00] <jmarsden> BTW this is about dovecot, not postfix, see the log line you just posted :)
[20:02] <Jasonn> How do i install KLIPS support on ubuntu server?
[20:02] <storz> jmarden: are you referring to apache's virtual domains?  If so then yes, I am using them.
[20:02] <jmarsden> storz: No, I am referring to dovecots virtual domains, because it is dovecot you are authenticating to :)
[20:03] <jmarsden> storz: Can you just    telnet localhost imap     and then type in     .login storz yourpassword    and see what happens ?
[20:04] <jmarsden> Oh, that should be   . login storz yourpassword
[20:04] <jmarsden> (with a space between the . and the login)
[20:06] <jmarsden> Jasonn: I don't really know, but ipsec tncfg  may help, see http://manpages.ubuntu.com/manpages/lucid/man8/ipsec_tncfg.8.html
[20:11] <Jasonn> thanks
[20:11] <jmarsden> Jasonn: You're welcome
[20:12] <Jasonn> Do you have any idea of how to install it?
[20:12] <Jasonn> Or better yet
[20:12] <Jasonn> could you explain to me like a 5 year old how to install a vpn?
[20:12] <jmarsden> Jasonn: sudo apt-get install openswan
[20:13] <jmarsden> If you need "like a 5 year old", why are you asking about KLIPS >
[20:13] <Jasonn> Because
[20:13] <Jasonn> it sais that KLIPS support is not installed
[20:13] <jmarsden> Step back and ask your real question.  What are you trying to do?  What devices or computers will be at each end of the VPN tunnel?
[20:15] <Jasonn> My server on one end
[20:15] <Jasonn> and my desktop on the other
[20:15] <Jasonn> and my cellphone too
[20:15] <storz> jmarsden: Got it.  Thanks.  No, I can't.  I get NO (AUTHENTICATIONFAILED) Authentication failed.
[20:15] <davygravy> jmarsden: thanks, I think I found the solution I was originally looking for ...   icmpush ... will build this w/ my Buildroot/uclibc toolchain & try it that way.  In any case, thanks for your advice & insight.
[20:16] <storz> Hold on.  Could it be that I have my dovecot installed incorrectly?
[20:16] <storz> Postfix definitely is correct as I can receive email no problem.  Perhaps my dovecot is not reading my email database for logins?
[20:16] <jmarsden> storz: by default dovecot uses the unix password database
[20:16] <jmarsden> storz: That is why I said you should know your own username and pw earlier on :)
[20:16]  * davygravy waves goodbye to nice, friendly people
[20:16] <jmarsden> davygravy: You're welcome
[20:17] <Jasonn> jmarsden:
[20:17] <storz> @jmarsden: That would do it.  I've been assuming that it would connect to my mysql db and work with it.  Do you know if dovecot has this functionality (but needs to be enabled I guess)?
[20:18] <jmarsden> storz: You can make it use whatever back end db you need, I think by editing its pam config file under /etc/pam.d/ but there may be other ways too
[20:19] <storz> Jmarsden: Thank you!  I tried using my unix account and it is working perfectly.  Thats what I was missing.  I'll see if I can't get it to worth with mysql now.
[20:19] <jmarsden> storz: You're welcome
[20:21] <Jasonn> How can i remove all package i have installed?
[20:21] <Jasonn> only the ones *i* installed
[20:22] <jmarsden> Jasonn: sudo apt-get purge PACKAGENAME1 PACKAGENAME2 ... PACKAGENAME99
[20:22] <jmarsden> Do you know which ones you installed?
[20:22] <Jasonn> no
[20:22] <jmarsden> You may be able to read /var/log/dpkg.log to figure that out.
[20:22] <Jasonn> Hm
[20:23] <Jasonn> Thanks:)
[20:23] <jmarsden> You're welcome.  Lesson to learn: make notes as you configure a server, documenting what you do and why.  It makes reverting changes easier.  (Of course, having good backups is another way to deal with this!)
[20:25] <jmarsden> Jasonn: if you used apt-get you can also look in /var/log/apt/history.log
[20:26] <Jasonn> Ok i got it
[20:28] <kees> anyone ever noticed thunderbird + dovecot sucking HUGE bandwidth?
[20:28] <Jasonn> no
[20:29] <ScottK> kees: I read that first time through as "anyone ever noticed thunderbird sucking?" and thought, "Duh."
[20:30] <ScottK> :-)
[20:30] <Jasonn> jmarsden: Dont really know if this is your area of expertise, but is there a better client to use on ubuntu desktop to connect to VPNs??
[20:30] <jmarsden> kees: After upgrading to TB 3,  its default options changed to sync everything locally (or something like that), I had that issue until I figured it out and told it not to do that...
[20:31] <jmarsden> Jasonn: Have you tried openvpn? https://help.ubuntu.com/10.10/serverguide/C/openvpn.html
[20:31] <Jasonn> No, i mean a client
[20:32] <jmarsden> Jasonn: You want a pretty GUI wrapper?  No, I don't know what to suggest for that, sorry.
[20:32] <Jasonn> Ok
[20:32] <Jasonn> thanks :)
[20:34] <slim_> hi, any recommendation for a sip server that can integrate with MS OCS ?
[21:02] <kees> ScottK: heheh
[21:37] <old_keyboard> wazzup
[21:42] <uvirtbot`> New bug: #743322 in awstats (main) "Man page for awstats-update installed in the wrong place" [Undecided,New] https://launchpad.net/bugs/743322
[21:55] <zertyui> hello there
[21:55] <zertyui> anyone know about postfix ?
[22:02] <old_keyboard> I dont
[22:03] <DrDetroit> jmarsden was helping me get it set up, but i think he is away atm
[22:04] <DrDetroit> i wonder if i can somehow migrate my old iptables setup my new ubuntu 10.04 server
[22:09] <old_keyboard> DrDetroit: cant you copy them?
[22:09] <old_keyboard> sudo iptables -L
[22:10] <DrDetroit> old_keyboard:  my old iptables rests on a rh7.3 machine, so even though it's iptables was taken years ago from a debian machine, I was not sure it would work
[22:11] <DrDetroit> On may old machine, we had a file called iptables and in it were all the rules
[22:22] <DrDetroit> old_keyboard: according to the manual I think i can just take my old rules and copy them as /etc/iptables.rules onto the new machine
[22:23] <old_keyboard> ok :)
[22:23] <DrDetroit> of course removing anything that is not a rule
[22:40] <old_keyboard> If I change /etc/motd does it update the system info after a kernel update?
[22:47] <old_keyboard> On Ubuntu systems, /etc/motd is typically a symbolic link to /var/run/motd.
[22:57] <Jasonn> Hey, i wanna run a web proxy on my server, how do i do this?
[23:00] <old_keyboard> Ithink you need squid
[23:01] <Jasonn> No, i want a webproxy not a proxy server
[23:01] <old_keyboard> hm
[23:02] <old_keyboard> try https://help.ubuntu.com/10.10/serverguide/C/
[23:03] <old_keyboard> change link if not maverick
[23:05] <old_keyboard> Is ifup and ifdown the same as ifconfig ?
[23:05] <DrDetroit> no
[23:06] <old_keyboard> I mean the function
[23:06] <DrDetroit> ifup (interface) or ifdown (interface) turns on or turns off the specified interface
[23:07] <DrDetroit> ifconfig configures an interface
[23:07] <DrDetroit> or gives you a report on one
[23:07] <DrDetroit> ie ifconfig eth0 should show  you the relevant information for that interface
[23:07] <DrDetroit> see man ifconfig
[23:08] <old_keyboard> DrDetroit: sudo ifconfig eth0 up
[23:08] <old_keyboard> sudo ipup eth0
[23:08] <old_keyboard> looks the same
[23:08] <DrDetroit> i switch to root when i want to do something so i dont use sudo
[23:08] <DrDetroit> sorry
[23:09] <old_keyboard> lol
[23:09] <old_keyboard> DrDetroit: forget the sudo look at the commands
[23:09] <old_keyboard> I think they do the same thing.
[23:10] <DrDetroit> maybe ipup and ifup are the same, but i dont think ipup and ifconfig are the same
[23:10] <DrDetroit> and it very well may give the same results
[23:10] <DrDetroit> i never use ifup or ifdown or any of that stuff
[23:11] <DrDetroit> i like my stuff to stay on all the time
[23:11] <DrDetroit> <---simple minds require simple stuff
[23:11] <old_keyboard> :D
[23:12] <DrDetroit> I am new to ubuntu server, I have mostly run debian and before that FreeBSD and Redhat in the old days
[23:13] <old_keyboard> k
[23:31] <old_keyboard> I am running ntpd how do I know if ntpdate is running at boot?
[23:31] <old_keyboard> i just want ntpd
[23:50] <old_keyboard> anyway i just purged ntpdate.
[23:51] <qman__> ntpdate is in the default install
[23:52] <qman__> in order to provide good time the server must get its time from a reliable source
[23:52] <qman__> when you install ntpd, things get configured the right way for it to work
[23:54] <old_keyboard> qman__: yes i use ntp
[23:54] <old_keyboard> and i use a server near me
[23:55] <qman__> ntpdate is the tool that retrieves the time
[23:55] <qman__> ntpd is the service that provides it
[23:57] <old_keyboard> o.o
[23:57] <old_keyboard> qman__: they are different things
[23:57] <old_keyboard> for the same purpose
[23:57] <old_keyboard> get time from internet
[23:57] <old_keyboard> but ntpd is more accurate
[23:57] <old_keyboard> correct me if i am wrong
[23:57] <old_keyboard> https://help.ubuntu.com/10.10/serverguide/C/NTP.html
[23:58] <old_keyboard> "Ubuntu has two ways of automatically setting your time: ntpdate and ntpd. "
[23:59] <qman__> it isn't more accurate
[23:59] <qman__> it just adjusts it smoothly and constantly
[23:59] <qman__> your time is only as accurate as the time source