[00:06] Right is there something for ubuntu that would have it create daily system status emails for me - like on bsd [00:07] alan23424: what sort of reports? [00:07] a cronjob would probably do... [00:09] I have one hosted debian box, whoever built it has cron email root daily with failed ssh attempts, disk usage, net usage and other fun stuff [00:09] wondered if that sounded like something obvious [00:09] and not homemade [00:30] alan23424: for failed ssh, denyhosts is a better approach [00:30] for net usage, find some graphing stuff like munin [00:31] getting that over email is what they did in the eightees or ninetees, current systems are better [00:32] disk usage should be monitored by something like nagios/icinga [00:33] so you get an altert if it reaches a certain threashold [00:33] no reason for an admin to read daily emails about 45% disk space used [01:15] what's the best way to (headlessly) boot the previous kernel in ubuntu server? === ng_ is now known as NG_ [01:59] QUESTION: postfix , dovecot , spamassasin , with procmail, I had this all set up and I had an issue with something else so i had removed postfix , well before my email would come into folder /home/pehden/mail now it keeps going to /var/mail/pehden what do i need to do to fix this back so i can use my webmail lite to check it [02:01] urgent [02:09] well great [02:10] 256 people in here and no one real [02:27] Alan: remove the most recent kernel [02:28] pehden: how can you be getting mail if you don't have an MTA (ex: Postfix) anymore? [02:28] Hi Guys, I'am having a VM (Ubuntu Server on VBox) on my Win7 PC. My router forward port 80 to this VM. I need to secure this VM so in case of attack, this very VM won't be able to reach my internal network. Should I use SELinux or Iptables under Ub Server? [02:29] hmm, both? [02:29] they both do totally different things [02:29] pmatulis i reinstalled it [02:30] pehden: i guess you lost the original configuration then [02:30] pmatulis i know thats why im asking what would i need for the conf to have it put the email back in that folder [02:32] patdk-lap, What are the main differences? [02:32] one is a firewall, the other is not :) [02:32] kind of like meat and oranges [02:33] both food, but nothing in common with each other otherwise [02:33] patdk-lap, K, for my congirutation, I guess I should use SeLinux? [02:33] I have no idea [02:33] iptables protects you from doing stupid things on the network level [02:33] selinux stops programs from doing stupid things [02:34] Delerium_: ubuntu uses apparmor by default. why would you also use selinux? [02:34] patdk-lap, Thanks! That exactly the differences I want to know ;) [02:35] pmatulis, Hee... I'll check AppArmor also then.. Haven't been using Linux for a while so I'm learning all there new technology that have been added over the years [04:48] im looking to do apt-get install monodb, but it wants to install like 100 xorg dependencies with it. its a db, not a gui app, so im not sure why this is so. [04:48] on lucid [04:50] There's no Ubuntu package named monodb in Lucid. [04:51] If you're installing a third party package of some kind, you'll need to ask them. [04:51] sorry, mongodb [04:54] Because it depends on xulrunner-1.9.2-dev [04:56] is there a way to lookup the date that a package was installed? [05:03] osmosis: look in /var/log/dpkg.log* for it [05:22] i want to make a complete system image backup over the network while the server is running possible? [05:30] jmarsden, hrmm...dpkg.log is set with logrotate is fade away [05:31] osmosis: Yes, my machine here keeps a year worth online, after that I'd need to dig out old archival backups... === twister004_ is now known as twister004 === twister004_ is now known as twister004 [08:10] i want to set up ssh on it but i have a dynamic ip address [08:10] how can i do this [08:13] philipballew: Use openssh-server as normal, and use a dynamic DNS provider such as no-ip.com to provide DNS that changes when your dynamic IP changes. [08:14] thats what i was gonna do. so like when i log into the server i do ssh (domain givin by the noip service) correct? [08:15] how can i find my outside ip addres on my cli system. ifconfig doesnt show it. i was just gonna sing myself down with my laptop after copying my ip address down [08:16] hey guys how can i ensure a user has access to an nfs share [08:16] im doing some testing on natty im not seeing any nfs group or anything [08:20] any nfs experts in here [08:21] fot this service should i give them my 192.168.whatever or my outside address; 69.whatever? [08:29] philipballew: what are you trying to do? [08:32] set up ssh on my ubuntu server with a dynamic ip [08:33] philipballew: the easiest thing to do would sign up with dyndns to keep track of the dynamic ip and changes [08:33] that way then you ssh using the dyndns domain you have [08:34] i was gonna do no ip maybe. is that the same? [08:35] but i did not know what to put when the thing asked for my ip address? do i give them my one thats the 192.whatever or my 69.whatever? [08:37] ya no ip is the same [08:38] they would want your public ip [08:38] as your internal ip they wont see it [08:38] and im guessing you have a router as well in the setup [08:39] I have a quick question regarding nfs. Is there an nfs group i add a particular user to to give them access to the share? [08:39] i do have a router. its a 2wire [08:45] since you have a dynamic ip you need ur router to perform NAT to share with ur internal network ur internal ip will never be seen [08:45] so you need the external one specified [08:46] alright. i was just gonna use say elinks and go to whatsmyip and copy from there [08:46] but im probably doin it wrong [08:46] actually you can go onto ur router and find out from the routers web interface [08:47] hum. but wouldnt this just make my log into my router and not my server? [08:48] ya but you can get the public ip you have from there [08:48] what do you mean [08:54] you can find network information like the public ip and more [08:54] you have the router firewall and portforwarding etc there [08:54] so if you have your server behind the router firewall youll need to portforward [08:55] otherwise you can throw it on the router dmz to be directly outside the network then though ull need ur server to do dhcp dns etc [08:58] so when i now have givin noip my 69........ address and the damian i chose whats gonna happen when i enter ssh domain into the terminal? === eagles0513875 is now known as zz_eagles0513875 [09:24] im trying to get the ssh key onto my server via flash drive, where is the drive if ls is not showing it in media? === NG_ is now known as ng_ === michael is now known as Guest57950 === zz_eagles0513875 is now known as eagles0513875 [10:16] New bug: #770169 in openldap (main) "package slapd 2.4.21-0ubuntu5.4 failed to install/upgrade: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 1" [Undecided,New] https://launchpad.net/bugs/770169 [10:18] anyone around to help me with this apache virtualhost problem, I added blog.ddomain.tld /var/www/blog to the virtualhosts but nothing loads when I navigate to blog.domain.tld [11:42] New bug: #770204 in apache2 (main) "Suggestion for improvement a2enmod "reload apache" message" [Undecided,New] https://launchpad.net/bugs/770204 [11:46] i have an intranet web/ftp server and i would like to do a partial mirror on the remote machine, is there a ftp flag i could use, so that users would specifically flag files that are to be synced? [11:59] anonissimus: i like the detail in your request. :> [12:10] airtonix: was that ironic? I can be more specific but the domains don't really matter don't they? [12:11] I did a more descriptive one before [12:16] your virtualhost conf file matters [12:16] so does your bind dns setup if you rely on it [12:17] anonissimus: so pastebin : /etc/apache2/sites-available/X (where X is the virtualhost conf file for your thing) [13:57] Daviey: good morning - no email yet about documentation, right? [14:03] airtonix: http://pastebin.com/q6A1U25Y [14:04] anonissimus: for future ref, unless your vhost needs it. get rid of lines 16 - 22 [14:04] anonissimus: wordpress does not need it [14:07] allright [14:07] anonissimus: also, none of it looks wrong, (but this is how i would structure it : http://pastebin.com/SMkkbJz9 ) so it's up to a question of how you're domain name is resolved [14:07] anonissimus: i like to keep my subdomain/intranet apps portable and self contained. [14:07] well the point is that anonissimus.be resolves [14:07] but the *.anonissimus.be does not [14:08] anonissimus: and are you running your own dns server or is it something thats provided by another host ? [14:08] dns is provided by my host [14:10] anonissimus: i assume you have a CNAME record blog CNAME anonissimus.be ? [14:10] I requested that some days ago [14:10] but it seems that with holidays it doesnt get changed [14:12] anonissimus: so it's not a dns server under your control ? [14:12] nope [14:12] anonissimus: did you just ask for wildcard subdomains? [14:13] nope I asked specifically for the blog subdomain to point to the ip of my server [14:15] anonissimus: you can find out if it resolves with dig or host : http://dpaste.com/535432/ [14:15] but at the moment it does not [14:16] hmhm so there we have the problem [14:16] a lazy admin [14:16] :D [14:16] makes me glad that i'm with webfaction [14:16] well, it's a friend of a friend [14:16] and I barely use it [14:17] so I guess I get what I pay for [14:17] there you go [14:18] off to some more networking fun, thanks again [14:24] morning all === eagles0513875 is now known as zz_eagles0513875 [15:18] zul: can I have the whole of the test rig? [15:18] morning, RoAkSoAx [15:19] hggdh, yep [15:20] zul: thank you [15:22] test rig? [15:24] hggdh: hey...saw the comments on bug 717166 [15:24] Launchpad bug 717166 in isc-dhcp "Broken with v4 isc-dhcp-server in Natty" [Critical,Fix released] https://launchpad.net/bugs/717166 [15:25] did something get left out? [15:25] * robbiew is not panicking...fwiw, just interested [15:25] robbiew: not to our knowledge -- but I just tried again with current ISO, and it failed miserably [15:25] * hggdh is, OTOH, starting to panic [15:25] :/ [15:26] hggdh: morning [15:26] hggdh: heh...it's always fixable in an SRU ;) [15:27] RoyK: a few systems we have where we can test some stuff without blowing everything else to hell :-) [15:28] hggdh: when you free, could you pelase verify bug #648202 [15:28] Launchpad bug 648202 in vsftpd "vsftpd started even if not in standalone mode" [Medium,Fix committed] https://launchpad.net/bugs/648202 [15:28] robbiew: yeah, but it is not kosher :-( [15:29] RoAkSoAx: did you also change from egrep to 'grep -E'? egrep is the obsolete form, and it is not generically portable [15:32] hggdh: not I didn't change anything I just got the patches that were there already and put them together as they all work and the fixes are in Maverick [15:38] RoAkSoAx: OK. I will test it as soon as possible on lucid [15:38] hggdh: awesome, thank you! [15:41] hggdh: I'm going to release note bug 717166, given we won't have it fixed in the ISO...and if you discover a workaround, we can update the bug and release notes [15:41] Launchpad bug 717166 in isc-dhcp "Broken with v4 isc-dhcp-server in Natty" [Critical,Fix released] https://launchpad.net/bugs/717166 [15:42] robbiew: perfect, thank you. I am updating the bug stating that we are seeing problems, but do not know yet what is causing them [15:47] kirkland: howdy!! How was PowerNap's testing? [15:48] RoAkSoAx: productive [15:48] RoAkSoAx: howdy :-) [15:48] kirkland: how much powersavings were seen? === zz_eagles0513875 is now known as eagles0513875 [16:12] I'm starting on the RAID tests w/ 20110425 .. are there any respins scheduled? [16:13] hggdh: heh - I have a couple of those at work as well... [16:13] mostly for openindiana/zfs testing, though [16:29] SpamapS: howdy!! [16:29] SpamapS: quick question about upstart!. I want a job to only start after *all* the interfaces are up. Is this possible? [16:30] SpamapS: or all the interface sin /etc/network/interfaces [16:31] RoAkSoAx: start on started networking will start after all *static* interfaces are up [16:31] RoAkSoAx: so that should achieve what you want [16:32] RoAkSoAx: and likely will be the default for runlevel 2 in 11.10 and later [16:33] SpamapS: cool thanks [16:37] hallyn: ping? [16:55] is there way to set a limit on amount of cpu usage allowed for any single processes? [16:58] amero: ulimit [17:04] what's this supposed to mean: The maximum amount of cpu time in seconds [17:04] yes [17:04] there's no way to limit the percentage of cpu usage [17:04] but you can set the priority on the pid, of course [17:05] man renice [17:06] oh what does that option do then. it limits how long a process could use a cpu? [17:06] yes [17:06] even it uses 1%, the limit will still kick in? [17:07] when the cpu time spent reaches the limit [17:07] see 'top' or 'ps' - it shows you how much cpu time is spent by each process [17:08] RoAkSoAx: hmm.. I may have told you wrong.. it may actually be 'start on stopped networking' .. which I know.. is very confusing. [17:09] SpamapS: uhmmm but why would it be "on stopped"? [17:09] RoAkSoAx: because started will happen as soon as it forks/execs ifup -a .. [17:10] RoAkSoAx: stopped comes after ifup -a has exitted [17:10] RoAkSoAx: because it is a "task" [17:10] SpamapS: indeed confusing [17:10] RoAkSoAx: yeah I'm just now realizing I've been confused about it up until this point [17:11] :/ I'll write the upstart job for keepalived and test [17:11] amero: the linux process scheduler can't share just a fraction of its time for a process. Some OSes, such as AIX, can virtualise parts of a CPU, but Linux can't [17:34] RoyK: looks like my only option now is renice. do we have a renice daemon or something will monitor and auto nice a process? [17:39] how do i get reverse mapping to work correctly? i get things like "Apr 25 12:37:47 servitude sshd[8779]: reverse mapping checking getaddrinfo for dynamic-76.72.201.232.tvscable.com [76.72.201.232] failed [17:39] - POSSIBLE BREAK-IN ATTEMPT!" [17:39] when anyone tries to ssh into my server. [17:41] airtonix: [17:42] dns got edited but now I get broken a broken link error [17:46] amero: the renice won't stay after a reboot, so rather rewrite the init script to start it with lower priority [17:50] what is the thing that puts the system load / stats in motd? landscape-client ? It should totally put a "your RAID device X is degraded" message in too [17:51] update-motd i think [17:51] SpamapS: for software or hardware raid? [17:51] well ideally any, but specifically the simplest one to solve is software [17:51] hmmmm... [17:51] mdadm did not start on boot [17:52] * RoyK uses icinga (former nagios) for that sort of stuff [17:52] sends me an sms if something goes wrong [17:52] RoyK: I'm not saying its best practices to log in and look for problems [17:53] RoyK: monitoring is by far the right way to do this. :) [17:53] RoyK: I'm saying.. if we're going to display system load.. we should also include obvious problems. [17:53] SpamapS: true :) [17:53] * SpamapS is a belt and suspenders kind of guy [18:01] I've been looking for documentation or a tutorial on common practices on how to handle CVE corrections with Ubuntu Server, but have yet to run across anything. Any links or suggestions are welcome and needed, please. Thanks! [18:07] ok this is getting old im not sure what doing it but the server has had to be rebooted in the morning and now its up and running but this cycle is getting old [19:21] RoAkSoAx: ping [19:22] RoAkSoAx: negronjl has some questions about using Cobbler to provision into KVMs === Compilr^revision is now known as The-Compiler [19:28] kirkland: sure [19:28] negronjl: i'm here [19:29] hi RoAkSoAx [19:29] RoAkSoAx: can you walk us through deploying a kvm through cobbler? [19:29] negronjl: sure [19:29] let me get my cobbler server up [19:29] RoAkSoAx: negronjl is running his cobbler (orchestra) server in a vm too, all in virt-manager [19:30] kirkland: so you guys want NQA right? [19:30] RoAkSoAx: sure [19:31] kirkland: ok give me a sec [19:31] kirkland had to step out for a minute... [19:32] I have a virtual ( or trying to set up ) where I have a cobbler server. [19:32] I need that cobbler server to be able to pxe boot other instances. [19:32] RoAkSoAx: Any chance of continuing this on Skype? [19:32] negronjl: sure, or mumble === ng_ is now known as NG_ [20:11] New bug: #770454 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2 failed to install/upgrade: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 1" [Undecided,New] https://launchpad.net/bugs/770454 [20:11] jamespage, still around? [20:38] does anyone have any experience on running Ubuntu server on Amazon EC2? [20:43] Chromag9: lots of ppl here do it. if you have questions ask away [20:49] I was interested in looking into it via their AWS Free Usage Tier [20:50] it looks like there was some question, initially, about it actually being "free" because the official Ubunti AMI's were all 15gb, which is over the free 10gb EBS emoung [20:50] *amount [20:51] Chromag9: I believe they were dropped to 8GB to work w/ that [20:52] smoser: ^^ [20:52] after poking around it looks like they (being Canonical) changes the official AMI's to be 8GB? can someone confirm this? for example: US-East-AMI ami-688c7801 [20:52] ahh, well that would be a confirmation, thanks! [20:53] looks like I can safely check it out at no charge to see whether I want to use it [20:53] Chromag9, ami-688c7801 is not an ebs root image [20:53] so it will not be free [20:53] pick from the list at http://uec-images.ubuntu.com/releases/maverick/release-20101225/ [20:53] and use an 'ebs' one. those will have 8G root filesystems. [20:54] wait, I clicked on an ebs one in the list to copy the AMI number [20:54] what list ? [20:54] that is most definitely not ebs [20:54] http://uec-images.ubuntu.com/releases/maverick/release/ [20:55] yeah... those links are bad :-( [20:55] ahh [20:55] ami-cef405a7 [20:56] that's the one I was looking at - for whatever reason the link goes to the wrong page [20:56] https://forums.aws.amazon.com/message.jspa?messageID=210521 [20:56] Chromag9, ^ is why the page you see when you click it is out of date. [20:56] we're not able to update it any more. [20:56] amazon basically abandoned that stuff. [20:56] i should probably make the index pages not link there. [20:57] but, ack, that what you do want is [20:57] ami-cef405a7 [20:57] us-east-1 ami-cef405a7 canonical ebs/ubuntu-maverick-10.10-amd64-server-20101225 [20:57] yep, that's the one I was looking at [20:57] Chromag9, you might want to try natty though [20:57] yeah [20:57] if you're not going to pick LTS (lucid), then natty will release in 3 days. [20:58] ahh natty is being released in 3 days? [20:58] for playing, i'd suggest grabbing a natty daily ami. [20:58] yes, natty will arrive thursday [20:59] if you grab today's ami's http://uec-images.ubuntu.com/server/natty/20110425/ it will be virtually inditinguishable [20:59] and then you wont have to worry about chulu eating yee [20:59] exactly [20:59] can I freely drop the daily ami instance and create a new one when the final is released thursday? [20:59] or will that cost me? [21:00] Chromag9, you can... you may end up getting charged for 1 hour, if you stopped and started in the same hour [21:00] i'm not sure how their charging works exactly [21:00] but that would be $0.02 [21:01] haha me either - I really should make sure I understand it - but a few cents here and there is no big deal [21:01] so i'd buy you a stick of gum if we ever meet and you're charged that. [21:01] I'm just paranoid that I'll do something wrong and next thing ya know they're billing me $500 [21:01] well, you would actually be hard pressed to run up a bill over $100 in a month if you use a t1.micro size [21:01] sweet! well at least I'll get a piece of gum out of the deal [21:02] ie, if you did something like 'ssh host cat /dev/zero' [21:02] you might see some large network charges [21:02] but other than that... [21:02] yeah I'm not planning on doing that :) [21:04] if you pick a natty daily and apt-get dist-upgrade and reboot, its the same as current [21:04] Chromag9, [21:04] smoser: oh Thursday when the final version comes out? [21:04] *on [21:05] yes. [21:05] I didn't think of that - I'm really behind on upgrades [21:05] I have two standalone Ubuntu server boxes at work right now, both running 10.04 [21:05] updates, I should say [21:06] SpamapS: ping [21:09] robbiew: pong [21:10] SpamapS: hey hey :) === negronjl is now known as negronjl_lunch === NG_ is now known as ng_ [23:28] hallyn: why would a amd64 image fail with "error : qemudWaitForMonitor:1886 : internal error process exited while connecting to monitor: qemu: at most 2047 MB RAM can be simulated"? [23:29] hggdh: is this non-accelerated i386 maybe? [23:29] hggdh: or maybe you were just out of ram? [23:30] hallyn: bloody hell :-( [23:30] hggdh: it used to be non-kvm qemu didn't support ram > 4G. 2047 sounds weird [23:30] I have been looking for a red herring since the morning... trying to run a 64-bit image on i386 :-( [23:31] doh [23:31] is that what this is? [23:31] hallyn: yes, I remember this error on i386. I was swearing I was running on a 64 host [23:31] might be worth a bug about bad error reporting [23:31] time to get a double shot of wisky [23:31] yeah [23:32] sounds tasty [23:32] :-) at least some good news today, I *know* where I got it wrong [23:33] anyway, lost by one, lost by one thousand. I will try a i386 image just for spite === ng_ is now known as NG_