[00:52] <greppy> Mean_Admin: it works for me.
[00:52] <greppy> I have 3 systems using it currently, and have access from my android to it as well.
[00:53] <greppy> haven't tried to set it up without x11, but they have a howto or faq or something for doing that.
[01:37] <malev> hi there! In my server sometimes (more frequently than what I'd like) I start getting this:  [malev@~] free-bash: fork: Cannot allocate memory  what can I do to debug it?
[01:37] <malev> where can I search for the error?
[02:06] <missil> hi all i need server lessons - configuring and setting up virtualization in ubuntu server - struggled to get vms running now i cannot connect to the vms or launch virt-manager due to a gtk error
[02:12] <RoyK> &
[02:27] <qman__> malev, looks like you're out of memory
[02:27] <qman__> check out what's using it with top or a number of other tools
[02:28] <malev> qman__, I'm using it, but check this oout: Mem:    524800k total,   375728k used,   149072k free,        0k buffers
[02:28] <malev> I still have some memory
[02:28] <malev> or 512MB si too low?
[02:29] <qman__> 512MB is low, but if you still have 149MB or so free, that's not the cause here
[02:29] <qman__> have you set limits?
[02:29] <qman__> also, if what you're trying to start needs more memory than what is available, that error would result
[02:29] <malev> qman__, no that I remember, how can I check it?
[02:30] <qman__>  /etc/security/limits.conf or /etc/security/limits.d/
[02:31] <malev> qman__, it's all commented
[02:31] <qman__> check the number of processes as well
[02:32] <qman__> ps aux | wc -l
[02:32] <qman__> should be a few hundred or less
[02:32] <qman__> depending on what you have running
[02:33] <malev> qman__, oks, I'll run ti, but riight now I'm low of memory and I have to restart :)
[02:33] <malev> qman__, you think that with 1Gb of memory I wont have that kind of problems?
[02:34] <qman__> not necessarily
[02:34] <qman__> your memory isn't totally full, which indicates something else is wrong
[02:34] <qman__> without limits set, normally the system won't stop you unless it's literally out of resources
[02:35] <qman__> there may be default limits now, though, I don't know for sure
[02:36] <malev> [malev@~] ps aux | wc -l     ->19
[02:36] <qman__> take note of it when the server starts acting up
[02:37] <qman__> maybe make a script that runs it every few seconds or so and logs it
[02:37] <malev> that's a good idea
[02:38] <qman__> cannot fork; could not allocate memory means that it literally could not acquire resources to fork
[02:38] <qman__> so if you're hitting physical limits, or set limits on memory or processes, that would do it
[02:39] <qman__> finding the culprit is a little more difficult, but not too much
[02:39] <malev> don't know waht is the culprit
[02:42] <malev> qman__, thanks! I really apreciate your help!
[02:42] <qman__> a good way to determine if it's physical or software limits would be to log on with another user
[02:42] <malev> qman__, what is ps aux | wc -l   ?
[02:42] <qman__> as limits are set per user
[02:42] <qman__> ps aux lists all processes, wc -l counts lines
[02:43] <qman__> so it's not an exact number but close enough to figure out what the problem is
[02:43] <malev> qman__, you think in some moment I start to have a lot of proccess working?
[02:44] <qman__> yes, it's possible you're suffering what is effectively a fork bomb
[02:44] <qman__> and that test would show if that's the case
[02:44] <malev> oks! I'm gonna work on that!
[02:44] <qman__> if that number gets huge, in the thousands, that's probably the case
[02:45] <qman__> whether it's malicious or just a misconfiguration or bug though, it won't tell you
[02:45] <qman__> that requires more investigation
[02:47] <qman__> in the process of your investigation, it might be a good idea to leave a root terminal open
[02:48] <qman__> since root is allotted a small reserve of resources for these types of occasions
[02:50] <malev> qman__, oks! i'll
[04:47] <ranger03> how do i upgrade the kernek on ubuntu-server?
[04:47] <ranger03> how do i upgrade the kernel on ubuntu-server?
[04:47] <twb> ranger03: with apt-get, like everything else.
[04:48] <ranger03> apt-get upgrade kernel-imageXXXXX ?
[04:49] <ranger03> apt-get upgrade linux-virtual    <--is that correct ?
[05:26] <Brandon_> I have been looking online on how to setup samba with user home directories (already did this), but I want it so when you type in the username of that directory and the password it connects. I tried doing the valid users = %s but when i try to map it the drive it says its mapped to a different username.
[06:27] <koolhead11> hi all
[06:27] <koolhead11> zul, ping
[06:30] <Macer> hm
[06:31] <koolhead11> hi Macer
[06:52] <ph8> hey all, i'm trying to set my samba permissions right (file level) - i can get read access and write access if I set 777 on the directory, but what group is samba trying to access it as? I see smbd processes running as root and nobody but i've tried chgrp -R'ing the whole share directory to those groups and setting 771 but no read or write!
[07:58] <flowbee> my server got hacked and the vps provider shut it down because it was abusing dns providers or something.  is there a quick setup i can do to secure my box?
[07:58] <flowbee> i.e. what steps do i need (disable root ssh, only allow for key based ssh; changing ssh ports etc)
[07:58] <ebrown> aku
[08:01] <greppy> flowbee: it depends on how they got in.
[08:10] <flowbee> how do i add a user to sudoers file.... so that i have to enter prompt for password
[08:13] <greppy> flowbee: %sudo ALL=(ALL) ALL
[08:13] <greppy> change %sudo to a username
[08:13] <greppy> %sudo means anyone in the sudo group.
[08:14] <flowbee> got it
[08:21] <twb> Or just "sudo adduser fred sudo"
[08:21] <twb> i.e. add fred to %sudo
[08:22] <twb> I'm not sure if, unspecified, you are always prompted for a password, or if caching is allowed
[08:22] <flowbee> trying to follow this guide http://www.andrewault.net/2010/05/17/securing-an-ubuntu-server/
[08:22] <flowbee> getting to: Restrict access to /bin/su to admin group members:;;; sudo dpkg-statoverride --update --add root admin 4750 /bin/su  => dpkg-statoverride: An override for '/bin/s' already exists, aborting.
[08:22] <twb> flowbee: there's no point locking su, just ensure root doesn't have a password
[08:23] <greppy> flowbee: how did they get in?
[08:24] <flowbee> greppy, i have no idea.  but i did have ssh for root
[08:24] <twb> Oh, he was compromised.  In that case, he should do a fresh install
[08:24] <flowbee> even tho the password was pretty solid
[08:24] <twb> Consider everything on the system compromised unless proven otherwise
[08:24] <greppy> == twb
[08:24] <flowbee> oh i did
[08:24] <twb> flowbee: password-based access should be disabled
[08:24] <flowbee> i wiped it
[08:24] <flowbee> and i'm securing now
[08:25] <flowbee> going to do key based auth only now
[08:25] <flowbee> good luck getting it this time fuckers
[08:25] <flowbee> excuse my french; just upset i got hacked
[08:25] <w00> if you host a vulnerable application they will get back in..
[08:25] <flowbee> and i was referring to hackers; not you guys :)
[08:25] <twb> I also use kernel-based IPS instead of denyhosts/fail2ban
[08:25] <greppy> flowbee: while a good idea to secure auth, it is very likely that they got in through something else.
[08:25] <twb> http://cyber.com.au/~twb/doc/iptab
[08:25] <flowbee> it amazes mee
[08:25] <flowbee> how people can exploit stuff
[08:25] <twb> greppy: yeah, it was probably because he's running fucking phpmyadmin or so
[08:25] <flowbee> no i'm not
[08:26] <flowbee> at least i dont think it is
[08:26] <twb> flowbee: are you running any PHP at all?
[08:26] <greppy> flowbee: I've had boxes compromised because someone had an out of date php calendar app
[08:26] <flowbee> wow
[08:26] <flowbee> i dont run php; unless their ubuntu stack has it installed
[08:26] <greppy> what do you use the box for?
[08:27] <flowbee> LANGUAGE = (unset),LC_ALL = (unset),LANG = "en_CA.utf8"
[08:27] <twb> flowbee: well, good
[08:27] <flowbee> this box will be used to break apart my backend tasks from my webserver
[08:28] <flowbee> cuz my backend tasks are bringing down my web app/mysql instance
[08:28] <twb> What's its IP?  I'll throw openvas at it
[08:28] <flowbee> no php is running
[08:28] <flowbee> twb, one moment let me finish attempting at 'securing it'
[08:28] <flowbee> although given my record
[08:28] <flowbee> not sure how awesome i'll be at it :)
[08:28]  * greppy jumps into the van to go break a switch and a router.
[08:28] <twb> flowbee: pfft, if it has an IP now, it doesn't matter if *I* know it as well
[08:29] <flowbee> haha
[08:29] <twb> greppy: bricked it, eh?
[08:29] <greppy> twb: nah, ROMMON upgrade
[08:29] <greppy> have to be on site.
[08:29] <twb> Bleh
[08:29] <twb> This is why my routers run either ubuntu or openwrt
[08:30] <twb> Well, OK, my procurve is running some Lucky Dragon junk
[08:30] <greppy> ubuntu and/or openwrt don't support the types of interfaces, much less the load
[08:30] <twb> Fair enough
[08:31] <ebrown> hardy heron
[08:31] <ebrown> blankOn
[08:31] <ebrown> Mint
[08:31] <ebrown> Vinux
[08:31] <ebrown> Wkeh wis
[08:31] <flowbee> getting: perl: warning: Setting locale failed.
[08:31] <flowbee> how do i get my locales working (for aptitude)
[08:33] <jmarsden> sudo dpkg-reconfigure locales  # probably
[08:34] <twb> jmarsden: actually for me on Ubuntu it's "locale-gen en_AU.UTF-8; update-locales LANG=en_AU.UTF-8"
[08:34] <twb> Last time I looked Ubuntu did some silly thing where you either did that, or (by default) you got 200MB of English locales for tbird and oo.org on your headless server
[08:34] <flowbee> damn
[08:34] <flowbee> installed ufw and now i cant ssh anymore
[08:34] <flowbee> i thought this guide was supposed to be good
[08:36] <twb> flowbee: if you follow "some guide I found", you are on your own
[08:38] <flowbee> heheh
[08:38] <flowbee> do you folks have a simple firewall your recommend?
[08:38] <twb> flowbee: netfilter
[08:41] <flowbee> is there some weird ssh setup i have going on where i cant log into my box with multiple ssh sessiosn: ssh_exchange_identification: Connection closed by remote host
[08:46] <Syria> Hello, I want to enable  mod_rewrite ubuntu server 10.4.2
[08:46] <Syria> How can i do this?
[08:47] <ph8> more of a question for ##apache
[08:47] <ph8> but there is good documentation on the internet for this
[08:47] <ph8> look for information about RewriteEngine On
[08:48] <jmarsden> Syria: sudo a2enmod rewrite
[08:49] <Syria> jmarsden Thank you.
[08:49] <jmarsden> Syria: You're welcome
[08:49] <Syria> ph8 thnx :)
[08:52] <ebrown> hahahahahahahahahahahha
[08:52] <ebrown> hahahahahahahahahahahahahahahaha
[08:56] <twb> flowbee: no, what you've done is drop NEW ssh connections
[08:57] <twb> flowbee: your existing connection is allowed because it was up before you started ufw
[08:58] <flowbee> i'm still getting ssh_exchange_identification: Connection closed by remote host even though i'm set up to use key based auth (at least .ssh dir is)
[08:58] <flowbee> and ufw isnt currently running
[09:03] <ebrown> !seen twb
[09:03] <ebrown> ?
[09:03] <ebrown> ?
[09:03] <ebrown> ?
[09:03] <ebrown> ?
[09:03] <ebrown> ?
[09:03] <ebrown> ?
[09:03] <ebrown> ?
[09:03] <ebrown> ?
[09:03] <ebrown> ?
[09:03] <ebrown> ?
[09:03] <ebrown> ?
[10:55] <pedrocr>  I just booted a computer after a motherboard swap. It has two raid arrays running over the same 4 disks. The raid5 array apparently resynced and is now working. The raid1 array is working but degraded with only 2 of the 4 disks. all disks seem to have some smart errors on bootup but nothing else. any ideas on what this could be and how to repair the raid1 array?
[11:08] <pedrocr> mdadm --re-add seems to be working
[11:08] <pedrocr> I wonder why this happened at all
[11:09] <pedrocr> I've configured smartmontools now
[11:37] <elijahsh> Hi! I'm configured pppoe client on my 10.04 server. Everything work fine except when my provider lose my connection. Ppp tries reconnect several times and stop with no luck. Where I can change the number of tries and timeout between them?
[14:15] <afeijo> hi guys, I'm trying to setup a dns server in a new server here, I installed bind9 and configured it, it appear to be ok. Do I need to config something in my dsl router and/or the workstations?
[14:16] <afeijo> do I need dhcp at my server?
[14:17] <afeijo> route cmd at my laptop show as default to 10.0.0.250, it should be 10.0.0.1 (this is the server ip)
[14:52] <zul> does anyone know why we dont have things like php-imap in main?
[14:59] <lynxman> zul: I think it's because libc-client is in universe as well
[14:59] <zul> lynxman: yeah it should probably change to make the merge easier
[15:01] <lynxman> zul: think so as well, it makes sense
[15:09] <hallyn_> zul: gmornin'!  Were you planning on sending the libvirt patch to send 'container=libvirt' through ENV to the libvirt mailing list?  (If not, I"ll send it, but I don't want to take any of your credit :)
[15:09] <zul> hallyn: i wasnt but go ahead
[15:10] <hallyn_> zul: ok, will do.
[15:10] <_ruben> afeijo: uhm, dns and default routes are pretty much unrelated
[15:12] <lynxman> zul: oh btw is the LXC libvirt problem fixed in natty or still in progress?
[15:13] <zul> lynxman: well uds was last week so...still in progress ;)
[15:13] <lynxman> zul: fair point :D
[15:14] <lynxman> zul: tbh I'm still suffering from UDS, hardly productive today
[15:14] <hallyn_> zul: don't suppose you're bored and wnating to implement debian networking support for netcf?  :-)
[15:14] <zul> lynxman: hah your flight wasnt as long as some people ;)
[15:15] <hallyn_> It should've been on uds agenda, oh well.
[15:15] <zul> hallyn_: netcf?
[15:15] <lynxman> zul: it was, I had to do a 4 hours connection at heathrow ;)
[15:15] <zul> lynxman: only? :)
[15:16] <lynxman> zul: yeah, uphill through the snow between T5 and T3 :D
[15:16] <zul> it snowed?
[15:16] <lynxman> zul: nope, just wanted to add drama to my story
[15:16]  * zul is not awake
[15:16] <zul> oh
[15:18] <afeijo> _ruben, I'm quite lost right now :(
[15:24] <hallyn_> zul: netcf is what libvirt uses to automatically manipulte networking
[15:25] <_ruben> afeijo: you might wanna describe more clear what your actual goal is here, what is the dns server to be used for for instance
[15:29] <afeijo> _ruben, new ubuntu 11.04 x64 server installed a few days ago, now I need to configure a dns server at that server, the IPs are been distributed by the dsl wifi router, I installed and configured my local domain with bind9. Do I need to do any settings at the router now? or to each linux/mac/windows station?
[15:32] <zul> hallyn_: ah ok
[15:42] <SpamapS> hallyn_: was it you that was trying to have irssi not highlight a window whenever there are joins/parts/nicks/etc. ?
[15:45] <hallyn_> SpamapS: nope
[15:45] <hallyn_> SpamapS: mine (when i use irssi) doesn't do that
[15:47] <hallyn_> zul: patch is away
[15:47] <zul> hallyn_: cool
[15:48] <a7ndrew> i'm none too sure about NFS: anyidea why the uid and gid on the client side would show as '4294967294' and nothing sensible? and why root wouldn't be able to see the subdirs?
[15:49] <lynxman> a7ndrew: that sounds like your client is interpretating the -1:-1 of the nobody:nobody gid and uid to the maximum uid/gid available
[15:52] <a7ndrew> lynxman: thanks, interesting hint. Just chowning the dir to root:root didn't work :P
[16:00] <Daviey> Yeeeeeeeeeeehaaaaaaaaa!
[16:05] <hallyn_> Daviey: gmornin :)
[16:05] <Daviey> hallyn_, Hello sir!
[16:06] <Daviey> You were missed last week..
[16:06] <hallyn_> :(
[16:06] <genii-around> a7ndrew: According to https://help.ubuntu.com/community/NFSv4Howto#Troubleshooting "all directories and files on the client are owned by uid/gid 4294967294:4294967294) then you need to set in /etc/default/nfs-common: NEED_IDMAPD=yes and restart nfs-common "
[16:06] <Daviey> hallyn_, Having a beer over webcam didn't really fit, but the thought was there.
[16:06] <robbiew> hallyn_:  FYI...I placed an order for some Toshiba AC100 netbooks (ARM based), planning on giving you one for LXC development/testing this cycle
[16:06] <robbiew> and loan one to upstream (daniel?)
[16:07] <hallyn_> robbiew: neat!  will be great to finally be able to test that
[16:07] <hallyn_> yeah, daniel would be good.  I gather he was there in person last week?
[16:07] <hallyn_> Daviey: i had a cold affligem in the fridge :)
[16:08] <Daviey> heh
[16:10] <robbiew> hallyn_: yeah, we briefly met...and I told him I'd get him hardware
[16:10] <robbiew> order is already placed
[16:11] <a7ndrew> genii-around: thanks, i've been reading that, I restarted nfs-common on the client, now the directory is owned by nobody:nogroup, still cant chown to root, still shows no subdirs. Feel i'm getting closer though.
[16:14] <a7ndrew> funny directory, that one. Root doesn't have permission to remove it, and its too busy to be unmounted
[16:16] <hallyn_> zul: drat, i don't think libvirt folks will take your patch.  But they point out we can use the LIBVIRT_LXC_UUID the same way.
[16:17] <zul> hallyn_: doh!
[16:18] <ScottK> NCommander: For your armel server spec...  The image you're talking about won't talk to the serial port by default like the current headless images will it?
[16:20] <NCommander> ScottK: we were looking at implementing a way to switch that
[16:20] <ScottK> Most non-dev server people don't use serial.
[16:21] <ScottK> NCommander: I think it's worth mentioning in the spec then.
[16:23] <NCommander> ScottK: I disagree, I used to use serial for server management primilary and I know several organizations that do so as well.
[16:23] <ScottK> NCommander: OK.  Some do.  Some don't.
[16:24] <ScottK> In any case, the server ISO default install targets small deployments (since any non-trivial deployment will preseed/roll their own), so serial by default isn't the right answer.
[16:24]  * ScottK still thinks NCommander should put it in the spec.
[16:24] <NCommander> ScottK: it will be in the spec
[16:25] <ScottK> Great.
[16:25] <ScottK> Thanks.
[16:25]  * NCommander is writing the specs up now
[16:25] <ScottK> Yep.  I'm getting mail from LP about it.
[16:25] <NCommander> ScottK: well I broke the super-spec into a lot of smalelr ones, you can see the dependnency tree
[16:26] <ScottK> NCommander: Would you please subscribe to them then so I can follow along?
[16:28] <NCommander> ScottK: are you in the ubuntu-armel team?
[16:28]  * NCommander was going to add the armel team to all the specs
[16:28] <ScottK> No.
[16:28] <zul> NCommander: how did you break down the spec?
[16:29] <NCommander> zul: see dependency tre: https://blueprints.launchpad.net/ubuntu/+spec/server-o-arm-server
[16:30] <zul> NCommander: cool can you put a note in the whiteboard
[16:30] <NCommander> zul: k
[16:31] <zul> thanks
[16:42] <roasted> So I'm running 11.04 desktop edition and I have dhcp-server installed... but under service--status-all I have no listing of it. ?
[16:45] <SpamapS> roasted: service--status-all .. not sure what you mean by that
[16:46] <SpamapS> roasted: did you mean 'service  --status-all' ?
[16:46]  * SpamapS suspects yes
[16:46] <roasted> yes
[16:46] <roasted> SpamapS, what is isc-dhcp-server?
[16:46] <roasted> could that be it? It's currenty disabled.
[16:46] <SpamapS> thats the dhcp server I'm sure
[16:46] <SpamapS> that command needs some help btw
[16:47] <roasted> that wasn't like that for 10.10
[16:47] <roasted> sigh
[16:47] <roasted> constant changes. I can't keep up with this!
[16:47] <roasted> do you know how I would start dhcp on 11.04?
[16:47] <SpamapS> because dhcp was moved to upstart for 11.04 IIRC
[16:47] <SpamapS> roasted: did you try 'service isc-dhcp-server status' ?
[16:47] <roasted> says dhcpd is not running
[16:48] <SpamapS> roasted: would you expect the OS to never change? ;)
[16:48] <SpamapS> roasted: you may want to stay on LTS's if thats the case.
[16:48] <roasted> I do for mission critical stuff
[16:49] <roasted> this is my laptop we're talking about
[16:49] <roasted> but I do imaging from my laptop, hence the dhcp
[16:49] <roasted> just kind of irritating when commands are changing so frequently, even for 6 mo releases
[16:49] <roasted> anyway, how would I get the service going? All previous commands I remember are, of course, not working.
[16:49] <SpamapS> roasted: ok well it may be that it failed to start because your network wasn't up when the system started
[16:50] <SpamapS> roasted: does your laptop have statically configured networking then I presume?
[16:50] <roasted> I would presume so, as I plugged in after we wereup and running
[16:50] <roasted> yes
[16:50] <SpamapS> the supported way to start any service is 'sudo service xxxx start'
[16:50] <roasted> bingo
[16:50] <roasted> failed
[16:50] <roasted> lol
[16:51] <SpamapS> roasted: dhcpd will fail if the exact interface it is configured for is not setup right
[16:51] <roasted> it gets set up through FOG, which Im trying to install
[16:51] <roasted> I never had to configure it prior
[16:51] <SpamapS> what is FOG ?
[16:51] <roasted> think of ghost
[16:51] <roasted> except it doesn't suck
[16:51] <roasted> and it's free/linux based
[16:51] <SpamapS> cool
[16:52] <roasted> FOG = Free Open(source) Ghost
[16:52] <roasted> where are dhcp configs stored? I can just copy it from my 10 10 install
[16:53] <SpamapS> Ok, well then it sounds like FOG must be started before isc-dhcp-server
[16:53] <SpamapS> roasted: /etc/dhcp/dhcpd.conf
[16:53] <SpamapS> roasted: I take it FOG is not in Ubuntu?
[16:53] <roasted> It's a .tar.gz I have to install
[16:54] <roasted> installs in terminal from a .sh file or something
[16:54] <roasted> I've installed it hundreds of times. the installer does all of the work for you pending answering a few questions
[16:54] <roasted> dear unity. stop freezing. thx.
[16:54] <SpamapS> roasted: ah, ok, well if the installer configures the network.. does it just modify /etc/network/interfaces or try to do something else clever?
[16:55] <roasted> I have to set up a static IP first.
[16:55] <roasted> then I run the installer and it asks if the IP I have is the one I want the server configured for.
[16:55] <roasted> I say yes and it does the rest for me.
[16:55] <roasted> setting up a 192.168 scope, which is the pool that my laptop uses when I image
[16:56] <roasted> rebooting. fn unity
[16:57] <roasted> now that I rebooted maybe itll be running
[16:57] <roasted> since Im plugged in
[16:57] <roasted> ah, nope. definitely isn't running.
[16:58] <roasted> hm
[16:58] <roasted> my dhcpd file is fine on 11.04. it matches identically to my 10 10 install
[17:06] <AlexMax> The last time I restarted my server, SSHD did not come up.  I'm not really familiar with upstart, how can I tell if openssh is actually attempting to start at boot?
[17:07] <AlexMax> I have no idea if it's not being started at all, or if it's being started and not working
[17:07] <AlexMax> My host was able to start ssh manually from the terminal
[17:11] <shaggster> Ok anybody have an idea why apache would be running under limited permission, getting an error through php fopen() failed to create stream permission denied running a script that creates a file. Everywhere i search says to chmod it 777 but i  would like to not have it risk that, but it does work I verified it.. running 10.10 Enterprise cloud
[17:12] <shaggster> futhermore something very interesting is the file acctually gets created, but can't see it unless i upload something else to the directory.. refreshing or changing dir doesnt show the file..
[17:16] <flowbee> hi folks;  i'm getting: ssh_exchange_identification: Connection closed by remote host
[17:16] <flowbee> ssh_exchange_identification: Connection closed by remote host .... when i try to initiate a second ssh session to my ubuntu 10.04 server.  i have allowed key based auth
[17:23] <hallyn_> zul: do you care one iota if i go ahead and modify lxcguest to handle libvirt without your patch right now?
[17:23] <hallyn_> (i assume not)
[17:23] <zul> hallyn_: hella no
[17:24] <hallyn_> :)
[17:24] <hallyn_> all right i'll do that today and then drop the patch from libvirt after jdstrand reviews the rest of my proposed merge
[17:24] <hallyn_> thanks
[17:25] <hallyn_> jinkeys, debian's dvtm is old old old - still has the fd leak from a year ago
[17:43] <Gunni> what command was it again to see what libraries a binary uses?
[17:45] <genii-around> Gunni: ldd
[17:46] <Gunni> ty
[17:54] <kpettit> Any suggestions on a good blocklist program?  Trying to get a generic blocklist I can use to block IP address and such
[17:55] <genii-around> !info dansguardian
[17:56] <kpettit> genii-around, I'll check it out.  It looks like it's web specific though.
[17:56] <genii-around> Yep
[17:56] <kpettit> I'm looking for something that's more generic.  Basically block all ports to known bad IP addresses.
[17:57] <genii-around> Why not just add those IP to your hosts.deny file
[17:57] <kpettit> genii-around, I do, as I find them.  But it's a pain to keep up with.
[17:58] <kpettit> I'm using fail2ban for some stuff.  And I see other bad stuff in the logs.  But would feel better if I could use a community block list as added protection.
[18:02] <Daviey> kpettit, Using others blacklists is generally discouraged TBH.
[18:02] <Daviey> (other than for Bayesian)
[18:03] <kpettit> I can see the reasoning on that.  This is for a couple of dev type servers that normal public users would be using.
[18:03] <kpettit> Just trying to figure out the lowest effort way to have better security.  Looking at all the fail2ban logs scare me abit.  Tons and tons of bot attacks
[18:09] <surjikal> Hey guys, I just imported a VM of ubuntu 10.04 server 32bit that I setup at home on vbox. Now I'm at work and obviously, the fqdn is wrong. Is there a way to reconfigure the network completely, like it was done during the install?
[18:18] <Daviey> kpettit, well if you know exactly who is connecting to the servers, use whitelisting :)
[18:19] <SpamapS> surjikal: the hostname is recorded in /etc/hostname , if you have a static hostname, thats the place it should be. Note that there are some other things that may need updating as well, like /etc/mailname
[18:19] <kpettit> I would if it was the same IP addresses.  The guys I have going to it rove around alot.  Going in from a starbucks, home, library, etc.
[18:20] <surjikal> SpamapS, in /etc/hostname, I only see my hostname. Is there something I can enter there to change the fqdn?
[18:26] <SpamapS> surjikal: if you edit that file, you can run 'sudo hostname `cat /etc/hostname`' to set the system wide hostname. Note that services may not pick up the new hostname until they are restarted.
[18:27] <surjikal> I changed /etc/hosts
[18:27] <SpamapS> kpettit: you want a VPN solution of some kind then.
[18:27] <kpettit> probaly.
[18:27] <SpamapS> kpettit: the closest thing to a decent block list is denyhosts .. and its barely more than no protection at all.
[18:27] <kpettit> VPN's always seem kind of painful to setup.  KNow of a good one that is faily easy to use?
[18:28] <SpamapS> kpettit: I've always used OpenVPN but I don't know how good or easy the frontends are.
[18:28] <kpettit> SpamapS, I think your right about VPN though.  I've just been avoiding it becuase of pain with them in the past.
[18:29] <kpettit> I don't care so much about hte front end.  I'm ok with the CLI stuff.  Last time I tried OpenVPN though it was fairly painful to do a simple VPN for a few people
[18:29] <SpamapS> kpettit: if you have control over the remote machines its pretty easy to put a shell script or batch file together that starts and stops openvpn automatically w/ client certs for auth..
[18:33] <kpettit> SpamapS, your right.  I'll give it try.  Thanks for the suggestion.
[19:45] <MTecknology> !away > smb-afk
[19:49] <zul> Daviey: when you get a chance can you have a look at https://help.ubuntu.com/community/UbuntuBackports
[19:49] <zul> doh...
[19:49] <zul> i mean https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/778392
[19:50] <Daviey> zul, looks like one for upstream comment i think
[20:28] <stgraber> hallyn_: are you going to SRU bug 607636 ?
[20:29] <stgraber> hallyn_: if you don't have the time to do it, I'm fine doing it
[20:29] <hallyn_> stgraber: please go ahead.  I do think it should be SRUd
[20:30] <stgraber> ok, doing it now
[20:31] <hallyn_> stgraber: thanks
[20:32] <stgraber> uploaded
[20:55] <RoyK> hi all. I just started virt-manager to add some drives to a test-vm, but then, I get this http://karlsbakk.net/virt-manager-issue1.png - can't see the old images, and can't create new ones - any ideas?
[21:07] <RoyK> hm... seems I found the issue - it was trying to open som old storage files which had been removed
[21:07] <RoyK> where does virt-manager have its config? I need to remove these from the 'known storage files'
[21:16] <hallyn_> zul: if i give you a natty .deb for lxcguest, can you trivially test that it still does the right thing under libvirt?
[21:16] <zul> hallyn_: sure i can probably do it tonight
[21:17] <hallyn_> zul: http://people.canonical.com/~serge/lxcguest_0.7.4-0ubuntu9_amd64.deb
[21:17] <zul> hallyn_: ok ill get to it tonight
[21:17] <hallyn_> so long as that passes, i'll push it to oneiric.  (natty doesn't actually need it of course)
[21:17] <hallyn_> thanks
[21:17] <hallyn_> ttyl
[21:45] <seaLne> how do you make ncurses not cause your eyes to bleed in natty (turn it back to normal blue colour)
[21:46] <seaLne> very scary experience during an upgrade
[21:52] <addisonj> wtf... why can i not ./run a progam from /tmp on 10.04 lts?
[21:53] <soren> addisonj: Maybe it's mounted noexec?
[21:53] <seaLne> no exec mounting?
[21:53] <addisonj> its not a seperate partition
[21:54] <addisonj> its just on .
[21:54] <addisonj> oops /
[21:55] <soren> addisonj: Maybe it's not executable.
[21:55] <soren> addisonj: You're not exactly giving a lot of detail here.
[21:56] <flowbee> hi folks... is there a fast way to move from debian etch => ubuntu 10.04 ?  i have a debian box on linode but id love to move to ubuntu
[21:57] <addisonj> trying to install SAS, it unpacks its own java version to run an installer, which it unpacks to /tmp, i haven't been able to get it run, thought it was a path issue, but if i go straight ti the folder where the java binary is, it still says no such file or directory
[21:57] <addisonj> -rwxr-xr-x 1 csroffice csroffice  65116 2007-10-05 03:19 java
[21:58] <addisonj> http://pastebin.com/ec7VpzT3 there is the mount
[22:00] <soren> addisonj: What exactly are the commands you're trying to run that fail?
[22:02] <saveur7elf> hello)
[22:03] <addisonj> the installer script unpacks its own java and a jar to run the gui installer, here is the actual command  ../../products/javaruntime__92280__lax__xx__sp0__1/bin/java -Xmx1024M -jar deploywiz/setup.jar -startuplocation /media/samba/SAS_9_2_3/Compresed/Linux_64bit/SAS_9.23_Linux_x64 -templocation /tmp/_setup29781
[22:04] <saveur7elf> guys, Where I can get usb ubuntu?
[22:04] <addisonj> its a relative path from the location of the jar to the unpacked location of the java binary, but it fails to find the binary (although that is a valid path)
[22:06] <flowbee> hi folks... is there a fast way to move from debian etch => ubuntu 10.04 ?  i have a debian box on linode but id love to move to ubuntu.  but i'll still need to reconstruct my whole setup right?  there are no migrations scripts?
[22:06] <maxb> saveur7elf: what exactly do you need, there are several forms
[22:07] <saveur7elf>  mm... ubuntu 11.04 for usbflash)
[22:07] <addisonj> I at first thought bash was bugging out on the relative path, but nope, even if i got straight to the directory, it won't run the binary, gives a no such file or path error, which noexec doesn't do correct?
[22:07] <maxb> flowbee: you need a clean install for that
[22:07] <flowbee> maxb, i guess i meant getting the configuration and packages off of debian and onto ubuntu
[22:08] <maxb> saveur7elf: live system? installer?
[22:08] <saveur7elf> installer
[22:08] <addisonj> flowbee, what configs? are you talking like apache? or your gnome and everything?
[22:09] <flowbee> addisonj, i mean like the mysql config/apache config/etc
[22:09] <flowbee> and bash stuff
[22:09] <maxb> flowbee: no special tooling, just normal file copy/backup tools
[22:09] <addisonj> do a fresh install and just move em over, probably the easiest way
[22:10] <flowbee> yeah
[22:10] <RoyK> hi all. I have qemu/kvm setup on this ubuntu 10.04 machine. after adding some test disks, I want to remove them, but it seems virt-manager can't do this and removing them manually just messes up virt-manager. any idea where these are referenced and how I can remove that?
[22:10] <flowbee> how long will 10.04 lts be supported for
[22:10] <addisonj> 3 more years? something like that
[22:10] <maxb> saveur7elf: you probably want the boot.img.gz disk image from any mirror
[22:11] <RoyK> flowbee: LTS is five years for server, 3 for desktop
[22:11] <bluethundr> hey guys, I am looking for a way to add the backports repository to a 9.04 (jaunty) server
[22:11] <bluethundr> https://help.ubuntu.com/community/UbuntuBackports
[22:11] <addisonj> so about 4 more years of support now
[22:11] <RoyK> addisonj: yeah
[22:12]  * RoyK still runs 8.04 on some servers
[22:12] <addisonj> anyways... back to me issue... yep, pretty much absolutely flumoxed as to why this is acting this way...
[22:14] <flowbee> so done with debian
[22:14] <flowbee> everything will be running 10.04 now
[22:14] <RoyK> :)
[22:29] <Macer> blah
[22:29] <flowbee> how do i change default editor to vim?
[22:30] <soren> bluethundr: Jaunty is dead. Move on.
[22:31] <RoyK> flowbee: see /etc/alternatives - there's an editor symlink there
[22:31] <RoyK> flowbee: or just set the EDITOR variable
[22:38] <bluethundr> soren this is a production server.. it moves onto the current release when the senior sa says it does :)
[22:43] <RoyK> http://imgur.com/gallery/0pxaV
[22:43] <SpamapS> bluethundr: has that senior sa decided to backport all relevant security patches to jaunty? Poor sod.
[22:44] <bluethundr> heh
[22:44] <Pumpkin-> or vetting every security announcement to see if it impacts them, or getting appropriate signoffs to not patch it
[22:44] <Pumpkin-> I'm glad I make those kind of decisions
[22:49] <soren> bluethundr: Production servers that don't receive critical security updates. Fascinating. What was your IP again?
[22:50] <bluethundr> soren, my IP is xx.xx.xx.xxx
[22:51] <soren> bluethundr: I thought it might be.
[22:51] <bluethundr> lol
[23:40] <roasted> So... question... let's say I want to rsync my home directory to a samba share. Well, CIFS mounts to .gvfs... wouldn't I create an infinite loop by rsyncing /home/user to /home/user/.gvfs/network_storage/user?
[23:42] <RoyK> just use --exclude
[23:42] <RoyK> or -x aka --one-file-system
[23:43] <roasted> RoyK, do you know of any rsync GUI's that have this option? I'm trying to help my parents set this up with the NAS I left behind.
[23:44] <RoyK> nah - I only use the commandline
[23:44] <roasted> yeah, me too
[23:44] <roasted> maybe I should just walk them through forwarding SSH so I can get in there
[23:45] <roasted> what exatly doe s"one file system" do?
[23:45] <roasted> doesnt sound too descriptive at first glance
[23:46] <RoyK> it doesn't follow mounts
[23:46] <RoyK> so if you rsync / and /blah is mounted, that won't be rsync'ed
[23:47] <roasted> it seems as if grsync has a "do not leave file system" option
[23:47] <roasted> which, when you hover over it, notates -x and --one-file-system
[23:48] <roasted> so if I'm rsync'ing /home/fred to /home/fred/.gvfs/network_storage/fred, how does that "doesn't follow mounts" apply? I'm not entirely sure I understand.
[23:48] <RoyK> check with 'mount'
[23:48] <RoyK> if it's listed there, it won't be backed up with -x
[23:49] <roasted> so that would thereby include .gvfs as "mount" when its checked
[23:49] <RoyK> is it listed if you type 'mount'?
[23:49] <roasted> uh
[23:49] <roasted> hang on
[23:50] <roasted> it doesnt say exactly .gvfs/network_storage/fred
[23:50] <roasted> but it says something about .gvfs fuse
[23:50] <roasted> daemon etc
[23:51] <RoyK> dunno if rsync will exclude fuse mounts
[23:51] <roasted> damnit
[23:51] <roasted> I wonder if there's a way to tell
[23:51] <roasted> like to see what command this gui is using
[23:51] <RoyK> just try
[23:52] <RoyK> you'll see the loop if it happens
[23:56] <roasted> thats the problem
[23:56] <roasted> I won't - they will, and they won't even know it
[23:56] <roasted> :P
[23:58] <roasted> I just did a quick test bed here with my laptop and a tes CIFS share
[23:58] <roasted> looks like it'll work if I check that box in grsync
[23:59] <roasted> I think they just have SO mcuh data that they cant tell if its looping or just working