/srv/irclogs.ubuntu.com/2012/02/12/#ubuntu-server.txt

=== sixstringsg\|away is now known as sixstringsg
k3vmcd	I'm looking for a way to be able to reinstall my entire server, with all current packages and config files included, in the case that my primary and backup servers both go down simultaneously. Is there a good way to do this? I tried using Remastersys, but am unable to reinstall the backed-up system to the disk from the command line (maybe I have the wrong commands, but it seems like it requires a GUI to install)	01:11
greppy	k3vmcd: save the output of 'dpkg --get-selections' and backup /etc. That should let you reinstall packages and have the config files to go with them.	01:55
k3vmcd	ah yes, that makes sense	01:57
k3vmcd	thanks greppy	01:57
greppy	probably want to snag some other directories/files as well	01:58
greppy	like /var/spool/cron	01:58
greppy	but that should get you started.	01:58
greppy	the thing to do is to TEST your backup/restore procedure before you need it.	01:59
greppy	so shove it all back onto a clean install in virtualbox or something to make sure it works.	01:59
k3vmcd	i'm thinking if I back up /etc and /var then I'll capture everything i need	02:01
k3vmcd	i think my approach with Remastersys was a bit of an overkill	02:02
jeffrubic	k3vmcd: /var includes a bunch a log files which you typically don't need	02:02
k3vmcd	true, but it does have my web server files and my SQL databases	02:03
jeffrubic	k3vmcd: I didn't mean to suggest that you exclude /var, just /var/log, unless you need them.	02:10
Zilly	how doth I maketh another account easily???	02:20
Zilly	how doth I makith another user account easily???	02:20
=== sixstringsg is now known as sixstringsg\|away
k3vmcd	hey, thanks jeffrubic and greppy. I was just looking through my server files after your suggestions and I figured out a good set to keep backed up. Just wanted to say thanks for the help	02:22
k3vmcd	Zilly: try the "adduser <username>" command. Alternatively you can search on how to use the "useradd" command instead	02:27
Zilly	k3vmcd: I've done that and I have the user, it's just when I login with that user I have to reboot	02:29
Zilly	i have to reboot because nothing is there	02:29
Zilly	just blankness	02:29
Zilly	anything I can get that will set up the user completely?	02:30
Zilly	edit fstab and set everything up in X?	02:31
k3vmcd	are you ssh-ing in?	02:31
Zilly	no, vbox	02:32
k3vmcd	hmm, I ran into something similar when the user was set to /bin/false but I think that might only apply to ssh	02:33
qman___	Zilly, 'useradd' is the base command and requires options to set a user up, but the 'adduser' command does set everything up, creates the home directory, all that	02:34
k3vmcd	does the user have a folder in /home ?	02:34
Zilly	going to try adduser, I think I already did but am uncertain now	02:35
Zilly	k3vmcd: yes	02:35
Zilly	if I'm not back it didn't work	02:36
Zilly	bbl	02:36
=== sixstringsg\|away is now known as sixstringsg
k3vmcd	I guess it didn't work :(	03:27
=== hayer_ is now known as hayer
stgraber	hallyn: is lxc within lxc working for you? I just tried to setup some automated d-i testing in an LXC container instead of a VM and the containers won't start in there	04:05
stgraber	hallyn: with no clear error in the log or dmesg	04:05
stgraber	hallyn: http://paste.ubuntu.com/838620/ and http://paste.ubuntu.com/838621/ (not sure that really helps ...)	04:07
stgraber	hallyn: as you can see, I tried a few times ;) the veth pairs get created and never cleaned, the container never starts	04:08
stgraber	oh, and I just noticed I don't have cgroup-lite (running with --no-install-recommends by default here ...)	04:09
stgraber	that'd explain it I guess :)	04:09
stgraber	yep, that was it ...	04:09
stgraber	hallyn: sorry ;)	04:09
=== sixstringsg is now known as sixstringsg\|away
uvirtbot	New bug: #930881 in samba (main) "smbd crashed with SIGABRT in rep_strlcpy()" [Undecided,New] https://launchpad.net/bugs/930881	07:51
=== mrmist_ is now known as mrmist
=== Cluster is now known as ^Blackflowers^
=== Resistance is now known as EvilResistance
=== Internaut is now known as Guest48794
rdjmhgh	Has abyibe akready looked at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652026 with regard to ubuntu (12.04) I suppose ubuntu is affected as well	10:00
uvirtbot	Debian bug 652026 in amavisd-new "perl 5.14 broke use of s-s-d --name on initscript" [Important,Fixed]	10:00
EvilResistance	rdjmhgh, #ubuntu+1	10:03
EvilResistance	which i told you earlier :P	10:03
uvirtbot	New bug: #930916 in amavisd-new (main) "amavis start-stop script fails to stop amavisd" [Undecided,New] https://launchpad.net/bugs/930916	10:41
=== gustav is now known as beerbro
maxagaz	hi	11:42
maxagaz	as someone tested OpenNebula and Eucalyptus ?	11:42
maxagaz	I heard from a friend that OpenNebula is much more stable than Eucalyptus	11:42
maxagaz	but Ubuntu seems to promote Eucalyptus	11:43
maxagaz	any advice about which one I should use ?	11:43
Tm_T	hi	11:55
Tm_T	maxagaz: euca has been stable for us and working well	11:55
Tm_T	maxagaz: any particular issue known or just gut feeling?	12:10
=== MYANMAR60273 is now known as greenhost
greenhost	hi all	12:10
maxagaz	Tm_T: a former colleague used euca before, and has now switched to open nebula, he just told be that now he doesn't any problem while he add a lot of little problems with euca	12:11
maxagaz	Tm_T: but no particular issue known	12:11
greenhost	who have done ubuntu mail server for windows clients?	12:12
maxagaz	Tm_T: and it's neither just a gut feeling	12:12
greenhost	who have done ubuntu mail server for windows clients?	12:14
Tm_T	maxagaz: I see	12:21
Tm_T	greenhost: I don't think client OS does matter (:	12:22
Tm_T	ah	12:23
Tm_T	was going to give this for greenhost: https://help.ubuntu.com/community/MailServer	12:23
greenhost	who have done ubuntu mail server for windows clients?	12:24
Tm_T	1423.30 < Tm_T> was going to give this for greenhost: https://help.ubuntu.com/community/MailServer	12:25
Tm_T	1422.33 < Tm_T> greenhost: I don't think client OS does matter (:	12:25
Tm_T	as long as the client is using sensible protocol (imap, pop), ofcourse	12:26
zastaph	it seems to me that dnsutils is a package related to bind9. But if I want to use dnsmasq instead of bind, do I uninstall bind9 and dnsutils, and thus I will no longer have access to dig or nslookup ?	12:26
greenhost	Tm_T I installed today with postfix and dovecot	12:26
greenhost	Tm_T . not ok.	12:26
Tm_T	zastaph: there shouldn't be a problem to have both packages installed?	12:27
greenhost	Tm_T : I frist tried as mentioned on Postbasichowto official documentation. but starting from netcat mail.yourdomain.com. I got error.	12:27
zastaph	tm_t, well dnsmasq can't start because port 53 is in use with /usr/share/named	12:27
zastaph	tm_t, but perhaps dnsutils and dnsmasq can be together	12:27
Tm_T	zastaph: I would assume you can disable the other one if you don't need it	12:28
Tm_T	greenhost: can you be more specific what kind of problems you had with, for example, dovecot?	12:28
zastaph	tm_t, yes im going to uninstall bind9 package, but just wonder if I should get rid of dnsutils too... nslookup and dig seems like useful tools	12:28
Tm_T	zastaph: no need to get rid of dnsutils AFAICS	12:29
jacobw	zastaph: there's no reason to remove bind9	12:29
jacobw	zastaph: just stop the sevice	12:29
jacobw	service*	12:29
greenhost	Tm_T I tried /etc/init.d/dovecot restart. but it looked like that file is corrupted	12:29
zastaph	jacobw, ok.. but I have no need for bind9 if I'm going to use a different dns tool	12:29
greenhost	Tm_T " process(58888) error. bla bla	12:30
Tm_T	greenhost: what file? and you have to be more specific	12:30
greenhost	Tm_T as I am now at cyber cafe with winows XP. I dont remeber all my errors and try at the same time	12:30
Tm_T	greenhost: roger, just hard to know what went wrong (:	12:30
greenhost	Tm_T: actually I would like to use email from any mail clients( thunderbird or outlook2003) or something available. I first just want to email locally.so how coud I configure on postfix and dovecot?	12:31
Tm_T	greenhost: there seems to be rather clear and good howto at https://help.ubuntu.com/community/Dovecot	12:32
jacobw	zastaph: bind9 has a small footprint	12:32
jacobw	zastaph: unless the dnsmasq package conflicts, there's no reason to remove it	12:32
zastaph	jacobw, and whats the reason to keep it? :)	12:32
greenhost	Tm_T . you are right. but there are more security based complicated packages to install from internet whenever I read documentation. I have no internet at home on my mail server. so i want to be ok with installer CD alone	12:33
jacobw	zastaph: there's none, i'm just saying that there's no reason to remove a package to install a similar package	12:33
greenhost	Tm_TI just would like to know what line in postfix and what lines in dovecot to configure or change to email from user1 to user2 locally from windows mail clients	12:34
greenhost	Tm_T it is pity there is no English version simple video for that to see step by step	12:34
greenhost	Tm_T even on youtube	12:35
jojoburk	greenhost: there's is nothing special to do. simply mail from user1 to user2 locally should normaly works out of the box	12:36
greenhost	jojoburk: just testing from CLI: mailing from root to another user called user1. is fine in CLI alone. but to email really from windows using mail clients need extra configuration i think. I was never been successful	12:38
jojoburk	greenhost: take a look at the output from netstat -tulpe to see on which address the dovecot and postfix server are bound. possible just on localhost?	12:40
greenhost	jojoburk yes just on localhost . last time	12:42
greenhost	jojoburk: my question is so simple. I wouldl really like to make sure if it is possible to set up mail server for windows clients with server installer CD alone without internet	12:45
jojoburk	greenhost: when postfix and and dovecot are installed, yes it is.	12:46
greenhost	jojoburk: can I also install postfix and dovecot using server installer CD without internet?	12:47
jojoburk	greenhost: postfix yes, but i'm not sure about dovecot. give it a try: just try installing dovecot using apt-get or aptitude only with the cd as source	12:50
jojoburk	greenhost: otherwise you can download dovecot package from other pc and copy and install it on your server	12:52
greenhost	jojoburk; honstly I followed https://help.ubuntu.com/community/PostfixBasicSetupHowto, I was stucked since sudo apt-get install courier-pop	12:52
greenhost	sudo apt-get install courier-imap	12:52
greenhost	jojoburk: yes. I am on windows XP machine now. there is no linux here at cyber. How could i copy/download required full packages where there might be dependencies	12:53
greenhost	?	12:53
jacobw	greenhost: so you want mail delivery between local users accessible by imap?	12:57
greenhost	jacobw: imap or pop or whatever. I don't mind. As long as I can email between local users. it is fine for me	12:58
greenhost	jacobw : but using any email clients from windows	12:59
jacobw	yes	12:59
jojoburk	it seems that his problem is to install a mailserver without internet connection. i understood that dovecot is not installed at the moment.	12:59
jacobw	you can use apt on your ubuntu server to find out what packages you need, but its laborious.	13:03
jacobw	apt-get -s install will list all packages that would be installed if you ran apt-get install	13:04
jacobw	apart from that, see http://library.linode.com/email/postfix/dovecot-system-users-debian-6-squeeze	13:04
samba35	can i install vmware image in kvm ? if yes which file i suppose to import (from which i will able to boot)	13:06
greenhost	jojoburk: I took my home server to office to download courier-pop and courier-imap to follow the guide line. but not ok	13:07
greenhost	jojoburk: downloading was ok. Though DNS was fine, I could not proceed	13:08
jacobw	samba35: to run a kvm/qemu vm with libvirt on ubuntu server you need a qcow2 disk image and an xml definition	13:08
samba35	ok	13:09
greenhost	jojoburk I would like to have somebody to pointout what i might be wrong in which steps based on "https://help.ubuntu.com/community/PostfixBasicSetupHowto",	13:10
jacobw	samba35: you can convert a vmware disk image (vdi) to qcow2 using qemu-img convert foo.vdi -O qcow bar.img	13:10
samba35	ok let me try	13:12
jojoburk	greenhost: i dont can help you at the moment, im sorry	13:15
greenhost	jojoburk: thanks anyway	13:15
jacobw	greenhost: that wiki page is outdated	13:16
jacobw	greenhost: sometimes the community documentation is	13:16
greenhost	jacobw: where should I see updated one?	13:16
jacobw	greenhost: dovecot has been the recommended mda at least 8.04	13:18
greenhost	jacobw: is it better than courier?	13:18
jacobw	greenhost: try following the document I linked earlier	13:18
jacobw	http://library.linode.com/email/postfix/dovecot-system-users-debian-6-squeeze	13:18
fluffypony	hi guys - I'm seriously struggling to get PSAD working on 10.04 (with UFW). I've just installed a new minimal installation on a web server, and it's not logging anything. Previously (on 8.04) I configured sysklogd to write to psadfifo, but that no longer seems to be an easy option with rsyslogd?	13:22
greenhost	jacobw it looked good and too much configuration. But it used "internet site" settings. If I wanna use, locally only. What else should I change.?	13:23
greenhost	jacobw: it is pitty I can't follow and install packages without internet	13:24
greenhost	jacobw: http://pastebin.ubuntu.com/838994/	13:26
greenhost	jacobw: http://pastebin.ubuntu.com/838994/	13:26
kklimonda	tjaalton: hey, what's the current packaging status of freeipa in ubuntu/debian? Anything I could do to help? :)	13:27
jojoburk	greenhost: the joke is that you have to configure postfix for internet site. locally only means that postfix is just configured for the use on localhost!	13:27
tjaalton	kklimonda: if you're an archive admin then sure ;)	13:28
samba35	jacobw, there is no .vdi file there are vmx, vmdk,nvram ,vmsd,cmxf file are there	13:28
greenhost	jojoburk: do you mean I have to configure as internet site though my mail server is not without internet?	13:28
=== ABibhuti- is now known as AAYUSH
jacobw	greenhost: so your ubuntu server can only access the LAN?	13:28
kklimonda	tjaalton: it's already that far? :)	13:28
tjaalton	kklimonda: most of it is packaged, some are waiting in NEW	13:28
jacobw	samba35: yes, i made a mistake, vdi is the format for virtualbox	13:28
tjaalton	pretty far yes	13:28
greenhost	jojoburk jojoburk: do you mean I have to configure as internet site though my mail server is without internet?	13:28
tjaalton	kklimonda: though I haven't tested server install yet	13:29
greenhost	where can I download dovecot full tgz package?	13:29
kklimonda	tjaalton: where do you keep all the packaging? I'd give it a shot to see how it breaks ;)	13:29
jacobw	samba35: vmdk is the format for vmware, qemu-img supports images from vmware 3 and 4	13:30
samba35	ic	13:30
tjaalton	kklimonda: git.debian.org	13:30
jojoburk	greenhost: yes, because "internet site" means that die daemon is accessible from "other" hosts in network (no difference between internet and lan).	13:30
samba35	how do i check whether image is 4 or 5	13:30
greenhost	jojoburk : That is the very important point.	13:31
jojoburk	greenhost: ... and not just from the server itself (localhost)	13:31
fluffypony	hi guys - I'm seriously struggling to get PSAD working on 10.04 (with UFW). I've just installed a new minimal installation on a web server, and it's not logging anything. Previously (on 8.04) I configured sysklogd to write to psadfifo, but that no longer seems to be an easy option with rsyslogd?	13:31
tjaalton	kklimonda: there is no easy way to test it atm though	13:31
samba35	ok file give me results its 4	13:31
samba35	CentOS5.2small.vmdk: VMware4 disk image	13:31
jacobw	samba35: you might want to try using virt-convert on the directory containing the images and definitions to get a qcow2 image and libvirt xml definition	13:31
greenhost	jojoburk: I am now leaving cybercafe. so I might need to download dovecot tgz so that I can take it home with flash drive.	13:31
jacobw	hi fluffypony	13:32
greenhost	jojoburk where could I get dovecot full package tgz file?	13:32
samba35	ok	13:32
fluffypony	hi jacobw	13:32
jojoburk	just search for dovecot download?	13:32
samba35	CentOS5.2small.vmdk: VMware4 disk image ?	13:33
samba35	sorry	13:33
samba35	virt-convert CentOS5.2small.vmdk ?	13:33
jacobw	don't download the tarball, its a source package not packaged for ubuntu	13:34
jacobw	building dovecot would not be trivial	13:34
kklimonda	tjaalton: I'm really interested in getting it packaged (and working) in Debian and Ubuntu. I don't really expect it to work out of the box right now, I was just interested where the packaging is so I can start working on it :)	13:34
samba35	ok	13:34
tjaalton	kklimonda: https://launchpad.net/~ubuntu-389-directory-server https://launchpad.net/~freeipa	13:34
tjaalton	kklimonda: pki is mostly packaged, but upstream is keeping it all in pki.git, so would need to merge it all back in at some point, maybe not for this push though	13:35
jacobw	greenhost: run `sudo apt-get -s install dovecot-common` on your ubunu server, note what package it wants to install, and get the DEB files from packages.ubuntu.com	13:35
tjaalton	kklimonda: there are ppa's too, but the oneiric ones are not fully uptodate	13:35
jacobw	samba35: virt-convert the directory	13:36
tjaalton	best to test stuff against precise at this point	13:36
kklimonda	yeah, I'm already working (and testing stuff against) precise	13:36
tjaalton	kklimonda: are you on collab-maint?	13:36
tjaalton	alioth	13:36
kklimonda	tjaalton: yes, I should have access via pkg-gnome	13:36
samba35	ok	13:36
tjaalton	ok	13:36
greenhost	jojoburk: I want to download from windowsXP. no apt-get. I know I can download from package.ubuntu.com. but nested dependencies. how to take it all?	13:37
jacobw	fluffypony: what have you done so far?	13:37
tjaalton	kklimonda: i'll probably set up a project around freeipa, like there is pkg-fedora-ds	13:37
tjaalton	same for sssd/ding-libs	13:37
fluffypony	jacobw: psad is installed and setup (same as on 8.04) and configured to my liking. added the two iptables rules straight from the cipherdine site. psad -S status shows no packet counts?	13:38
jacobw	greenhost: http://wubdepends.sourceforge.net/	13:38
kklimonda	tjaalton: great to hear that :)	13:39
tjaalton	kklimonda: actually did that too, but the admins asked if it could be under collab-maint instead. now it's clear that a separate sub-project would be better	13:40
tjaalton	so it could have a mailing list, and commit mail sent there etc	13:40
jacobw	fluffypony: what are those rules?	13:40
jacobw	http://cipherdyne.org/psad/docs/config.html	13:40
fluffypony	http://www.cipherdyne.org/psad/docs/fwconfig.html	13:41
fluffypony	yes	13:41
fluffypony	I also tried this: http://bodhizazen.net/Tutorials/psad	13:41
samba35	jacobw, cool man now i got boot screen	13:41
samba35	thank you !	13:41
fluffypony	where he adds it to the UFW before.rules - -A ufw-before-input -j LOG --log-level warn	13:41
fluffypony	but that just broke UFW	13:41
fluffypony	and it wouldn't even start	13:41
jacobw	following bodhizazen's guide?	13:42
kklimonda	tjaalton: what was their argument for collab-maint? not enough packages (or contributors) to warrant a separate group?	13:42
fluffypony	jacobw: yes - that UFW rule is invalid (it seems)	13:42
tjaalton	kklimonda: it would've been ok to create the project, but it was kinda put on hold. no specific arguments	13:44
tjaalton	i just couldn't decide, so went for collab-maint	13:46
kklimonda	right, it works fine anyway untill there are more people who are interested in helping out	13:46
greenhost	jacobw I found no .exe file for windows	13:46
jacobw	fluffypony: it seems that problem is with lucid switching to rsyslog	13:47
fluffypony	jacobw: yep - in 8.04 I could just echo -e 'kern.info\t\|/var/lib/psad/psadfifo' >> /etc/syslog.conf and then restart sysklogd	13:48
kklimonda	tjaalton: hmm, do you use some different setup for git-buildpackage, or don't use it at all?	13:50
tjaalton	don't use it	13:50
jacobw	fluffypony: have you added any rules to /etc/rsyslog.d/* ?	13:50
fluffypony	no - 20-ufw.conf 50-default.conf postfix.conf	13:51
jacobw	greenhost: http://sourceforge.net/projects/wubdepends/files/wubdepends/Initial/wubdepends3.exe/download	13:53
zaur-ibr	hi	13:53
fluffypony	zaur-ibr: bye	13:55
fluffypony	:-P	13:55
jacobw	fluffypony: add a rule to rsyslog.d/psad.conf to pipe all messages containing 'firewall' to /var/lib/psad/psadfifo, restart rsyslog and test	13:57
fluffypony	ok doing now	13:58
jacobw	fluffypony: check /etc/ufw/*.rules to make sure that messages are being logged after all other rules	13:59
jacobw	fluffypony: and restart ufw, or start it if its not running	14:00
fluffypony	ufw's off atm	14:01
fluffypony	so it's just the iptables rules I've added	14:01
tjaalton	kklimonda: if you have further questions you can email me, or the lists on launchpad	14:01
fluffypony	jacobw: doesn't seem to be working	14:03
fluffypony	I think the problem is with iptables not logging anything	14:03
greenhost	jacobw how to isntall python terminal for windows?	14:04
fluffypony	I mean, I've got this in my Chain INPUT and Chain FORWARD: LOG all -- anywhere anywhere LOG level warning prefix `firewall '	14:04
jacobw	fluffypony: have you restarted rsyslog?	14:06
jacobw	fluffypony: if not, check /var/log/syslog for 'firewall' messages first	14:06
kklimonda	tjaalton: sure, I will :)	14:06
jacobw	confirm iptables is logging, then confirm rsyslog is piping correctly to /var/lib/psad/psadfifo	14:07
jacobw	after that, confirm that psad is reading /var/lib/psad/psadfifo	14:08
* jacobw → back soon		14:08
fluffypony	Feb 12 16:08:02 primary rsyslogd: [origin software="rsyslogd" swVersion="4.2.0" x-pid="7926" x-info="http://www.rsyslog.com"] (re)start	14:08
fluffypony	ja no - syslog has no entries in it	14:10
fluffypony	I mean, it has entries, but no firewall entries :)	14:10
fluffypony	hmmmmm	14:14
fluffypony	I have a feeling that even though UFW is disabled it's rules are still in iptables, and mine are added after the UFW rules	14:14
fluffypony	time to kill of UFW	14:14
fluffypony	hrm	14:19
fluffypony	server crashed	14:19
fluffypony	sigh.	14:19
jacobw	inaccessible by ssh?	14:30
fluffypony	well that was fun - router decided to restart as well :-P	14:34
fluffypony	ok where was I	14:37
fluffypony	so I removed UFW, and inserted those rules	14:37
fluffypony	but I'm not getting anything in syslog	14:37
jacobw	fluffypony: which rules?	14:40
fluffypony	the iptables rules	14:42
jacobw	these ones? http://bodhizazen.net/Tutorials/psad#Configure_psad	14:43
fluffypony	no	14:44
fluffypony	those are borked	14:44
fluffypony	http://glycogen.net/2011/05/05/setup-psad-in-ubuntu/	14:44
fluffypony	those ones	14:44
jacobw	ok	14:45
fluffypony	ok - time to reinstall	14:46
fluffypony	then I'll re-evaluate if it still doesn't work	14:46
fluffypony	thanks jacobw	14:46
jacobw	hang on	14:46
fluffypony	ok	14:46
jacobw	pastebin iptables -L	14:47
fluffypony	that's the reason I'm reinstalling - I installed Zentyal to play with	14:47
fluffypony	and that has messed up my entire installation	14:47
fluffypony	and apt-get remove zentyal && apt-get autoremove didn't fix it	14:48
fluffypony	clearly they want you to install and never remove it	14:48
jacobw	it depends how its packaged	14:49
fluffypony	yeah	14:49
fluffypony	aaaah	14:50
jacobw	did you add the psad.conf rule to rsyslog.d/ ?	14:50
fluffypony	I see it installs a bunch of modules as well	14:50
fluffypony	how nice	14:50
fluffypony	removes	14:50
fluffypony	jacobw: yes	14:50
fluffypony	but I'm not seeing stuff get logged to the syslog	14:51
jacobw	check /var/lib/psad/psadfifo	14:51
fluffypony	so that rule will never kick in	14:51
fluffypony	emkpty	14:52
fluffypony	empty	14:52
jacobw	ok, if you added the rules from glycogen.net to the top of 50-default.conf it'd explain no messagesg in syslog despite iptables logging	14:53
jacobw	so, there's a package called pastebinit that provides a script that you can pipe things to, it uploads its input to pastebin and gives back a url	14:54
fluffypony	ok cool	14:54
fluffypony	so the rules shouldn't be at the top of 50-default??	14:55
fluffypony	confused	14:55
jacobw	if you want messages containing 'firewall' to go to /var/lib/psad/psadfifo and nowhere else, then yes	14:56
jacobw	there's two rules, the first matches and pipes to psadfifo, the second matches and drops	14:57
fluffypony	aaaaaaah	14:57
fluffypony	that's why I'm not seeing it	14:57
fluffypony	ok commented out the second one	14:58
jacobw	iptables -L \| pastebinit	15:00
fluffypony	hrrrrrrm	15:00
fluffypony	I can't install pastebinit	15:00
fluffypony	no DNS resolution	15:01
fluffypony	brb -	15:02
fluffypony	ok flushed iptables	15:04
fluffypony	http://pastebin.com/5ewUTPRs	15:04
jacobw	ok, rm psad.conf or remove the lines from 50-default and restart rsyslog	15:07
fluffypony	k	15:11
fluffypony	done	15:14
fluffypony	btw the way I'm testing is nmap -sV -F from a different box	15:15
fluffypony	that should trigger those rules, right?	15:16
jacobw	everything will be logged	15:16
jacobw	psad analyses the log	15:16
fluffypony	ok	15:17
jacobw	tail -f /var/log/syslog	15:17
fluffypony	already checked - nothing	15:17
fluffypony	just postfix	15:17
fluffypony	and some other junk	15:17
fluffypony	I should be seeing tons of stuff being logged	15:17
jacobw	yes	15:18
fluffypony	ok so	15:19
fluffypony	iptables isn't logging	15:19
fluffypony	and iptables is clearly on - those Zentyal rules locked everything down (in a bad way)	15:19
fluffypony	so maybe iptables is logging to a non-standard locationm?	15:20
fluffypony	boom	15:22
fluffypony	dmesg	15:23
jacobw	it logs to the kern.* facility	15:23
=== tsimpson_ is now known as tsimpson
fluffypony	so dmesg is showing the firewall messages	15:24
fluffypony	and rsyslog is dropping them	15:24
jacobw	see if the message are in /var/log/kern.log	15:24
fluffypony	nope	15:25
jacobw	hmm	15:32
fluffypony	yeah I know	15:33
jacobw	i assumed that iptables would log to syslog, which is usually configured to be the case, but rsyslogd might not do this	15:34
fluffypony	yeah - asking in #rsyslog, but it seems like the quietest channel on earth	15:34
jacobw	rsyslogd uses a module to read from the kernel log and write to syslog	15:34
jacobw	imklog	15:34
fluffypony	ok	15:35
Onepamopa	guys, can anyone help with trim @ ssd raid 1?	15:35
jacobw	so, `grep -Rl /etc/rsyslod*`	15:35
Onepamopa	I added the "discard" option, rebooted the server	15:35
Onepamopa	but according to the test I am doing - trim is not working	15:35
fluffypony	rsyslog.conf:$ModLoad imklog	15:36
fluffypony	so it's loaded in rsyslog.conf	15:37
jacobw	yeah	15:37
Onepamopa	great support ...	15:40
jacobw	Onepamopa: what test are you doing?	15:40
Onepamopa	seq 1 1000 > testfile	15:40
Onepamopa	hdparm --fibmap testfile	15:40
Onepamopa	sync	15:40
samba35	jacobw, do you have any idea on postfix/dovecot ? i have problem with pop3 server	15:40
Onepamopa	hdparm --read-sector <the_sector> /dev/sda	15:40
Onepamopa	then deleting testfile and reading same sector	15:40
jacobw	samba35: what problem do you have?	15:40
Onepamopa	jacobw it should output only zeros after I deleted testfile and sync	15:41
Onepamopa	but it outputs the same as first hdparm --read-sector <the_sector> /dev/sda	15:41
samba35	i am behind a utm (using proxy /relay for mail) i am using smarthost i am able to send mails but i am not able to get mail	15:41
jacobw	ok, so added 'discard' to fstab?	15:42
Onepamopa	# / was on /dev/md0 during installation	15:42
Onepamopa	UUID=327d76c1-f61a-4da1-bd12-502049142982 / ext4 discard,errors=remount-ro 0 1	15:42
Onepamopa	# /var/lib/mysql was on /dev/md1 during installation	15:42
Onepamopa	UUID=4f152a4c-7e84-4835-b1b3-5ecfd3f4ce0a /var/lib/mysql ext4 discard,defaults 0 2	15:42
jacobw	samba35: how are you testing receive mail?	15:43
jacobw	samba35: with imap/pop?	15:43
samba35	pop	15:43
samba35	now idea how to setup a imap	15:43
jacobw	samba35: postfix logs to /var/log/mail.log	15:43
jacobw	samba35: dovecot does pop and imap	15:44
samba35	ok let me try again from client now i am on server	15:44
samba35	i will try from client	15:44
jacobw	samba35: its likely that postfix isn't delivering properly to dovecot	15:44
Onepamopa	jacobw any thoughts?	15:44
samba35	when i send mail from gmail to my account mail doesnt get bounce so its comming but i fail to understand where its comming	15:45
jacobw	fluffypony: test where kern.* messages go with logger	15:46
fluffypony	kern.* -/var/log/kern.log	15:48
fluffypony	according to 50-default in rsyslog.d	15:49
fluffypony	and that seems to match with reality	15:49
jacobw	Onepamopa: what kernel are you running?	15:50
jacobw	samba35: check /var/log/mail.log for messages from postfix about delivery	15:51
fluffypony	ok so check	15:56
fluffypony	rock and hard place	15:56
fluffypony	http://toastresearch.com/2011/04/09/packet-logging-with-iptables/	15:56
fluffypony	"i wasted 2 hours of my life getting this working on a fresh install of unbuntu 10.10. turns out that the default version of rsyslog that you get when you ‘apt-get install rsyslog’ is version 4.x, which has a bug that prevents the logging from being directed correctly to /var/log/iptables.log"	15:56
fluffypony	so I'm going to just upgrade rsyslog, right?	15:56
fluffypony	except	15:56
fluffypony	WARNING: there is a bug with kernels < 2.6.34 causing rsyslog to eat cpu time	15:56
fluffypony	bangs head against wall	15:56
jacobw	i also dislike rsyslog	15:57
fluffypony	I suppose I can replace it with syslog-ng	15:57
jacobw	are you running 10.10?	15:59
fluffypony	no	15:59
fluffypony	10.04 LTS	15:59
fluffypony	it's a server after all :-P	16:00
jacobw	check 50-defaults for iptables > /var/log/iptables.log	16:00
fluffypony	I added to 50-defaults for that	16:00
fluffypony	and then was trying to find out why it wasn't working	16:01
jacobw	sometimes ok	16:01
jacobw	er, -sometimes	16:01
jacobw	check /var/log/messages	16:01
jacobw	just find out where the iptables messages are going, find the rule in rsyslog.d/ and redirect to psadfifo :)	16:02
fluffypony	if I grep for iptables in /var/log	16:03
fluffypony	all that comes up are entries in dpkg.log	16:03
fluffypony	lol	16:03
fluffypony	holy crap	16:09
fluffypony	upgraded rsyslog	16:09
fluffypony	my kern.log is now 447mb	16:09
fluffypony	592mb	16:09
jacobw	the messages might not be tagged with 'iptables'	16:09
fluffypony	rofl	16:09
jacobw	rsyslog will be writing cached messages now	16:11
fluffypony	yeah no	16:11
fluffypony	it's the bug	16:11
jacobw	see if it slows, if not add a log chain to iptables and only log certain traffic types etc	16:12
fluffypony	ok	16:20
fluffypony	so I killed rsyslog	16:21
fluffypony	installed syslog-ng	16:21
fluffypony	much better	16:21
fluffypony	ok sweet	16:32
fluffypony	works	16:32
fluffypony	syslog-ng supports named pipes	16:32
Delemas	Anyone know if the 11.10 64 bit server installer iso has xfs support natively? I was surprised that the 10.04 one does not...	18:37
yakster	anyone help? I need to recursively search all folders under a directory, and move all files with a specific extension to another location… Ie, all files under movies with the extension AVI, move to here… where here is my move location… I am thinking mv -R *.avi /media/Goflex/AVI	18:52
Patrickdk	find . -name '*.avi' -exec 'mv' '{}' '/media/Goflex/AVI/' ';'	18:54
yakster	Thank you	18:58
yakster	ok, now how can I rename all the files to remove the first 5 charters but keep everything the same	18:59
Patrickdk	rename	19:00
yakster	so "01 - HomeVid0001" to "HomeVid0001"	19:00
yakster	I have some thousand files…	19:00
yakster	if not more	19:00
Patrickdk	since when did rename work on one file at a time?	19:00
yakster	well that is why I am asking	19:01
Patrickdk	and I told you to use rename	19:01
yakster	ok…. what is the pearlexp? IDK anything about pearl….	19:03
Patrickdk	regexp	19:04
Patrickdk	rename 's/^[0-9]+ - (.)$/$1/' .avi	19:05
Patrickdk	might do what you want	19:05
yakster	ok, I appreciate your help, can you explain that syntax?	19:05
Patrickdk	http://lmgtfy.com/?q=regexp	19:06
yakster	yes that worked… thank you	19:08
=== aarcane_ is now known as aarcane
kklimonda	tjaalton: any idea where is ndr_nbt library from?	20:22
kklimonda	(it's one of freeipa dependencies, it's not in our samba4 sources, like other "ndr" libraries)	20:22
kklimonda	ah, apparently it's a new library, not present in alpha17 release - holy molly, it feels like freeipa folks are doing everything to make it harder to build this stuff on systems other than fedora/rhel..	20:24
Tixos	what is the correct way to fix this bug/error > PHP Notice: session_start(): ps_files_cleanup_dir:	20:38
qman___	a notice is just that, a notice	20:39
qman___	it doesn't mean anything is wrong	20:39
Tixos	its blocking lots	20:41
Tixos	hmm	20:41
Tixos	i disagree :P	20:41
Tixos	i dont like them	20:41
Tixos	i know i can supress, but it does mean something is not quite right	20:41
qman___	the notice itself is not an error, it may be hiding the actual error	20:41
Tixos	well i read that PHP doesnt have write access to its garbage location?	20:42
Tixos	on ubuntu	20:42
Tixos	but the default in ubuntu cleans this folder anyway	20:42
Tixos	so in this case i guess i can suppress the warning	20:42
qman___	error levels go something like this: info, notice, warn, error	20:43
qman___	info and notice are just letting you know that things are happening	20:43
qman___	warn could be a problem, but could just be a warning, and error means something fatal happened	20:43
qman___	if you're getting unexpected behavior, info and notice can lead you to the problem, but they're not direct errors of problems, and won't necessarily lead you to what's wrong by themselves	20:44
Tixos	it seems messy though, i had a script and was getting tons of 'index not defined PHP errors' i have wrapped some of them in '''s and it fixed the warning	20:45
Tixos	is that just poor coding>?	20:45
qman___	the script is probably written for an older (or possibly newer) version of PHP	20:46
Tixos	yea i thought that	20:46
Tixos	so this	20:46
Tixos	in ubuntu	20:46
qman___	the major version points to be careful of are PHP4 to PHP5, 5.0 to 5.2, and 5.2 to 5.3	20:46
Tixos	PHP Notice: session_start(): ps_files_cleanup_dir: opendir(/var/lib/php5) failed: Permission denied (13)	20:46
Tixos	there is no clean way to fix this error ?	20:46
Tixos	or 'notice'	20:46
qman___	I'd think that'd be more than a notice, but you'd have to find more information on that particular issue	20:47
qman___	unless it's causing a problem, I would leave it	20:47
qman___	but if it is, you could change the permissions on that directory	20:47
qman___	be aware though that this could have major security implications	20:47
Tixos	i would like to fix so i came here :)	20:47
Tixos	changing permissions also seems a little 'naughty'	20:47
Tixos	like i said i think there is a cronjob for it in ubuntu ?	20:48
qman___	well, that's how you correct 'permission denied'	20:48
qman___	but it may be denied for a good reason	20:48
Tixos	but if ubuntu is already doing the job, maybe i should remove it from the php ?	20:48
Tixos	i want the 'cleanest' way :)	20:48
qman___	there are only two ways	20:49
qman___	change permission, or disable the function that's being denied	20:49
Tixos	this is what causes the error	20:49
Tixos	session_start();	20:49
Tixos	but its PHP usage of this that causes the notice?	20:50
qman___	quick google reveals bug 619855	20:51
uvirtbot	Launchpad bug 619855 in php5 "session.gc_probablity=1 in /etc/php5/apache2/php.ini conflicts with permissions on /var/lib/php5" [Low,Won't fix] https://launchpad.net/bugs/619855	20:51
qman___	and from what I'm reading there, it's a problem between upstream and ubuntu's way, and is safe to ignore completely	20:53
qman___	if you just want the messages gone, use @session_start(); instead	20:53
Tixos	should i set gc_prob to 0 ?	20:53
Tixos	id rather not have it filling up my logs	20:53
qman___	they will still occur with that set to 0, just less often, and that actually reduces functionality	20:54
Tixos	ic	20:55
Tixos	i like this guys reply > Agustín Fernández (yo-agustinfernandez) wrote on 2010-09-09:	20:56
Tixos	surely one of the other should be fixed, settings or permissions, via ubuntu/php	20:56
qman___	the final reply sums it up best	20:56
qman___	it's unfortunate but it provides the best default	20:56
Tixos	lol	20:57
Tixos	should i chown the DIR to root:www-data?	20:57
qman___	it's a matter of which is worse, breaking security, breaking compatibility, or log noise	20:58
qman___	right now there's log noise	20:58
qman___	changing permissions break security	20:58
qman___	and changing the setting breaks compatibility	20:58
Tixos	can i 'loosen' them like he suggests	20:58
Tixos	without breaking security	20:58
qman___	not likely	20:58
qman___	I would leave it as is, personally	20:58
Tixos	makes reading logs painful :)	20:59
qman___	second choice modifying the script with the @session_start();	20:59
qman___	third choice disabling the feature	20:59
Tixos	guess i can grep the errors out though	20:59
Tixos	what does the @ do ?	20:59
qman___	suppresses errors for that line	20:59
Tixos	nice.	20:59
Tixos	:)	20:59
Tixos	ty	20:59
stgraber	hallyn: just noticed a few more services failing because of the lack of net-device-up of 'lo'. I'll upload a new ifupdown including a new upstart job emitting the needed net-device-added and making everything work for containers.	21:22
Tixos	If i am using a SSL virtualhost, like the default one in ubuntu, so i replace _default_ with serverIP or domain name?	22:06
Jeeves_	Tixos: No, why?	22:08
Jeeves_	Will you be using multiple vhosts ?	22:08
Tixos	what should it be?	22:14
Tixos	the domain name?	22:14
Tixos	getting some 408 errors, wondering if its related at all to bad config	22:25
Tixos	but like this, what does it mean	22:26
Tixos	[12/Feb/2012:16:26:38 -0600] "-" 408 145 "-" "-"	22:26
Tixos	any ideas? getting quite a few, should i jack up max clients or something?	22:32
Tixos	keepalive timeout ?	22:34
shauno	tum tee tum	22:36
shauno	gah, wrong window, sorry	22:36
=== duckydan_ is now known as duckydan
koolhead17	hi all	23:27
=== n000 is now known as koolhead11
=== Jasonn_ is now known as Jasonn
fraterm	hello there	23:47
koolhead11	hi fraterm	23:51

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!