[00:46] okay. i'm trying to get phpmyadmin up and running on a ubuntu server using apt-get to install all the fun things. i still get a 404 error and i'm really quite sure i broke it all. anyone who wants to try and help me? i feel it is hopeless but perhaps you will help me see the light [01:10] man i'm stoked. just ordered an n40l for home :) dropping 12.04 on it as soon as it arrives === bazhang_ is now known as bazhang [01:51] whats an n40l? [01:52] ahh home nas [01:52] http://h10010.www1.hp.com/wwpc/uk/en/sm/WF06b/15351-15351-4237916-4237917-4237917-4248009-5163346.html?dnr=1 [01:52] Bleh, not a fan of HP [01:54] twb: me neither [01:55] it's ok, just seems pricy for it's performance [01:55] After all they bought compaq and we all remember what compaq units were like [02:11] how can I get dhclient to override the local hostname? [02:12] just delete /etc/hostname? [02:13] mgw: only if you want to break everything. [02:13] ok, that's what I thought [02:13] what's the right way [02:13] ? [02:14] live-config does it, but I don't remember how [02:14] BCP is to do it the other way around -- the machine has a name and it tells the DHCP server what it is [02:15] hmm… ok…. I'm bringing up a number of VMs and the DHCP server (cobbler) knows their hostnames from the MACs [02:15] (isc actually, but controlled by cobbler) [02:16] If that's really best practice, I can do it the other way… I'm pushing configs out in my bootstrap script [02:16] If they're all VMs provisioned from the same base image, that's the same class of thing as live-config [02:17] My BCP remark is about normal hosts that you install and then they run until they explode, not this new-fangled cloud shit where hosts are born and die automagically without any babysitting [02:17] twb: Please keep the language clean. [02:19] bug 90388 has this posted: "We solved it by putting "hostname $new_host_name" into a file at /etc/dhcp3/dhclient-exit-hooks.d/" [02:19] Launchpad bug 90388 in dhcp3 "hostname supplied by dhcp server is not used" [Low,Fix released] https://launchpad.net/bugs/90388 [02:19] mgw: how does it know the FQDN, unless you also edit /etc/hosts ? [02:20] Maybe if you are executing "hostname foo.example.net" instead of just "hostname foo", that becomes irrelevant? [02:20] twb: yeah, that's the other side [02:21] mgw: oh sorry, I thought you were one of the regulars, didn't realize you were the OP :-) [02:21] twb: lol… I'm a 'regular' once or twice a week [02:22] I think I'll just template out /etc/hosts & /etc/hostname [02:22] And not worry about dhcp [02:22] These VMs do keep the same hostname for life === JonEdney is now known as Jon|AFK [04:57] how can i list who is connected via ftp or sftp? [04:57] who -a seems to be a dead end. lastlog seems to only be for ssh. [05:01] Zanzacar: look at the process table [05:01] pgrep internal-sftp or something [05:07] well thats just going to give me the process id wont it. it wont really tell me who is connected or anything like who would do for ssh [05:08] Zanzacar: so then find out who owns the process [05:34] hello all. I have an issue I was hoping someone could assist with. [05:34] I just upgraded to 12.04 and it randomly dies. the machine stays on, but I can't access it, either directly or ssh [05:34] i have to constantly cold boot it to get it back. [05:35] anyone else having this issue or know what's going on? [05:53] so.......no [06:02] twb: I think I figured everything out ps aux | grep ftp [06:02] this lists both the sftp through openssh and the ftp through vsftpd [06:02] thank you for your help [06:05] Whatever === Arc_ is now known as a5m0 === almaisan` is now known as al-maisan [09:09] hello === al-maisan is now known as almaisan-away === almaisan-away is now known as al-maisan === al-maisan is now known as almaisan-away === sanderj_ is now known as Sander^work [13:49] when someone logs into a server behind a router via SSH it always shows the routers WAN ip as the connected from address.. is there a way to fix that? [13:52] are they using a rfc1918 address (using NAT)? [13:54] unless they are specifically proxying via that IP, that's all I can think you want to "fix". And you can't. [13:59] <_ruben> it's a "bug" in the router .. it should only touch the destination address, not the source address [14:00] sounds pretty rare, source? [14:01] <_ruben> mardraum: common sense :) [14:01] mardraum: i figured it out :P some doofus translated the srcaddr [14:01] common sense says that lots of routers have bugs where they modify the source address? [14:01] yeah [14:01] was driving me mad [14:02] kantlivelong: translated how [14:02] in the NAT [14:02] <_ruben> mardraum: i didn't say lots, i said it does happen, wouldn't know anything about the scale of it :) [14:02] ... [14:02] kantlivelong: that's what NAT is, you know right? [14:02] its a crummy sonicwall :O [14:02] yes but they translated what the sourceaddr was [14:02] _ruben: if it does happen, show some evidence [14:02] instead of keeping the orig [14:03] <_ruben> mardraum: kantlivelong did [14:03] did he? [14:03] he said a doofus, not a bug. [14:03] yeah [14:03] <_ruben> i said "bug" .. as in: crappy implementation of router software [14:03] a doofus set it up wrong [14:04] translated it to the WAN ip [14:04] dunno why :( [14:04] * kantlivelong hates sonicwall [14:04] hallyn hi. I don't think you filed a bug for the lxc-start-ephemeral quoting issue (the one like lxc-clone). I couldn't find it in Launchpad. IS is asking me to give them a bug number. I could file it myself, but I'm not sure what the quoting issue is exactly. I did some experiments with echo $line and couldn't seem to get it to misbehave. [14:04] granted any router can do it.. [14:04] <_ruben> some routers have it hardwired, others have it configurable through the settings [14:04] i got a nice shiney new router to replace it soon anyway [14:05] 8 port gbe pfsense running box [14:05] *winning* [14:05] kantlivelong: if you are using NAT, the source address is *always* translated. [14:05] <_ruben> mardraum: wrong [14:05] going out.. it typically is [14:05] inbound no [14:05] <_ruben> if you are using SNAT, sure .. if you are using DNAT, no [14:06] atleast now i can run fail2ban again :) [14:06] oh jeez [14:06] SNAT, DNAT [14:07] SNOT [14:07] :) [14:07] SNAT is a bullshit term, first thing [14:07] <_ruben> how so ? [14:07] perhaps time to resume this in #networking [14:08] hah! even wikipedia agrees [14:08] :) [14:08] Does Ubuntu have any CLI tools to see if there's any currently-installed packages against the security advisories, kind of like Gentoo does? [14:08] "The meaning of the term SNAT varies by vendor. Many vendors have proprietary definitions for SNAT. A common expansion is source NAT, the counterpart of destination NAT (DNAT). Microsoft uses the acronym for Secure NAT, in regard to the ISA Server. For Cisco Systems, SNAT means stateful NAT." [14:08] SNAT is meaningless. [14:08] mardraum: aka SNOT [14:08] <_ruben> NAT should be meaningless [14:08] * _ruben welcomes our IPv6 overlords [14:08] Psi-Jack: unsure :) [14:09] * kantlivelong misses gentoo [14:09] NAT is a fact of life [14:09] indeed [14:09] even without computers :) [14:10] I'm having a problem with a virtual machine host running Ubuntu 12.04, the machine can ping the outside word and I can run a apt-get update/upgrade successfully, the virtual machines connect to the internet just fine, but I still cannot SSH or ping from outside the machine. I have turned off ufw and flushed iptables, but still cannot get it to work. [14:11] fwiw, it worked prior to a reboot. [14:14] iggi: it's probably your routing [14:15] iggi: the setup is to masqurade or nat out, not nat back in [14:15] ikonia, it would have to be on the machine itself as it is a globably routeable IP and the router on the other end of the cat5 cable can't even ping or SSH to the machine [14:16] iggi: can you connect to the host (not the virtual machines) from the outside world ? [14:16] nope [14:16] ok, so then it's nothing to do with the virtual machiens [14:16] your public IP address is not setup to route to the physical machine [14:18] I was just using them as an example of traffic moving across the interface. As for it not routing, I'm not sure why it wouldn't the router sees the interface's MAC in the ARP table entry. [14:19] gary_poster: bug #997687 [14:19] Launchpad bug 997687 in lxc "lxc-start-ephemeral needs to quote $line when echoing" [Critical,Fix released] https://launchpad.net/bugs/997687 [14:19] router seeing a mac doesn't mean it's setup to route/nat traffic to that device [14:19] iggi: sorry that was for you [14:20] hallyn, yeah, sorry, was just about to say that we found it. Sorry, was looking in https://bugs.launchpad.net/ubuntu/+source/lxc and it is not there [14:20] right bc it's fixed released in q [14:21] unfortunately the fix isn't even in precise-proposed yet, bc the existing SRU lxc package is waiting for its vetting period to end [14:21] (so it's in the unapproved queue for precise-proposed) [14:21] ah ok hallyn, gotcha [14:21] thank you [14:22] ikonia, If you don't mind I'll PM the routing info, I'd prefer not to post the IP in a public channel [14:22] iggi: have you set it up to route the public IP address to your servers physical interface ? [14:42] Psi-Jack, I was curious about your question. I haven't tried this so it may be useless, but have you checked out tiger and its "deb_checkadvisories" command? sounds close to what you want. http://www.nongnu.org/tiger/tiger.8.html OTOH, you could maybe just enable unattended-upgrades if that's all you really want. http://askubuntu.com/questions/194/how-can-i-install-just-security-updates-from-the-command-line [14:45] gary_poster: No, I want to be able to check IF specific packages currently installed have been pacthed against known security advisories, because one thing about Ubuntu LTS is, you may be running older versions of specific software, but they have security patches applied to them constantly when advisories are out. This makes a LOT of false posatives from IDS/Analysis systems like Alert Logic that don't know this. [14:46] ah I see Psi-Jack. Sorry couldn't help. [14:46] hehe [14:47] Gentoo has this handy dandy tool that used the Gentoo security advisory system they have setup, against all the packages you have installed from the ebs. [14:53] Psi-Jack: not entirely the same, but you are not alone: http://ubuntuforums.org/showthread.php?t=1962129 [14:54] there is apt-get changelog but I don't think there is an automated checking tool :( [15:07] Hmmm [15:07] Wow... That's quite surprising that there is no such tool that at least utilizes even the Ubuntu Security Notices. [15:08] there is CVE tracker from the securit team, but I guess that is the software that actually is the tracker [15:10] Heh yeaaah... [15:10] Pretty darned bad, IMHO! [15:13] sorry first time using ubuntu server, where do you set static dns? i would have thought /etc/resolv.conf but it warns me it will be overwritten [15:15] eein: dns-nameservers entry in /etc/network/interfaces [15:16] Psi-Jack, thanks [15:19] every time i start up, i get a few errors and cant login. '[drm] nouveau 0000:00:0d:0: === misaligned reg 0x0060081D' and '[drm] nouvea 0000:00:0d.0: unknown connector type: 0xff!!' [15:20] not sure what it means or why it happened, i was able to login fine a few minutes ago [15:20] im on 12.04 amd64 === Lcawte|Away is now known as Lcawte === EvilResistance is now known as Resistance === matsubara is now known as matsubara-lunch === fenris is now known as Guest56365 [16:37] in Apache can I make it so each one of my virtualhosts have a same subdirectory. For example I'd like it so I have a "/docs" that's the same for every virtualhost. ANy ideas? [16:40] kpettit: you can add this line to each vhost config... Alias /docs /path/to/docs/dir [16:40] Ah, Alias. THat's the command I was forgetting. Thanks! === Jon|AFK is now known as JonEdney [17:09] hi, i was using fdisk -l command to see some new disks ive added, can anyone tell me why the "disk ident" is 0x00000000 [17:10] when the live used disks have numbers.. === Taftse2 is now known as Taftse === matsubara-lunch is now known as matsubara === ropetin_ is now known as ropetin === daker is now known as daker__ [18:13] anyone around? [18:14] what do I do to have my server eth0 act as dhcp client, instead of static ip which it has now? [18:16] and how do I "refresh" the DHCP ip? It gets .142, but in my router I have reserved its MAC to get .100 [18:52] zaitzev: sudo dhclient -r to release, sudo dhclient to renew [18:53] er. might be sudo dhclient ethX where X is whatever [18:54] hm, i tried [18:54] but it keeps getting .142.. [18:54] even though my router has defined a static lease to the server eth0 MAC, to .100 [18:54] zaitzev, cat /etc/network/interfaces? [18:56] bbiaf, gotta grab some food [18:56] http://paste.ubuntu.com/982157/ [18:56] I might as well just drop the whole idea of using dhcp on the server, and set it back to static.. [18:57] generally best if you want it to be [19:00] I get another issue now tho [19:00] can't login with ssh [19:01] "permission denied, please try again" even though I do use the correct password [19:02] I did ssh-keygen -f here, do I need to do something similar on the server? [19:03] hello all. I have an issue I was hoping someone could assist with. [19:03] I just upgraded to 12.04 and it randomly dies. the machine stays on, but I can't access it, either directly or ssh [19:03] i have to constantly cold boot it to get it back. [19:03] anyone else having this issue or know what's going on? [19:04] zaitzev: you need to get your publickey info from your system to the remote server's authorized_keys file for your user === smb` is now known as smb [19:04] but you'd need to be logged in first on the remote server [19:05] stgraber, Where art you? [19:05] Resistance: I'm at the server console [19:05] stgraber, LXC in Jr ballroom 2 [19:06] Resistance: but the rest of the stuff you said is sort of greek to me xD [19:10] zaitzev: did you generate the key pair on your end? [19:12] I didn't manually generate anything tho [19:12] hmm, i might have misread the backlogs then [19:12] I'll try reinstalling openssh [19:12] * Resistance glances as his local server monitoring panel, realizes a primary server cluster went down. [19:12] darn, i'll have to fix that... [19:13] * Resistance disappears [19:15] I reinstalled openssh-server [19:15] so I'm back to where I was before messing with the ip settings :) === Lcawte is now known as Lcawte|Gaming [19:30] zaitzev [19:30] on your remote system, if you've generated your ssh keys [19:31] I purged openssh-server and reinstalled it, that made it work again :) [19:31] run ssh-copy-id -i ~/.ssh/id_{rsa,dsa}.pub user@server [19:31] from the remote system [19:32] in case the same thing happens again, I can do that instead? [19:33] ? [19:33] that's how you authorize access w/ that key [19:34] ssh-copy-id copies your pubkey into ~/.ssh/authorized_keys on the server [19:34] so that the ssh server can verify you when you try to log in [19:41] med_, smb: sorry was leading another session before that took a bit longer than it should have ;) [19:42] no worries. [19:42] someone said ping you in this channel, so I did. [19:42] zaitzev, don't disable password-based logins until you've verified that key-based logins work :) [19:45] smoser, what's the name of device-id that cloudinit searches for [19:45] its in that script that i sent you [19:45] 'cidata' maybe [19:45] probably === Lcawte|Gaming is now known as Lcawte|Away [19:51] smoser, yup thanks, got it [19:51] tis cidata indeed [20:59] attempting to uninstall haproxy with apt-get remove results in the daemon being started in the foreground and hanging. no joke. http://pastie.org/3897015 [21:40] what causes postfix (and dovecot) not to log to mail.log and mail.err? === Lcawte|Away is now known as Lcawte [22:23] hello all. I have an issue I was hoping someone could assist with. I just upgraded to 12.04 and it randomly dies. the machine stays on, but I can't access it, either directly or ssh [22:23] I have to constantly cold boot it to get it back. Anyone else having this issue or know what's going on? [22:32] lemme try a different way... is there a command to roll back the version? [22:46] I assigned a static ip to my server but dns is not working. opening resolv.conf in nano the comment shows I should edit that file. But if I do anyway it works. What file should I edit for dns then? [22:47] correction: the comment shows that I SHOULD NOT EDIT that file [23:30] does anyone know if qemu-arm-static can be called via libvirt in precise? hallyn? [23:33] qemu-system-arm that is [23:34] So I'm new to ubuntu. Any suggestions for a getting started with server guide, or a suggestion for firewalls? [23:45] Is there a specific command to update 12.04 server? I run apt-get update, and it's still indicating 18 packages and 1 security update, even after I run the update. === Arc_ is now known as a5m0 [23:49] JonEdney, you'll want apt-get upgrade, not update [23:51] update just reads new entries in your sources.list/ppas you've added [23:54] Firebolt, I didn't know that, thank you [23:54] np [23:55] I remember that confused me thoroughly when I was new to ubuntu [23:56] Yeah I can see why. Desktop is different, the update manager pops up, it dont for the server since it's console-based. [23:57] If I run apt-get upgrade on a 11.10 server, will it try and upgrade to 12.04? [23:58] I have an 11.10 server on a VPS, and the host runs openvz and isn't supporting 12.04.