| TheLordOfTime | what would randomly change /etc/resolv.conf? | 00:58 |
|---|---|---|
| TheLordOfTime | on a server. | 00:59 |
| TJ- | NetworkManager | 00:59 |
| TheLordOfTime | nonexistent, command-line only | 00:59 |
| TheLordOfTime | quite literally a server without a gui :p | 00:59 |
| TheLordOfTime | so i struggle to see how network manager applies (should probably mention this is a VM this is occurring on btw) | 01:00 |
| TJ- | NetworkManager isn't a GUI, it's a system service | 01:00 |
| TJ- | You're probably thinking of the NetworkManager applet that can control it from a user session over dbus | 01:00 |
| TheLordOfTime | its a VM, last i checked the ISO we used on that VM, it didnt install networkmanager | 01:00 |
| TheLordOfTime | but i'm probably nor eading it right :p | 01:01 |
| TheLordOfTime | not reading* | 01:01 |
| TheLordOfTime | what's its process name then? | 01:01 |
| TJ- | "apt-cache policy network-manager" | 01:01 |
| * TheLordOfTime sighs | 01:02 | |
| TheLordOfTime | not sure whether that's useful or not, i need its current runtime process name to issue a killall, because its breaking the VM's networking | 01:02 |
| TJ- | There isn't one, it consists of multiple tools depending on requirement | 01:02 |
| TheLordOfTime | then your statement isnt helpful. the resolv.conf on this server was *fine* withi only one nameserver entry, among other things. it *randomly* started getting modified, and not by any admin or user. | 01:04 |
| TJ- | If the package isn't installed then you don't have to worry about NM being the culprit | 01:04 |
| TheLordOfTime | then what would screw with networking? | 01:04 |
| TJ- | resolv.conf is written to by the glibc resolver using resolvconf | 01:04 |
| TJ- | "man resolvconf" | 01:05 |
| TheLordOfTime | the issue in this case is an *abrupt* loss of networking randomly, and the only changes to networking config are automatic changes to resolv.conf | 01:05 |
| TheLordOfTime | afaict at least. | 01:05 |
| TheLordOfTime | no changes by hand to the system would change it | 01:05 |
| TJ- | resolver changes would only affect name resolution. If it is losing connectivity then its something else. Check the system log-files for clues | 01:05 |
| TheLordOfTime | right, as I assumed | 01:05 |
| TheLordOfTime | which log files are relevant? | 01:06 |
| * TheLordOfTime hasnt encountered this issue before | 01:06 | |
| TJ- | As the lord of time, I'd have thought you'd know that! :D | 01:07 |
| * TheLordOfTime glares at TJ- | 01:07 | |
| TheLordOfTime | not funny, dude. | 01:07 |
| phillw | hiyas again -server | 01:07 |
| TJ- | Hey! You're an admin... read the man pages, *explore* the systen... that's how you find out things! | 01:08 |
| TheLordOfTime | ... | 01:08 |
| TheLordOfTime | some help you are | 01:08 |
| phillw | ooh,, hissy fit... | 01:08 |
| TJ- | It seems to be his permanent state - excessively demanding, unwilling to read the documentation, or explore the system. Always expects someone else to do the leg-work | 01:11 |
| === mcclurmc is now known as mcclurmc_away | ||
| === dendrobates is now known as dendro-afk | ||
| === MikaT_ is now known as MikaT | ||
| Syria | Could you please tell me how can i know what is my publick ip address on ubuntu 10.04.3 please? | 06:03 |
| pwnguin | i'm getting a wierd error with postgresql-9.1 | 06:30 |
| pwnguin | packaging | 06:30 |
| pwnguin | first it decided to turn on ssl without symlinking to snakeoil properly | 06:30 |
| pwnguin | and apt-get listchanges is stacktracing | 06:32 |
| pwnguin | KeyError: 'postgresql-9.1' | 06:32 |
| === chincloud is now known as chincloud_ | ||
| === chincloud_ is now known as chincloud | ||
| === mcclurmc_away is now known as mcclurmc | ||
| === mcclurmc is now known as mcclurmc_away | ||
| gazzwi86 | I'm setting up a LAMP server. This is my purposed set up: https://gist.github.com/3851707 Does anyone have any suggestions / improvements I should maybe consider? | 09:47 |
| drag0nius | not sure whats the cause | 09:51 |
| drag0nius | but i cant login locally to my server | 09:51 |
| drag0nius | it just keeps asking for login | 09:51 |
| drag0nius | i can login through network but not locally | 09:52 |
| === blinkin_ is now known as blinkin | ||
| HTDutchy | So you can login from ssh? perhaps the keyboard settings on local are wrong, or just try a simple reboot | 09:55 |
| HTDutchy | if the environment allows for that | 09:55 |
| drag0nius | i'm putting my login right | 09:56 |
| drag0nius | it just never asks for password | 09:56 |
| drag0nius | i click enter then its login again | 09:56 |
| drag0nius | also not sure why my home dir became encrypted | 09:57 |
| drag0nius | i can access it without problems, just i didnt do that | 09:57 |
| drag0nius | might be result of upgrade to 12.04.1? | 09:57 |
| HTDutchy | So it never prompts for password? thats odd, and as far as I know the upgrade doesnt encrypt your home dir by default | 09:59 |
| HTDutchy | not sure if it will even do that | 09:59 |
| drag0nius | afaik there were 2 power downs today | 10:02 |
| drag0nius | and i didnt restart it since last update | 10:02 |
| gazzwi86 | can anyone see any issues with my pruposed server configuration? https://gist.github.com/3851707 | 10:16 |
| chris| | gazzwi86, you might disable password login in sshd | 10:23 |
| gazzwi86 | chris| so i could only login with ssh keys? | 10:24 |
| chris| | gazzwi86, yes | 10:25 |
| gazzwi86 | chris| i can see why it would be useful but I'd want to be able to get in from anywhere should the server go down | 10:25 |
| chris| | how would you be able to log in if the server goes down? :) | 10:26 |
| feisar | morning, to increase redundancy on my 12.04 webserver can I bond two physical NICs together then create sub-interfaces (aliases) from bond0 (e.g. bond0:0, bond0:1) to assign multiple ip addresses? | 10:28 |
| chris| | feisar, yes | 10:28 |
| feisar | chris|: great, thanks | 10:29 |
| feisar | can sub-interfaces (bond0:0, bond0:1) be in the same subnet or is that going to cause me trouble? | 10:30 |
| === mcclurmc_away is now known as mcclurmc | ||
| roniez | I did a ugrade for some security patches and now it wont detected my eth0. :S i cannot find anything wrong | 10:55 |
| roniez | dmesg tells me its a e1000e model Intel Gigabyte 82566DM card | 10:55 |
| roniez | modprobe e1000e does not give me any errors | 10:55 |
| HTDutchy | can you manually add eth0 to your config? | 10:55 |
| roniez | ifup eth0 tells me it cannot find device eth0 | 10:55 |
| roniez | u mean in network/interfaces? | 10:56 |
| HTDutchy | yes, also, try ifup eth1, it might have changed drivers or something causing it to change number | 10:56 |
| roniez | tried ifup eth1 | 10:57 |
| roniez | just says ignoring it | 10:57 |
| HTDutchy | hmm anyone else have a solution? | 10:57 |
| roniez | in network/interfaces it already says auto eth0 inet dhcp | 10:57 |
| HTDutchy | hmm try putting eth1 there | 10:57 |
| HTDutchy | Alltough this shouldnt happen with an upgrade I have had this happen when migrating virtual machines | 10:58 |
| drag0nius | guess system reinstall will be required here | 11:00 |
| roniez | it also says failed to bring up eth0 | 11:00 |
| roniez | :S | 11:00 |
| roniez | hm | 11:00 |
| roniez | iface does not work for me | 11:01 |
| drag0nius | i mean in my case | 11:01 |
| drag0nius | no idea what ur talking about | 11:01 |
| Bert_2 | Hi, we are getting some strange emails concerning the SMART values of our server's harddrives from Munin http://pastebin.com/d7UHm3th now we did some smartctl long tests and they say the disks are healthy, do we need to replace these devices or does anyone know what is going wrong? | 11:02 |
| roniez | well drag0nius i installed ubuntu-server 12.04 and now it wont enable my eth0 | 11:04 |
| roniez | it did work yesterday | 11:04 |
| roniez | then i did a sudo apt-get upgrade | 11:04 |
| roniez | for some security patching | 11:04 |
| roniez | and now it wont enable my et0 | 11:05 |
| roniez | eth0 | 11:05 |
| drag0nius | lulwut | 11:05 |
| roniez | a lspci shows me it's there. | 11:05 |
| drag0nius | my server's custom name changed to "UBUNTU" | 11:05 |
| roniez | modprobe e1000e does nto gives me any errors | 11:05 |
| drag0nius | im gonna reinstall it from scratch i guess | 11:06 |
| drag0nius | just not today ;d | 11:06 |
| HTDutchy | why did it change drag0nius anything you did? | 11:06 |
| drag0nius | nope | 11:06 |
| HTDutchy | also, you can set the name using "hostname your.server.com" | 11:06 |
| drag0nius | i upgraded to 12.04.1 some days ago i guess but i didnt reset | 11:06 |
| drag0nius | then had 2 power downs today | 11:07 |
| drag0nius | and everything became weird | 11:07 |
| drag0nius | like i can login only through ssh, home became encrypted | 11:07 |
| HTDutchy | Well if it's nothing critical, it prolly is quickest to just make a clean one | 11:07 |
| drag0nius | server name changed | 11:07 |
| drag0nius | and this time i'll make some script to install all stuff at once ;d | 11:08 |
| HTDutchy | xD | 11:08 |
| drag0nius | i was pretty much experimenting before, 1st time running linux in cli etc xD | 11:08 |
| drag0nius | how would one do some config files edition with a script? | 11:09 |
| HTDutchy | Ah, I was there at that point once :> | 11:09 |
| drag0nius | i prolly have so much trash there i should reinstall anyway | 11:11 |
| HTDutchy | I've been messing with linux cli since I was 12 (now 19) when I was 13 I had a cluster of 3 old pentium computers... It worked, but I had no goal for it what so ever | 11:11 |
| drag0nius | xd | 11:11 |
| drag0nius | well i was using some basic cli on some classes | 11:11 |
| drag0nius | just got up server for first time like 4 months ago | 11:11 |
| drag0nius | its running as router, services etc | 11:12 |
| drag0nius | all routers work as wifi/lan hubs xD | 11:12 |
| HTDutchy | ah, thats allways a nice way to implement a server, alltough no real need it teaches a lot about networking | 11:12 |
| drag0nius | yeah | 11:13 |
| drag0nius | im gonna have freeride on some networking course this semester ;d | 11:13 |
| drag0nius | most stuff i did already | 11:13 |
| HTDutchy | At the moment I've got two vmware esxi servers running about 8 linux servers, everything I have is open source and free ware | 11:14 |
| drag0nius | got any tips how to do that automatic setup? | 11:14 |
| drag0nius | installing/completely replacing config files is no deal, but how about those little changes? | 11:14 |
| === cpg is now known as cpg|away | ||
| HTDutchy | I have no idea, I allways enjoy working into the night behind the cli, never looked into scripting a whole lot apart from python programs | 11:14 |
| drag0nius | hmm | 11:15 |
| drag0nius | guess python helps? | 11:15 |
| drag0nius | overally | 11:15 |
| HTDutchy | well you could have python rewrite some files | 11:16 |
| drag0nius | its my next goal to learn it | 11:16 |
| roniez | ok lol i solved it HTDutchy | 11:16 |
| roniez | some setting in bios had changed but i have no clue which one | 11:16 |
| HTDutchy | you should join #python and ask them :> | 11:16 |
| roniez | so i restoed bios to factory default and it worked. | 11:16 |
| drag0nius | im learning it anyway | 11:16 |
| Bert_2 | Hi, we are getting some strange emails concerning the SMART values of our server's harddrives from Munin http://pastebin.com/d7UHm3th now we did some smartctl long tests and they say the disks are healthy, do we need to replace these devices or does anyone know what is going wrong? | 11:16 |
| drag0nius | did some net app in java - Vaadin, next one will be with Django :) | 11:17 |
| === Bekos is now known as wouterb | ||
| HTDutchy | roniez: hmm weird indeed, nice to see it works | 11:17 |
| === blinkin_ is now known as blinkin | ||
| HTDutchy | Bert_2: are the emails coming from your machine or from another source? | 11:17 |
| HTDutchy | Sorry didnt read the munin part, I'd certainly keep an eye on those disks, how old are they? | 11:18 |
| Bert_2 | HTDutchy: it's from munin running on another server checking on the server with possibly failing disks | 11:22 |
| HTDutchy | ok, how old are these disks, becauase runtime of 70hours appears to mean either new disks or hours since last start | 11:22 |
| Bert_2 | the disks are certainly not new | 11:22 |
| Bert_2 | we're busy finding out how old they are :p | 11:22 |
| HTDutchy | Ah, well if they are more then 3-5 years then munin might be correct as thats when disks start failing... Is it a raid setup? | 11:23 |
| Bert_2 | it's a RAID1 setup, yes | 11:24 |
| Bert_2 | we only had messages for sda but starting yesterday sdb started complaining | 11:24 |
| Bert_2 | and according to our info they should be about 3 years old | 11:24 |
| Bert_2 | HTDutchy: so you recon we'd better replace them? | 11:25 |
| HTDutchy | Bert_2: well Im not sure, they could run for another 5 years just fine or could fail within a few weeks, But I'd atleast start by replacing one disk to keep the raid running and then use spinrite or other software to see whats wrong | 11:26 |
| fidel_ | hi - i would like to setup some kind of syslog-server/service including a useful webinterface for filtering. seems like syslog-ng is a good option for handling the logs - now i am wondering if anyone inhere has experiences i nthat field and could recommend some kind of php/webinterface for that fields. logzilla (former php-syslog-ng) might be 1 option - while i would prefer completlty free solutions. | 11:27 |
| HTDutchy | Bert_2: since both disks are giving the smart status at about the same time (24hrs) it seems that if they fail they do it at the same time | 11:27 |
| Bert_2 | HTDutchy: well, taking that server offline will be pretty difficult so we're thinking about indeed replacing one disk and then testing the one we've taken out | 11:28 |
| HTDutchy | Bert_2: thats what I meant to say, if Im correct the raid should be able to restore to the new disk while its running | 11:29 |
| Bert_2 | HTDutchy: yeah, we do that all the time on our backupservers ;) | 11:31 |
| Daviey | jamespage: i didn't quite understand the https/juju issue, can you expand please? | 11:43 |
| jamespage | Daviey, looking now - neither do I | 11:45 |
| jamespage | (copied from changelog) | 11:45 |
| Daviey | ahh | 11:45 |
| jamespage | Daviey, https://bugs.launchpad.net/juju/+bug/993034 | 12:00 |
| uvirtbot | Launchpad bug 993034 in juju "lxc deployed units don't support https APT repositories" [Medium,Fix released] | 12:00 |
| jamespage | this bug | 12:00 |
| jamespage | Daviey, cloud-init can set a proxy, but not differentiate between http and https | 12:01 |
| jamespage | hence the regression | 12:01 |
| Daviey | ahh | 12:03 |
| Daviey | jamespage: And you don't know if apt has been configured to dodge apt-cacher-ng? | 12:04 |
| Daviey | for https | 12:05 |
| jamespage | Daviey, digging into that now | 12:05 |
| jamespage | Daviey, no - its uses it | 12:12 |
| jamespage | https is not explicitly configured | 12:12 |
| jamespage | and apt-cacher-ng won't handle it | 12:13 |
| jamespage | by default that is | 12:13 |
| Daviey | jamespage: this could potentially be an issue. | 12:15 |
| Daviey | jamespage: do you have ideas how we should resolve it? | 12:15 |
| === doko_ is now known as doko | ||
| jamespage | Daviey, I have some ideas; maybe not use apt-cacher-ng anymore | 12:17 |
| jamespage | I think squid-deb-proxy would handle things better | 12:17 |
| Daviey | jamespage: right.. i think it was a poor decision to ave used apt-cacher-ng to start with | 12:18 |
| === n0ts_off is now known as n0ts | ||
| === Guest35492 is now known as Kiall | ||
| jamespage | Daviey, I actually use it with the local provider anyway | 12:20 |
| jamespage | by disabling apt-cacher-ng and running squid-deb-proxy on 3142 as well | 12:20 |
| Daviey | jamespage: I iamgine it's a pretty self contained change? | 12:21 |
| gazzwi86 | if I want users to only use sftp and not ftp do i just block ports 21 and open 22? | 12:22 |
| jamespage | Daviey, yes - but the impact is huge | 12:23 |
| jamespage | everyone who users local-provider will suddenly have a requirement for a new package to install | 12:24 |
| Daviey | jamespage: is that huge? | 12:26 |
| Daviey | flushing the apt-cacher-ng cache on removal is huger IMO :) | 12:26 |
| === dendro-afk is now known as dendrobates | ||
| jamespage | Daviey, its just hard to communicate - its only a Suggests for good reason | 12:29 |
| === n0ts is now known as n0ts_off | ||
| jamespage | Daviey, if thats a blocker then we need to stall for today | 12:32 |
| jamespage | I'm happy to push a snapshot to archive; less happy to start making changes to juju... | 12:33 |
| Daviey | jamespage: ahhh, i see | 12:33 |
| jamespage | Daviey, I think juju will tell users that it needs to be installed | 12:33 |
| jamespage | if its not | 12:33 |
| Daviey | jamespage: regressing apt+https seems reasonable for today, with a view of fixing that before release. | 12:33 |
| jamespage | Daviey, final freeze tomorrow right? | 12:34 |
| Daviey | jamespage: this is universe. | 12:34 |
| * jamespage shrugs | 12:34 | |
| jamespage | oh yes.... | 12:34 |
| jamespage | Daviey, I've finished sniffing - bug 1063697 | 12:42 |
| uvirtbot | Launchpad bug 1063697 in juju "[FFe] Please update to new snapshot release ~bzr592" [High,New] https://launchpad.net/bugs/1063697 | 12:42 |
| jamespage | looks OK to me other than the regression we just discussed | 12:42 |
| Daviey | jamespage: do you hate me? bug 1060319 | 12:46 |
| uvirtbot | Launchpad bug 1060319 in juju "FFE - Juju" [Undecided,Triaged] https://launchpad.net/bugs/1060319 | 12:46 |
| jamespage | Daviey, so FFe already approved? | 12:47 |
| jamespage | Daviey, "issues, we can likely expect 0.6 to release next Tuesday." is there really any point in uploading a new snapshot today then? | 12:48 |
| jamespage | quote SpamapS from the juju ML | 12:48 |
| jamespage | meh - I guess as I've done the work we can do it anyway - makes the jump a little less next go... | 12:49 |
| Daviey | jamespage: Oh golly. I'm really sorry. | 12:50 |
| VinceBrowning | Hello all? | 13:03 |
| VinceBrowning | Anyone? heh | 13:03 |
| Pici | er | 13:05 |
| === fjlacoste is now known as flacoste | ||
| fusion27 | I might be the newest noob in here. I've been using Ubuntu on the desktop since 6.04, good stuff. Just started with a new company, they wanted "any linux server" set up as an Amazon Web Service instance. I saw that you could sneeze out an Ubuntu server with ease. Set one up for them, client asked for a Java app server with Tomcat, Sun Java 6, Git and MySQL 5.x, got that all set up and ready to go. I'm a programer, aside fr | 13:14 |
| andol | fusion27: Looks like whatever you were writing got cut of after 'I'm a programer, aside fr', there being a max length on the messages an irc-server relays. | 13:23 |
| fusion27 | ahh | 13:24 |
| fusion27 | I'm a programer, aside from some 'sysadmin' work I've done at home with this crappy little nettop pc I have Ubuntu on for Plex, Lamp, Samba & Git, I've never donned a sysadmin hat. That client wants to be able to add users, run sudo-apt get upgrade, sudo apt-get install and possibly chmod & chgrp (those 2 are a guess on my part). I'm not entirely sure of what sysadmin vocabulary I'm going after here, but is there's an indus | 13:24 |
| fusion27 | I'm not entirely sure of what sysadmin vocabulary I'm going after here, but is there's an industry-standard "best practice" to give client's user the rights they need? Any opinions/guidance is massively appreciated. | 13:25 |
| fusion27 | andol: did that whole message get through? | 13:25 |
| andol | fusion27: The main question being on how to allow the client to do limited set of priviliged operations, without giving full root access? | 13:27 |
| fusion27 | I guess so, I'm a fully-fledged greenhorn with sysadmin, that sounds right. Does that set of privileges fly in the face of any best practices you've run in to before | 13:30 |
| rbasak | Unrestricted access to chmod == root | 13:30 |
| rbasak | Unrestricted *root* access to chmod == root I mean | 13:30 |
| andol | fusion27: Your question makes sense, and usually I'd point you to sudo, but as rbasak just pointed out, you hare to be really careful of the side affects, such as in the chmod case. | 13:31 |
| fusion27 | I was guessing on chmod and chgrp | 13:32 |
| fusion27 | really all I want for them to be able to do is add users, install/remove software and run updates | 13:32 |
| rbasak | Giving permission to install any software is almost as bad | 13:32 |
| rbasak | MIght as well just give them root. | 13:32 |
| fusion27 | oh is it? | 13:33 |
| fusion27 | I've not really seen any one do anything nefarious on a server | 13:33 |
| fusion27 | or stupid | 13:33 |
| fusion27 | well anyone, excluding me :D | 13:33 |
| andol | fusion27: And in the case of adduser, you loose in case they managed to create an uid 0 user. Not that I think the regular adduser command will allow you to create uid duplications, but still... | 13:33 |
| rbasak | You can achieve what you want if you can define specifically what they need to do and write wrappers | 13:35 |
| fusion27 | so just let them run updates, contact us when you want to add users, install software, etc | 13:35 |
| fusion27 | ? | 13:35 |
| rbasak | But I wouldn't advise that a newbie sysadmin try this and expect it to be secure | 13:35 |
| Daviey | SpamapS: How do you feel about juju swapping out Suggest from apt-cacher-ng to our favoured squid-deb-proxy? | 13:36 |
| SpamapS | Daviey: IMO we should not favor that, but that would require code changes. | 13:37 |
| Daviey | SpamapS: the issue is that the current trunk regresses https/apt access, right? | 13:38 |
| SpamapS | Daviey: yes, but thats an apt problem, not an apt-cacher-ng problem. | 13:38 |
| Daviey | SpamapS: Right, but our favoured caching solution is squid-deb-proxy | 13:39 |
| Daviey | (which supports this OOTB) | 13:39 |
| SpamapS | Daviey: and really, that was a silly way to fix that bug. Its not a bug. If a charm wants to add an https source, it should setup apt properly not to use a proxy for https. | 13:39 |
| SpamapS | Daviey: how does squid support it? | 13:39 |
| Daviey | SpamapS: I thought it did straight pass through ? | 13:40 |
| Daviey | But ok, if you believe charms will work in this scenario, it's not a regression | 13:40 |
| SpamapS | Daviey: I just think that its a problem charms can solve themselves, so it shouldn't have been (erroneously) catered to with a change in the inside-the-container config | 13:41 |
| SpamapS | Daviey: that said, if s-d-p does somehow support https passthru where a-c-ng does not.. thats a somewhat compelling reason to switch, despite my reservations. :) | 13:41 |
| Ng | +1 anything that gets rid of apt-cacher-ng | 13:42 |
| Daviey | SpamapS: why was a-c-ng made default ? | 13:42 |
| Daviey | Ng: hello stranger | 13:42 |
| SpamapS | Daviey: No idea. | 13:42 |
| SpamapS | Ng: lol, the irony of your handle making that statement :) | 13:43 |
| rbasak | which reminds me: are we creating blueprints for r yet? I'd like an apt-improvements one for R, so that I can finish the by-hash work | 13:43 |
| Ng | SpamapS: that's why I'm making it, every time you people talk about a-c-ng, irssi hilights! | 13:43 |
| Ng | Daviey: hey :) | 13:43 |
| Daviey | The original CJ was rubbish, this is CJ-ng | 13:43 |
| SpamapS | rbasak: yes we should have been creating them for a while now ;) | 13:43 |
| Daviey | rbasak: you do read the mailing list, right? | 13:44 |
| rbasak | Daviey: now and then. But since I've been working full time on MAAS, only around once a week. Normal list reading service is expected to resume next cycle :) | 13:44 |
| Daviey | rbasak: https://lists.ubuntu.com/archives/ubuntu-devel/2012-October/035950.html | 13:44 |
| Daviey | rbasak: You've not missed much :) | 13:45 |
| rbasak | Daviey: thanks! | 13:45 |
| SpamapS | Daviey: anyway, I could see making the switch to s-d-p just because its in main. | 13:46 |
| Daviey | SpamapS: right! | 13:46 |
| SpamapS | Daviey: its possible switching just involves changing the default proxy port. | 13:46 |
| === niemeyer_ is now known as niemeyer | ||
| hallyn | SpamapS: the bug about cloud containers having corrupt cache if interrupted is actually nto fixed in q | 14:12 |
| hallyn | i think - looking at src | 14:12 |
| hallyn | oh oops, yeah it is. should be. | 14:13 |
| hallyn | was misreading, thinking the extraction of tarball into container was part of building the cache | 14:13 |
| SpamapS | hallyn: yeah I already marked it dup :) | 14:15 |
| TheLordOfTime | 10.10 bugs are Won't Fix right? | 14:15 |
| TheLordOfTime | SpamapS, 10.10 bugs get "Won't Fix"'d right? for server packages | 14:16 |
| TheLordOfTime | (php5 specifically) | 14:16 |
| === dendrobates is now known as dendro-afk | ||
| === dendro-afk is now known as dendrobates | ||
| raub | dancer-services is no longer a package (at least in 12.04)? | 14:19 |
| === dendrobates is now known as dendro-afk | ||
| === dendro-afk is now known as dendrobates | ||
| SpamapS | smb: will the fix for bug 1021471 (part 1 .. part 2 is another bug, I agree) ship in quantal or is that going to land in the first SRU kernel? | 14:23 |
| uvirtbot | Launchpad bug 1021471 in linux "clone() hang when creating new network namespace (dmesg show unregister_netdevice: waiting for lo to become free. Usage count = 2)" [High,Confirmed] https://launchpad.net/bugs/1021471 | 14:23 |
| === mcclurmc is now known as mcclurmc_away | ||
| holstein | raub: i see dancer-ircd | 14:23 |
| smb | SpamapS, Plan is to be in an upload this week (so shipping with quantal) | 14:24 |
| raub | holstein: but not dancer-services | 14:26 |
| raub | I wonder if it is no longer needed. | 14:26 |
| raub | https://launchpad.net/ubuntu/precise/+package/dancer-services | 14:26 |
| holstein | raub: i was assuming its just part of it | 14:26 |
| raub | holstein: that is where I am at. Last time I installed it (1.04), I needed both. But right now I amnot sure anymor | 14:27 |
| rtg | hallyn, rebooting tangerine for dbus update. lemme know when your build is finished | 14:28 |
| SpamapS | smb: \o/ | 14:30 |
| SpamapS | smb: I figure the wl bug will take more triage effort :P | 14:30 |
| TheLordOfTime | SpamapS, when you're not busy, please let me know how this should be set: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/744371 (against 10.10, which is EOL) | 14:31 |
| uvirtbot | Launchpad bug 744371 in php5 "PHP5-FPM doesn't always restart on 10.10" [Medium,Confirmed] | 14:31 |
| smb | SpamapS, Well at least a similar amount as up to now and by then we are clearly beyond the acceptable time for uploads before release. | 14:31 |
| hallyn | rtg: ok | 14:31 |
| TheLordOfTime | or hallyn, or any other bugcontroller | 14:32 |
| TheLordOfTime | (its a server package, so i thought i'd ask here first before stabbing someone like bdmurray or a bug-god) | 14:32 |
| TheLordOfTime | s/stabbing/poking/ | 14:32 |
| hallyn | TheLordOfTime: is it only valid against 10.10? | 14:32 |
| hallyn | it might be worth asking first if they've reproduced it against 11.04 or later | 14:33 |
| SpamapS | smb: right. BTW, are we allowed to patch wl given its proprietary license? I've not looked into it. | 14:33 |
| hallyn | otherwise yes, invalid is appropriate | 14:33 |
| TheLordOfTime | hallyn, no activity since 2011-09-08, i'm assuming nobody's tested, my first action would be to ask them to test against 11.04 or at least a non-EOL release | 14:33 |
| hallyn | TheLordOfTime: that'd be right | 14:33 |
| hallyn | TheLordOfTime: thanks | 14:34 |
| smb | SpamapS, We can only patch the part we have source for (obviously). So it really depends where the issue lies really. | 14:34 |
| smb | SpamapS, But knowing that it strongly depedns on whether using wl or not I can probably look at the special dmesg with that in mind | 14:35 |
| TheLordOfTime | hallyn, isnt 11.04 EOL soon | 14:36 |
| TheLordOfTime | if not already? | 14:36 |
| TheLordOfTime | or am i misreading my numbers | 14:36 |
| * TheLordOfTime yawns | 14:36 | |
| hallyn | TheLordOfTime: yeah, i think in a month. | 14:37 |
| TheLordOfTime | hallyn, if i'm reading the wiki page for Releases, its flagged for October 2012... would the release team have a more specific date? | 14:37 |
| hallyn | TheLordOfTime: well you can ask there, but i assume it's the day of q release. | 14:38 |
| hallyn | rtg: done | 14:38 |
| rtg | hallyn, ack | 14:39 |
| feisar | Hi, I'm trying to get a Bond interface up but I'm getting an error: Waiting for a slave to join bond0 (will timeout after 60s) RTNETLINK answers: File exists Failed to bring up bond0. Here is my /etc/network/interfaces http://pastebin.com/cQHFcip4 | 14:44 |
| TheLordOfTime | hallyn, did you test that bug in natty? | 14:47 |
| TheLordOfTime | https://bugs.launchpad.net/ubuntu/+source/php5/+bug/744371 | 14:47 |
| uvirtbot | Launchpad bug 744371 in php5 "PHP5-FPM doesn't always restart on 10.10" [Medium,Confirmed] | 14:47 |
| rbasak | feisar: are you missing bond-primary directives? See http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/ifenslave-2.6/precise/view/head:/debian/README.Debian | 14:48 |
| feisar | rbasak: thanks, I have just been going by the ubuntu guide here: https://help.ubuntu.com/community/UbuntuBonding | 14:48 |
| TheLordOfTime | hallyn, given 11.04 EOLs this month, i've suggested that it should be tested against 11.10 | 14:49 |
| TheLordOfTime | hallyn, if you're willing, feel free to test that :P | 14:49 |
| * TheLordOfTime doesnt have the resources to test at this moment in time | 14:50 | |
| hallyn | TheLordOfTime: I had tested it on natty according to my comment. that was the last i looked at that bug | 14:50 |
| rbasak | feisar: I'm not familiar with bonding. I'm just aware of a bug which related to the details for precise having changed. The README is another source of information, anyway. If there's anything wrong in the wiki, please correct it | 14:50 |
| TheLordOfTime | hallyn, got a spare 11.10 system lying around for testing? | 14:50 |
| TheLordOfTime | hallyn, because for all intents and purposes, 11.04 EOLs this month | 14:50 |
| TheLordOfTime | which makes that bug Invalid | 14:50 |
| feisar | rbasak: sure, thanks | 14:50 |
| TheLordOfTime | unless it exists in 11.10 or later. | 14:50 |
| hallyn | TheLordOfTime: i'll give it a shot on 11.10, hold on | 14:51 |
| TheLordOfTime | hallyn, if you can't confirm in 11.10 post that, i have to disconnect, and given my bouncer is screwed becuase OVH messed up, i'll only see responses in the public irc logs | 14:51 |
| hallyn | TheLordOfTime: i'll comment in the bug -ttyl | 14:51 |
| Jinxed- | What is the best way to fully backup a linux based server? | 14:55 |
| pmatulis | Jinxed-: depends what you mean by "best way" | 14:59 |
| Devo-Kun | Jinxed: You trying to backup to another server, another disk, or something like S3 ? | 15:00 |
| Jinxed- | I have a linux box right now, and I can't log into it. I don't think its anything important but I'm borrowing it from someone, so I want to completly image whatever they have so if I need to I can put it all back when I'm done | 15:01 |
| Devo-Kun | Do you have an external hard drive to image the machine to? | 15:02 |
| === kInOzAwA1 is now known as kInOzAwA | ||
| raub | What does set timeout=${GRUB_RECORDFAIL_TIMEOUT:--1} | 15:05 |
| raub | mean in /etc/grub.d/00_header? | 15:05 |
| rtg | hallyn, tangerine is back | 15:08 |
| === TheLordOfTime is now known as TLoT | ||
| TLoT | hallyn, saw your response. i've tagged the bug with 'maverick' and 'natty', but since i can't set against specific releases of Ubuntu, that duty falls to a dev | 15:14 |
| TLoT | hallyn, and as you said, the init scripts have changed quite a bit since thne | 15:15 |
| TLoT | s/thne/10.10 and 11.04/ | 15:15 |
| hallyn | TLoT: I think the right thng is to mark it fix released in q. if anyone wants to request it be targeted at natty, we can explain again that it's EOL in a month | 15:16 |
| TLoT | hallyn, indeed, you want to do that, or should I? | 15:16 |
| hallyn | TLoT: i'll do it , one sec | 15:17 |
| TLoT | i'm still rebooting after a kernel update, and its sluggishy, so i'm debugging that now | 15:17 |
| TLoT | :P | 15:17 |
| hallyn | TLoT: marked. thanks. ttyl :) | 15:18 |
| TLoT | hallyn, no problem, php5 is one of those packages I like to SRu, so sifting through older bugs and getting them marked fixed, won't fix, invalid, or "Whaaaat?" is one of my self-appointed tasks :p | 15:19 |
| * TLoT found the fault that was causing lag | 15:19 | |
| TLoT | turns out it wasnt the kernel :p | 15:20 |
| === zz_KristianDK is now known as KristianDK | ||
| AdvoWork | hi there, any suggestions as to why when i boot my server(10.04) it says Disconnected from plymouth? | 15:31 |
| raub | Is the fix for https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/669481 out? | 15:34 |
| uvirtbot | Launchpad bug 669481 in grub2 "Timeout should not be -1 if $recordfail" [Medium,Fix released] | 15:34 |
| TLoT | raub, i'm assuming since its Fix Released that'd be a yes | 15:41 |
| TLoT | but i'm not sure :P | 15:41 |
| TLoT | (it does seem to have been SRU'd though) | 15:41 |
| raub | TLoT: how ot be sure? I have here 12.04.1 TLS and this is what I saw: http://pastie.org/private/am7gc1xqg8xi12r0nr1bg | 15:43 |
| === Guest33844 is now known as balloons | ||
| lunaphyte_ | hi. i have a server running 12.04. i'd like to upgrade to 12.10, to experiment. i don't want to reinstall though. how can i upgrade to 12.10 beta without reinstalling? | 15:57 |
| RoyK | lunaphyte_: do-release-upgrade | 15:58 |
| RoyK | lunaphyte_: that is, do-release-upgrade -d if you want to upgrade before the release | 15:58 |
| RoyK | lunaphyte_: keep in mind that there's now way to roll that back in case something gets messed up, that is, unless you're running on LVM or Btrfs where you can create a snapshot before the upgrade | 15:59 |
| RoyK | if you're running btrfs, there's apt-btrfs-snapshot doing this automatically for you (if it's installed) | 16:00 |
| raub | I was going to mention that: test it out in a vm/lv before going to production so you can snapshot | 16:00 |
| lunaphyte_ | RoyK: thanks. no worries. it's nothing criticial at all. it's a virtual guest anyway, so i can use a snapshot if i decide something is important. | 16:01 |
| RoyK | ok | 16:01 |
| RoyK | just do-release-upgrade -d to upgrade to the beta, then | 16:01 |
| === dendrobates is now known as dendro-afk | ||
| RoyK | that is | 16:01 |
| RoyK | you might need to change /etc/update-manager/release-upgrades | 16:02 |
| RoyK | it's probably set to 'lts' since you're running an LTS release, and then it won't upgrade to a non-LTS-release | 16:02 |
| lunaphyte_ | ah, right. i always forget about that | 16:04 |
| lunaphyte_ | i wish it wouldn't switch it back when the release you're upgrading to is lts | 16:04 |
| RoyK | it's not much of a job to change it back ;) | 16:04 |
| RoyK | personally, I find it comforting that change is done | 16:05 |
| RoyK | on most servers, I like to stick with LTS | 16:05 |
| lunaphyte_ | yeah, it's not a big deal. just annoying because i always forget | 16:05 |
| lunaphyte_ | heh. funny, i'm the opposite. | 16:05 |
| RoyK | lunaphyte_: then probably your servers aren't very critical ;) | 16:05 |
| lunaphyte_ | :) | 16:06 |
| lunaphyte_ | terribly subjective, of course, but they're as critical as anyone else's, sure. | 16:06 |
| RoyK | if they are, better stick with LTS | 16:06 |
| lunaphyte_ | nah. | 16:06 |
| lunaphyte_ | i'd rather upgrade. | 16:06 |
| RoyK | your choice ;) | 16:07 |
| lunaphyte_ | i'm comfortable enough. it's never been a big issue. | 16:07 |
| RoyK | it's another thing, though - I don't want to spend too much time upgrading a bunch of servers every time a new release surfaces | 16:08 |
| RoyK | better spend the time doing useful work ;) | 16:08 |
| ffunenga | Hello everyone, I need help "hacking" my working computer lol. Its behind a fcking NAT and I would like to gain ssh access to it. I've got an home server with dyndns... Do you have any idea? | 16:10 |
| ffunenga | My working computer is at my office | 16:10 |
| RoyK | ffunenga: you need to setup some sort of VPN, like an ssh tunnel to somewhere, from the inside | 16:11 |
| RoyK | ssh tunneling is trivial | 16:11 |
| ffunenga | RoyK: from the inside, I see... nice! thanks | 16:12 |
| RoyK | ffunenga: that is, if it's behind NAT, you can probably setup port forwarding in the router if that's supported | 16:12 |
| ffunenga | RoyK: yes, I've though about that but I don't want to open ports. And the router's admin is a very complicated person. I think your VPN trick is a good idea | 16:13 |
| RoyK | ffunenga: just make sure keepalives are on, and it should be run in a loop so that once disconnected (if you get a new IP address or otherwise) it should reconnect - just setup ssh key authentication so you won't have to type a password | 16:15 |
| charlesroper | hi, could anyone point me to a HOWTO or similar resource containing advice on how to setup permissions for Apache to read files (and write to a few specific ones) and also for a group of devs to be able to read/write all files? | 16:18 |
| charlesroper | I saw this: https://help.ubuntu.com/12.04/serverguide/httpd.html#http-directory-permissions | 16:19 |
| charlesroper | but that has left me unsure as to how to give Apache read access | 16:19 |
| hallyn | smb: hey, are you around? | 16:22 |
| smb | hallyn, yep, why?... | 16:22 |
| hallyn | smb: i just installed a fresh quantal system from netboot image. did not install qemu-kvm. but kvm_intel is loaded | 16:23 |
| hallyn | smb: the problem with that is that /dev/kvm is created, with the wrong perms | 16:23 |
| hallyn | so now if i install qemu-kvm, until a reboot /dev/kvm has the wrong perms. | 16:23 |
| hallyn | (this is, at least, the explanation of bug ) | 16:23 |
| hallyn | so my question is :) do you knwo why it is modprobed by default? | 16:23 |
| hallyn | i didnt think it used to be | 16:24 |
| smb | hallyn, Ah, hm... wonder whether the modules now have aliases... | 16:24 |
| hallyn | hm. ^ that should have said "bug 1057024" | 16:24 |
| uvirtbot | Launchpad bug 1057024 in libvirt "internal error Process exited while reading console log output: char device redirected to /dev/pts/1 error when creating a vm" [High,Confirmed] https://launchpad.net/bugs/1057024 | 16:24 |
| smb | hallyn, Yeah "alias: x86cpu:vendor:*:family:*:model:*:feature:*0085*" | 16:25 |
| smb | So now udev is resolving those | 16:25 |
| smb | (above is for kvm-intel) | 16:25 |
| hallyn | smb: ok so udev needs to have the rule setting its ownership then? | 16:25 |
| smb | hallyn, Either that or maybe libvirt something to change them? Not sure how those are/where done | 16:26 |
| hallyn | smb: qemu-kvm isntalls a udev file :) | 16:26 |
| smb | Aha :) | 16:27 |
| smb | So on install one needs to rmmod/modprobe the kvm module and things would work? | 16:28 |
| smb | Thats why reboot does work... | 16:28 |
| hallyn | smb: right | 16:28 |
| hallyn | smb: which is ugly :) | 16:28 |
| hallyn | if udev ships a file to load kvm_intel, then it shoudl also set the perms | 16:28 |
| hallyn | though, group kvm doesn't exist by default | 16:28 |
| hallyn | hm | 16:28 |
| smb | hallyn, No it does not | 16:28 |
| hallyn | so i guess postinst should just chown it? | 16:29 |
| excalibr | people..would it bad idea to install a deb from quantal on precise which dep libs all met? or i'd better off rebuild the deb on precise? | 16:29 |
| hallyn | still ugly, but ok | 16:29 |
| smb | hallyn, the module now has info to let it load when a certain cpu class is there | 16:29 |
| smb | hallyn, Yeah, probably postinst chown'ing is less ugly | 16:30 |
| hallyn | but wait, that is already being done. | 16:39 |
| smb | hm weird, then it should end up with the right permissions... were the wrong ones only group owner or group access rights? | 16:50 |
| * smb will try in his vm as soon as it has catched up with the rest of packages | 16:51 | |
| frojnd | I'm trying to setup git on one of my servers (ubuntu 12.4) I'm reading help page: https://help.ubuntu.com/community/Git And it stops when installing gitosis. apt manager does not find gitosis package, I've uncommented Canonical's 'partner' repository. | 16:59 |
| sarnold | frojnd: 'apt-cache search gitosis' shows 'gitolite', a similar tool, with a description that includes, "* easy migration from gitosis" -- perhaps gitosis is no longer the favored server | 17:01 |
| streulma | hello, I want to build a network with 3 servers in different datacenters and hosting providers, I will do it with OpenVPN, is it possible ? | 17:03 |
| smb | hallyn, Hm, seems after installation of kvm my /dev/kvm is rw for group kvm... | 17:05 |
| frojnd | sarnold: ok thank you. Now I have to find some kind of instructions to install git server with gitolite | 17:07 |
| hallyn | smb: sorry, i thought i'd commented here, but i only did in the bug. the postinst already *does* the chgrp+chmod | 17:07 |
| hallyn | smb: so my guess is that she has hard disk issues | 17:07 |
| smb | hallyn, Actually you did comment here as well. But some problem with that would just have explained Andy's issues, too | 17:08 |
| smb | And the fact that the module is now loaded before just is something that really has changed between p and q | 17:09 |
| lunaphyte_ | RoyK: thanks for the help. that seems to be just what i was after. | 17:10 |
| streulma | anyone working with GIS ? | 17:14 |
| ScottK | SpamapS: Someone (not me) might want to merge bacula. New upload in Debian with a securty fix (DSA just out). | 17:15 |
| streulma | Is there any Dutch user in the house ? :) | 17:16 |
| SpamapS | ScottK: jamespage is TIL ... :) | 17:17 |
| SpamapS | jamespage: ^^ Bacula needs a merge. | 17:17 |
| ScottK | OK. I figured you'd know who to point that at. | 17:18 |
| SpamapS | ScottK: I'm on "holiday" today :) which means "Only working on stuff that is fun" ;) | 17:18 |
| ScottK | Right. Understood. | 17:18 |
| ScottK | I'm sure making jamespage do work qualifies. | 17:19 |
| SpamapS | especially work on bacula | 17:20 |
| charlesroper | what is the recommended way of setting umask 002 on Ubuntu? | 17:25 |
| charlesroper | for Apache | 17:26 |
| charlesroper | i.e. www-data should have group write permission | 17:26 |
| SpamapS | charlesroper: you want to set the umask to 002 for the apache process? | 17:41 |
| charlesroper | yeah | 17:41 |
| SpamapS | charlesroper: for that you'll need to do so in /etc/init.d;apache2 | 17:42 |
| SpamapS | err | 17:42 |
| SpamapS | /etc/init.d/apache2 | 17:42 |
| charlesroper | ok, thank you | 17:43 |
| charlesroper | SpamapS, I have found advice in various places that says to add `umask 002` to /etc/apache2/envvars | 17:44 |
| charlesroper | is that not a good idea? | 17:45 |
| SpamapS | charlesroper: its just an alternate place to put it | 17:46 |
| SpamapS | charlesroper: sort of makes more sense to me to put it in the init scrip than a thing which is supposed to set environment variables. | 17:47 |
| charlesroper | yeah, I see what you mean | 17:48 |
| sarnold | is 'envvars' loaded by a specific apache module? or is it ready by one or another distribution's initscripts? | 17:48 |
| charlesroper | SpamapS, thanks for the advice | 17:48 |
| charlesroper | :) | 17:48 |
| sarnold | s/ready/read/ | 17:48 |
| === Ursinha_ is now known as Ursinha | ||
| === dendro-afk is now known as dendrobates | ||
| DarkStar1 | Hello all and a good evening. I had this crontab command: mysqldump -u dbuser -p XXXX lt2 | gzip > /home/myname/dbasedumps/`\%d\%m\%Y`lt2.sql.gz | 18:10 |
| DarkStar1 | when I check the dumps, the dates aren't inserted in the naming of the file | 18:10 |
| DarkStar1 | what'd I do wrong? | 18:10 |
| sarnold | heh, I was just going to ask what mechanism supported those... | 18:11 |
| DarkStar1 | so there's no way to insert date into the naming of the file? | 18:11 |
| sarnold | DarkStar1: you _probably_ meant to stuff the date(1) command in there; `date +%y%m%d` | 18:12 |
| DarkStar1 | sarnold: I'll try that thanks | 18:13 |
| jamespage | SpamapS, ScottK: on it first thing tomorrow.... | 18:15 |
| Praxi | Does ubuntu server do anything like DFS? | 18:36 |
| Jeeves_ | glusterfs, maybe? | 18:37 |
| sarnold | Is that ocfs2? | 18:37 |
| Praxi | is that directed at me sarnold? | 18:38 |
| sarnold | Praxi: yeah | 18:38 |
| Praxi | DFS = MS Distributed File System. Its main features I would like to replicate outside of MS, consolidated name space, i.e. server shares have the same name no matter where you go, file replication to keep the shares synced | 18:39 |
| Praxi | I've used DFS in the past for multi site shares | 18:40 |
| sarnold | of course there's also the original, AFS, now http://www.openafs.org/ | 18:41 |
| n2deep_ | I want to strangle whoever messed up grub2 on 12.04 | 19:12 |
| n2deep_ | I have a headless machine sitting at the grub prompt right now, and I have no console access | 19:12 |
| === n2deep_ is now known as n2deep | ||
| devslash | I'm running ubuntu server and have forwarded a few ports to it for different purposes. I have shorewall firewall installed. Are there any other extra precautions that I should take when port forwarding to prevent unauthorized access ? | 19:23 |
| devslash | is anyone here | 19:28 |
| Devo-Kun | What are the ports? | 19:28 |
| devslash | well 22 for ssh using public key auth, 80 for my website and another range for torrent | 19:31 |
| Devo-Kun | You could consider blocking some originating IP addresses for known "bad guys". | 19:32 |
| Devo-Kun | There is a great set of IP Addresses to block available from http://www.iblocklist.com/lists.php | 19:32 |
| Devo-Kun | The IP-Blocklists include the TOP-10 Bad Sites from http://www.DShield.com/ | 19:32 |
| devslash | how would i do that ? | 19:33 |
| Devo-Kun | For ssh, make sure ssh is locked down. And you should consider installing something like Fail2ban. Fail2ban will look at bruteforce attacks against your SSH server and automatically block them. | 19:33 |
| devslash | yea i did install that | 19:34 |
| devslash | using public key auth is more secure right ? | 19:34 |
| Devo-Kun | absolutely. | 19:35 |
| devslash | ok | 19:35 |
| devslash | what about port 80 for apache | 19:35 |
| fusion27 | I never knew about Fail2ban Devo-Kun, thanks for that tip | 19:36 |
| Devo-Kun | I always try to block known-bad originating IP addresses: http://pastebin.ubuntu.com/1268054/ | 19:37 |
| devslash | but i don't use ufw | 19:37 |
| Devo-Kun | ufw would work on your webserver. I'm not familiar with Shorewall, but I'm sure it can be rigged to do something similar. | 19:38 |
| Devo-Kun | What webapp are you hosting on Apache? | 19:38 |
| devslash | something that i have been writing | 19:39 |
| Devo-Kun | PHP, Ruby, Python? | 19:39 |
| devslash | I'm writing a web app to stream music from my server to any browser that supports html5 | 19:39 |
| Devo-Kun | That's cool. | 19:40 |
| devslash | it uses HTML5/JavaScript/jQuery and some PHP to do client to server side communication | 19:40 |
| devslash | the best part is that it doesn't require flash | 19:40 |
| Devo-Kun | You should make sure Apache is locked down as much as possible. Install ModSecurity, remove any modules you aren't using, like ModPerl, disable htaccess files, and make sure the permissions are set correctly on your scripts so that if somebody *does* find a bug they won't get very far. | 19:41 |
| devslash | hmm | 19:41 |
| devslash | is 755 the correct perms | 19:41 |
| Devo-Kun | Set the files to be 0644, set the dirs to 0755, then make sure those files are all owned by your username/usergroup. | 19:43 |
| devslash | not root ? | 19:43 |
| Devo-Kun | Then the webserver will have read-only permissions to the files | 19:44 |
| Devo-Kun | no. not root. Never work as root. | 19:44 |
| fusion27 | Devo-Kun: how do you go about finding which Apache modules aren't in use? | 19:44 |
| devslash | yea I'm looking that up now as we speak | 19:44 |
| fusion27 | I heard ModPerl was a bad one | 19:44 |
| fusion27 | not for security but performance | 19:45 |
| Devo-Kun | Take a look at /etc/apache2/mods-enabled. | 19:46 |
| devslash | i went in there | 19:46 |
| Devo-Kun | You'll see everything that's turned on. | 19:46 |
| devslash | how do i know which ones i need/dont need | 19:46 |
| devslash | i set file/dir perms | 19:47 |
| Devo-Kun | That's harder to figure out. It depends on what you're doing. But the big rocks are the scripting languages. | 19:47 |
| devslash | i need php only | 19:47 |
| devslash | i don't see perl mod in the enable folder | 19:48 |
| Devo-Kun | Since you're working with PHP, you probably didn't install anything like Passenger for Ruby. So you're probably gtg. | 19:49 |
| devslash | no | 19:49 |
| devslash | why would you want to disable htaccess ? | 19:49 |
| Devo-Kun | .htaccess files are powerful things. They can do good things, like redirect people when URL's change, or they can be used to compromise a system. It's generally better to keep anything you'd put in a .htaccess file, like ModRewrite rules, in the virtualhost configuration file. | 19:51 |
| Devo-Kun | ... if it's static enough to not change of course. | 19:51 |
| Devo-Kun | Actually, there's a pretty big speed increase from disabling .htaccess files. | 19:51 |
| devslash | what is the scgi module for ? | 19:58 |
| devslash | Devo-Kun: actually check out this paste bin. those are the currently loaded modules: http://pastebin.com/9JixZc5d | 19:59 |
| Devo-Kun | scgi is an alternative to cgi. You probably aren't using it. You would know if you were. | 20:01 |
| devslash | nope | 20:01 |
| devslash | hmm | 20:02 |
| devslash | i disabled it and when i restart apache i get an error "/etc/apache2/sites-enabled/000-default: | 20:04 |
| devslash | Invalid command 'SCGIMount', perhaps misspelled or defined by a module not included in the server configuration" | 20:04 |
| devslash | can i comment out that line ? | 20:04 |
| devslash | nm | 20:04 |
| devslash | i just remembered what its for | 20:05 |
| Devo-Kun | devslash: out of curiosity, what are you doing with scgi ? | 20:05 |
| devslash | i enabled it once for something i tested but ended up ditching. rtorrent server | 20:06 |
| devslash | i commented it out and its fine now | 20:06 |
| devslash | in my apache config if i have document root as /var/www and then an entry for <Directory /> does that still refer to /var/www ? | 20:08 |
| simmel | Unsure if this is the correct channel for this question, but: I'm trying to generate apparmor profiles using aa-complain and aa-logprof but my profiles are almost completely empty, no rules are generated at all. http://pastie.org/private/uoulvjifwy8dkvpgiwjwsw It probably has something | 20:11 |
| simmel | to do with that I change the rsyslog log format, but I can't find what it's supposed to look like. | 20:11 |
| Devo-Kun | devslash: <Directory /> would actually refer to your root filesystem. Directory refers to paths, Location refers to URL's. | 20:14 |
| devslash | did you see my paste bin ? | 20:15 |
| === benji is now known as Guest8876 | ||
| === cpg|away is now known as cpg | ||
| n2deep | on 12.04 I fixed my /etc/deafult/grub file since the maintainers broke it. Now it's broke again. What gives??? | 21:16 |
| === dendrobates is now known as dendro-afk | ||
| === soren_ is now known as soren | ||
| jpds | n2deep: #define broken, #define fixed. | 21:25 |
| jpds | n2deep: Because I imagine everything works fine, for everyone else. | 21:27 |
| zastaph | I'll have an authorized_keys in every ~/.ssh folder of each user I want to login using PubkeyAuthentication right? | 21:28 |
| jpds | zastaph: Yes. | 21:28 |
| zastaph | whats the status of ZFS in Ubuntu Server ? | 21:31 |
| jpds | zastaph: I think you want: s/Ubuntu Server/Linux kernel. | 21:32 |
| jpds | zastaph: https://en.wikipedia.org/wiki/ZFS#Linux | 21:33 |
| zastaph | on BSD some has better support than others :) | 21:35 |
| rbasak | http://zfsonlinux.org/ maintains Ubuntu packages. These are third party though - not officially part of Ubuntu AFAIK. | 21:45 |
| === dendro-afk is now known as dendrobates | ||
| unixbeard | Hey happy campers! I'm interested in finding out why my latest ubuntu 12.04 server install won't define a default gateway for eth1 based on the eth1 setting in /etc/network/interfaces? I'm also trying to not use ufw and instead use my trusted script of ages that I call in /root/system/iptables.sh from /etc/rc.local. So far I have to reboot, route add default gw <ip> eth1, then /root/system/iptables.sh, for my router to work. | 22:09 |
| unixbeard | What am I doing wrong?! :D | 22:10 |
| SpamapS | unixbeard: can you pastebin your /etc/network/interfaces ? | 22:13 |
| SpamapS | unixbeard: also there's a specific upstart job that is meant to be for applying network interface security... it is a bit confusingly named 'network-interface-security' .. but.. its a good idea to put firewall rules in 'start on starting network-interface-security' upstart jobs. | 22:14 |
| unixbeard | SpamapS, well, hey, sure! | 22:18 |
| unixbeard | SpamapS: http://pastebin.com/igKwEfmg | 22:20 |
| SpamapS | unixbeard: btw, there's an awesome tool in the archive, 'sudo apt-get install pastebinit' .. lets you do 'pastebinit < /path/to/file' .. :) | 22:20 |
| unixbeard | I got two engineers behind me breathing down my neck about that very thing man! | 22:21 |
| SpamapS | unixbeard: that should definitely result in the right gateway on eth1. Are you seeing any errors in /var/log/upstart/network-interface-eth1.log ? | 22:22 |
| unixbeard | From earlier. | 22:23 |
| unixbeard | When I reboot, I don't get a default gateway, so I have to manually add it with route add default gw <ip> eth1. Then I also have to re-run /root/system/iptables.sh, because iptables -L lists ~no rules~ | 22:23 |
| unixbeard | Those are the two problems I'm trying to puzzle out. | 22:23 |
| SpamapS | unixbeard: yes, so, do you have errors in /var/log/upstart/network-interface-eth1.log ? | 22:27 |
| unixbeard | no! | 22:27 |
| SpamapS | unixbeard: ok, thats the stdout of 'ifup eth1' .. which is what interprets /e/n/interfaces | 22:28 |
| unixbeard | Well man, the eth0, eth1, eth1:2 through 7 all come up, but no default gateway when it boots and I log in and type route -n, and my iptables is empty.... | 22:30 |
| unixbeard | The /etc/rc2.d/S99rc.local calls /etc/rc.local, which has execute bits set, which calls /root/system/iptables.sh, which has all the rules that work etc. | 22:31 |
| unixbeard | Well it should call it | 22:31 |
| unixbeard | But when I log in and iptables -L, there are no rules. | 22:31 |
| unixbeard | So every time I boot I have to add the default route and then run that script. | 22:31 |
| TJ- | unixbeard: can I see the current interfaces file? | 22:32 |
| unixbeard | http://pastebin.com/qy1GgijW | 22:33 |
| unixbeard | TJ- sorry I set it to expire after 10 minutes :( | 22:33 |
| unixbeard | well | 22:35 |
| unixbeard | bbiab! | 22:35 |
| TJ- | unixbeard: what happens if you down eth1 then bring it up? is the gateway set then? "sudo ifdown eth1 && ifup eth1" - trying to figure out if for some reason ifup is ignoring the "gateway a.b.c.d." | 22:36 |
| unkmar | TJ-: we will check in a moment. | 22:41 |
| TJ- | unkmar: The other thing to check is that the upstart script for "network-interface.conf" is being executed, since it is responsible for calling "ifup" on each interface that is added | 22:42 |
| === chincloud is now known as Guest66307 | ||
| unkmar | I think it is a delay issue. | 22:48 |
| TJ- | what is the routing table when the server starts, before you manually issue the route command? ("ip route show") | 22:51 |
| martinphone | admins use firewalls to block incoming mail, right? | 23:02 |
| virusuy | hi ! | 23:03 |
| virusuy | martinphone, block incoming mails? | 23:04 |
| virusuy | normal mails or spam ? | 23:04 |
| martinphone | normal regular mails | 23:05 |
| sarnold | martinphone: firewalls are to provide access controls between who is allowed to use which services across network boundaries | 23:05 |
| sarnold | martinphone: that might be disabled windows shares, allowing bittorrent, allowing email to and from specific servers, etc. everything. | 23:05 |
| martinphone | I was in college, I was a ble to use tor with xchat to chat, but 4 days later they blocked that port, they used their firewall | 23:06 |
| martinphone | now, Im using a tormail account to communicate with a teacher from an uni, and he hasnt answered. Its been a week, and this is very rare, because this teachers usually responds very fast. My 2 cents: the admin identified the "tormail.org" incoming mail as spam, simply because it is not a hotmail | 23:07 |
| martinphone | or, alternatively, the port | 23:07 |
| martinphone | am I misguided? | 23:08 |
| virusuy | probably their mailserver catch your email as spam | 23:09 |
| SpamapS | martinphone: in the absence of data, resist the urge to guess | 23:09 |
| martinphone | virusuy, I was able to get 2 answers using that tormail account | 23:09 |
| unkmar | TJ-: we were ssh into server before boot scripts were finished running. | 23:09 |
| SpamapS | martinphone: you really have no way of knowing. | 23:09 |
| martinphone | meaning I believe a human manually blocked it for all the wrong reasons | 23:10 |
| sarnold | martinphone: it could be caught as spam either by source (say, using an RBL to block spamhosts) or content (spamassassin throws away anything with a score above 5 -- html is worth 1, loading images is worth another 1, etc...) | 23:10 |
| martinphone | sarnold, this was plain utf8 text, no eye candy | 23:10 |
| unkmar | TJ-: we just didn't wait long enough. | 23:10 |
| TJ- | unkmar: weird... The interfaces must be stalling on something else then. They should be up real early | 23:10 |
| sarnold | martinphone: did you use the word 'enhance' in your mail? :) some admins throw away all mails with the word 'enhance'. (I kid you not.) | 23:12 |
| martinphone | sarnold, no, it was all written in portuguese with some chinese | 23:12 |
| martinphone | whats with the word enhace? | 23:12 |
| sarnold | martinphone: 'enhance your member' or 'enhance your love life'... | 23:13 |
| SpamapS | chinese? | 23:14 |
| SpamapS | martinphone: was this to a usually english speaking person? | 23:14 |
| martinphone | a lol | 23:14 |
| SpamapS | There has been a ridiculous amount of chinese-only spam lately | 23:14 |
| martinphone | no, he is a native portuguese | 23:14 |
| martinphone | he is a university teacher ffs | 23:14 |
| martinphone | so a firewall can be configured to filter out every incoming mail with any chinese character... | 23:15 |
| TJ- | firewalls will generally only block or allow access to ports, unless there's some extreme DPI going on, they leave it to the servers on the ports to do any connect/content dropping | 23:17 |
| sarnold | indeed | 23:18 |
| static09 | Also depends on the firewall type | 23:21 |
| === psivaa_ is now known as psivaa | ||
| === TJ- is now known as IamNotReallyTJho | ||
| === IamNotReallyTJho is now known as TJ- | ||
| === Ursinha_ is now known as Ursinha | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!