=== Guest12076 is now known as yeats
=== megha is now known as Guest99477
=== alex88_ is now known as alex88
ruben231hi guys03:53
Iapetusbastebin for wads of text right?05:58
IapetusI'm trying to set up a L4D2 ubuntu server, I have most of it correct but I'm missing something and confused05:59
lifelesspastebin, yes06:03
Iapetusanyone alive in here?06:03
Iapetusthere it is06:03
IapetusI need to add my steam user ID to the srcds_run file don't I?06:09
Iapetusand pass06:09
Fieldyit's a proprietary app last i knew of, consider asking their own support06:10
lifelessIapetus: I don't know anything about running L4D2 servers, sorry; it is unlikely that folk here will know, because it isn't open source.06:11
lifelessIapetus: I would look on the steampowered forums06:11
Iapetuswell balls, thanks, i'll go hunting06:11
lifelessIapetus: you might try the -debug option the program recommends06:13
Iapetusyup, saw that in something I googled a bit ago, required a plugin of some sort. Didn't get to it yet. Also bugger no sticky on the steampowered about ubuntu! BOOO06:15
Neytirii am having a issue getting my bind server to start getting the error: permission denied on opening the config files06:22
overriderHello. I am on 10.04, how do i get a more recent version of php on my server? Is there some repo i can without fear of breakage?06:47
Neytiriapt-get install php507:00
overriderNot quite the newest php507:18
=== hachre1 is now known as hachre
QuebertMorning everyone12:10
[twisti]hey, when i log into my ubuntu lts 12.04, i get this: *** /dev/md2 will be checked for errors at next reboot *** for all my partitions. but i just sudo reboot'ed, and it just rebooted in the normal time, and still says that.12:31
=== hggdh is now known as hggdh_
[twisti]the answer at http://askubuntu.com/questions/182804/12-04-indicates-filesystem-check-on-next-boot-but-never-does-one sounds sensible, but im worried that the fsck will sit there with something like "found errors, want me to fix them? y/n"12:32
[twisti]its a headless server, so that would effectively brick it12:32
=== hggdh_ is now known as hggdh
maxbDo you have a reason to distrust the system boot scripts that much12:38
[twisti]none at all12:39
[twisti]but it doesnt say anywhere that fsck at boot time is non interactive12:39
[twisti]before i brick our server id like a better reason to assume it will run without interaction than "maybe we'll get lucky"12:40
[twisti]in my experience, things that check hdds ask for user input if they find anything out of the usual12:42
[twisti]i have no reason to assume that fsck is any different12:42
=== hggdh is now known as hggdh_
Hoffa_need help with an openfiler OS krasch12:46
Hoffa_need help12:49
Hoffa_is there anyone who knows anything about mdadm12:59
clacomorning. I'm looking for the right place to report issues with a real live ubuntu.com servers.13:59
=== glebihan_ is now known as glebihan
syncsys_Can any one tell a package / app for getting network stats/ speed for individual ports numbers . (it would be much  better if it would be web based)?15:06
=== syncsys_ is now known as Quest
=== bastidra1or is now known as bastidrazor
Questcan anyone tell why in iptraf in port 80 (breakdown by ports) the "in" is always zero and the "out" at bottom shows speed stats for download and for upload as well. on other strange thing. its showing download and upload . both speeds in "out"  and  "in" in is  0 ..  ?15:59
Questanyone home?17:05
X-ianI need to stop postfix from delivering mail temporarily while still accepting incoming mails18:33
geoffthallyn: (or anyone else) Is there current work on libtpms + qemu packaging?18:49
Questi cannot connect to freenx server by nx client. it quites at establishing display.18:50
geofftppa:serge-hallyn/tpm is kinda old. (Also some parts of this landed in upstream qemu very recently)18:51
elnuranyone using ksplice? if yes, how's the experience?18:54
Questfor LAN file sharing for Linux as server and windows as most clients.  simple sftp:/ip  from windows would be suffice (provied every user has an acccount in the server and a home folder) ? or an ftp server is needed? 2. what is fast and how much generally, sftp of ftp?21:01
RoyKQuest: if   you want to share data between a linux server and windows clients, use samba21:15
RoyK!samba | Quest21:15
ubottuQuest: Samba is the way to cooperate with Windows environments. Links with more info: https://wiki.ubuntu.com/MountWindowsSharesPermanently and https://help.ubuntu.com/12.04/serverguide/C/windows-networking.html - Samba can be administered via the web with SWAT.21:15
QuestRoyK,  samba cant give acces over wan internet21:18
Questwe need that21:18
Questwhat different is vsftpd from ftp over openssh server?21:19
RoyKtraditional ftp sends passwords in cleartext21:19
RoyKyou really don't want that21:19
RoyKjust setup ssh and have the clients use filezilla21:19
Questvsftpd and  ftp over ssh is  same underneath.    s ftp.21:20
Questya that what i meant21:20
RoyKwith ftp over ssh, sshd controls the business21:20
geofft"sftp" is a misnomer, it involves no FTP at all.21:20
RoyKwith vsftpd, you can choose between traditional plaintext ftp or ftp over ssl21:21
geofftYou might be thinking of "ftps", which is to ftp what https is to http.21:21
geofftsftp is an SSH thing with no relation to FTP servers or FTP clients21:21
geofftalthough many FTP clients also, independently, happen to support SFTP too21:21
RoyKQuest: just setup ssh and forget about the ftp server21:21
RoyKQuest: then setup rssh if you want to limit the clients' access to other parts of the system21:22
Questsftp is bascially ftp over ssl and file transfer over ssh is on 22 and does the same as ftp21:23
maxbsftp is not really ftp over ssl21:23
RoyKQuest: no, sftp is the built-in ftp-like thing in ssh21:23
geofftSSH doesn't involve SSL.21:24
PiciSFTP != FTPS21:24
* RoyK hands out popcorn21:24
geofft(I kind of wish they'd picked a different name for sftp.)21:25
Questwhats the difference b/w ftp server like vsftpd and ftp of ssh (i typed sftp:// for access over ssh)21:26
Questand whats the advantage of an ftp server ls vsftpd21:26
Quest3. how to restrict users not going outside their /home dir if ftp over ssh is used.21:27
RoyK23:22 < RoyK> Quest: then setup rssh if you want to limit the clients' access to other parts of the system21:27
geofftYou can restrict users to just running sftp-server as the target command, I believe.21:28
geofft(I'm not familiar with rssh, but it sounds likely to work too)21:28
RoyKwe use it for 17k users at work21:28
QuestRoyK,  rssh? whats that. similar to open ssh?21:29
RoyKQuest: try man rssh first, please21:29
QuestRoyK,  no manual. please inform21:29
RoyKthen install it21:29
Questgeofft,  any ftp server will do like vsftpd?21:30
QuestRoyK,  is it just an ssh server like open ssh server is?21:30
Questrssh is a restricted shell, used as a login shell, that allows users to perform only scp, sftp, cvs,21:31
geofftQuest: I'm not familiar with vsftpd, I haven't used it.21:31
Questgeofft,  but you meant an sftp server?21:31
RoyKQuest: http://bit.ly/Z0jxk121:31
geofftQuest: The SFTP server is part of the SSH server21:31
QuestRoyK,  rssh is a restricted shell, used as a login shell, that allows users to perform only scp, sftp, cvs,21:32
geofftQuest: If you want to run SFTP (instead of FTPS), you don't need a separate FTP / FTPS server21:32
PiciSFTP is poorly named. It is not an FTP server, although many things that function as FTP client are able to connect to it if they have the proper support.21:32
geofftQuest: It sounds like it is worthwhile for you to do some googling about SFTP and securing SSH, or about FTPS21:33
geofftQuest: If you intend to deploy this across the WAN, you should be very confident you understand the security of what you're deploying21:33
QuestPici,  oh. so sftp is just file transefer over ssh?21:33
PiciFTPS is horrible and no one should use it.21:33
RoyKQuest: if your users have ssh login access, they can access anything they are given access to, also for file transfer21:33
RoyKQuest: if your users only need file transfer, rssh is good21:33
PiciQuest: essentially.21:33
geofftQuest: I don't think the scattered advice of folks on an IRC channel is sufficient for setting up a secure file server.21:34
RoyKgeofft: I don't think FUD is any better :P21:34
geofftSure. I'm not trying to spread FUD -- there are good ways to learn about this21:35
geofftAnd they're all reasonable for being in a good position to set up a server.21:35
QuestRoyK,  doesnt an sftp server like vsftpd restricts users to get out of their /home dirs by default?21:35
geofftI'm just pointing out that IRC is a bad way.21:35
RoyKQuest: no, rssh does21:35
PiciQuest: vsftpd is not an SFTP server.21:35
QuestPici,  what is it then?21:35
QuestPici,  its an ftps server theN?21:35
geofftvsftpd is an FTP or FTPS server21:35
RoyKQuest: but if your users have ssh login access already, they can get whatever they can access out of there by other means21:35
PiciQuest: what geofft said.21:36
geofftOh, I guess the fact that "vsftpd" contains "sftp" in its name is also confusing :-(21:36
RoyKQuest: so, please, tell us, do your users have ssh login access?21:36
Questok. 2nd last question. can windows explorer get sftp and ftps dirs ?21:36
geofftWindows Explorer cannot.21:36
RoyKQuest: no, but filezilla can21:37
geofftFrankly there are few good solutions for Windows file access across a WAN21:37
PiciQuest: fyi, getting connected to an FTPS server if you are behind a corporate firewall is hell.21:37
geofftI suspect SMB will work as well as anything. You could also try using WebDAV over https, but performance is very poor on Windows21:37
RoyKgeofft: well. SMB2 works well over a closed WAN21:37
RoyKover the internet - wouldn't dare it21:37
Questand last question. 1. I need WAn and LAn access for users, 2. i will not give users a login to console. just make their /homes and login pass. 3. i have encrypted their /homes 4.21:38
RoyKQuest: rssh21:38
QuestRoyK,  explorer cant do for both? i remember i did sftp or ftps once in windows exploror21:39
RoyKno, explorer can't21:39
RoyKfilezilla can21:39
QuestRoyK,  ok21:39
Piciexplorer (iexplore) can do straight ftp.21:39
RoyKQuest: when you say "over wan", do you mean "over internet" or "over a closed wan"?21:39
Questand what do i need. sftp or ftps?21:39
QuestPici,  not iexplorer. windows explorer21:40
QuestRoyK,  ^21:40
RoyKQuest: !21:40
Questok. period..21:40
Questi recall the period21:40
PiciQuest: sftp is what we suggest. If you want ftps you're on your own.21:41
PiciRoyK suggests doing this with rssh, as he has said many, many times.21:41
QuestPici,  ok. why ftps is discouraged?21:41
RoyKQuest: can you please take an advice for once?21:41
QuestRoyK,  i do need to configure rssh. ? ( i may want some users to rom around outside /home21:42
RoyKssh combined with rssh is very secure21:42
RoyKQuest: then google it21:42
QuestRoyK,  ofcourse. your advice is admired21:42
RoyKit's not hard21:42
PiciQuest: In my experience, it works horribly.  Extra configuration for clients needs to be done if you are behind a corporate NAT.21:42
Picirather, if the clients are behind a nat21:42
PiciI've spent many hours trying to get things working at my employer, where I need to upload files to other companys' FTPS servers.21:43
PiciWith SFTP, things just work the first time.21:43
Questhm great21:43
RoyKPici: out of interest - what would be troublesome with NAT for FTPS? It's just TCP, after all21:47
geofftI think the security story (in terms of vulnerabilities in the server) for OpenSSH is a lot better, btw21:47
QuestPici,  RoyK  I have read a bit tutorials about adduser and useradd. and chatted in freenode. i still didnt got an expert answer on how 1. to add a user as is added by default by ubuntu GUI with prober /home/userlongname  constructing the /home and the .files dot file like .cashe . bash etc      and 2. how to add a user with /home but no priviliges and NO console login . just files in his folder (for sftp)21:48
RoyKQuest: using a gui isn't really a server question21:48
geofftRoyK, Pici: isn't this the active/passive FTP nonsense?21:48
geofftQuest: the "adduser" command should do #121:48
RoyKgeofft: ah - right - you need a nat helper etc etc etc21:49
RoyKftp sucks rather badly at nat21:49
PiciRoyK: From what I understand (and I don't feel like researching it in detail this moment) is that the additional port needed for extra communication between your client and the FTPS server is sent encrypted between yourself and the ftps server. So if you don't have the right range of ports open for that particular ftps server's configuration, it just won't work.21:49
QuestRoyK,  ya. thats why i need console21:49
RoyKPici: makes sense21:49
geofftQuest: http://www.debian-administration.org/articles/9421:49
Questgeofft,  whats better. add user or useradd21:50
geofftQuest: looks like the comments in that page suggest using rssh for #221:50
RoyKuseradd -m blah21:50
geofftQuest: on Ubuntu / Debian, "adduser" does everything. "useradd" creates the account but doesn't initialize it21:50
geofftQuest: I basically always use "adduser"21:51
Piciadduser should generally be used unless you want to do something special.21:51
RoyKgeofft: well, useradd -m creates the user, adds it to its default group, creates the homedir, copies /etc/skel there etc21:51
geofftOh, does -m do that? Good to know21:51
RoyKman useradd ;)21:51
RoyK-m == create homedir21:52
geofftI just use adduser, or edit /etc/passwd by hand :-)21:52
QuestRoyK,  useradd -m dont give bash as its defual shel21:52
RoyKQuest: edit /etc/default/useradd21:52
Questgeofft,  useradd" creates the account but doesn't initialize it ? whats that mean21:52
RoyKQuest: it just means geofft hasn't rtfm21:53
geofftI have in fact never rtfm for useradd since I haven't had a use for it :)21:53
RoyKwell, then don't blame it21:54
Questhow users are added in all linux distros? ubuntu is different?21:54
geofftI think all Debian-based distros do the same thing with adduser and useradd.21:55
geofftRed Hat-based distros tend to just have adduser as an alias for useradd. I don't know if it's the same useradd.21:55
Questin user add and add user . when the password is set? and can i just give the login name to clients and ask them to setup their password themselft?21:55
Questat first login i mean21:55
* Quest thanks all in advance!21:56
Questoh yes. most important question. I need to auto block ssh acces to ips that repeatedly entered incorrect login passwords 5 or 7 times21:58
RoyKon redhat, adduser is a symlink to useradd21:59
RoyKadduser is a debian thing, it's a wrapper script22:00
Picihmm, indeed it is.  /me adds to notes22:00
Pici(perl, for those playing at home)22:00
geofftQuest: I've heard of fail2ban and DenyHosts used for this, but I've never used either22:00
RoyKQuest: I use denyhosts22:01
PiciI use fail2ban.22:01
RoyKdefault config is a bit nazi - perhaps good to slow it down a bit22:01
PiciI haven't thoroughly researched either though, but it works well with zero config for me.22:01
RoyKthe good thing about denyhosts, is that it works distributedly22:01
RoyKso you can deny a host from all your servers if it tries n times on one machine22:02
RoyKboth work, though22:02
Questneed easy for starters22:03
QuestPici,  oh so no need to config it?22:04
PiciQuest: correct.22:04
PiciThe defaults are sane.22:04
Questit bans 5 incorrect logins for how much time by default?22:04
Questjust a rought i dea Pici22:05
Questi hope it works for every ssh based app. which includes sftp22:05
geofftYes. sftp happens by opening an ssh connection and requesting an sftp-server instead of requesting a shell22:06
jgcampbell300is it ok to ask questions about ispconfig3 here ?22:06
RoyKQuest: omg, can you just try to read the config before asking? or the manual? or google it?22:06
Questya.. i should not get consious22:06
RoyKgood idea22:07
Questhas anyone happen to run freenx or vnc4server?22:07
RoyKweren't you in the process of learning how to secure your server?22:08
QuestI wonder apps like  spotflux.com and hotspotshield  use what protocol. https i guess?22:09
* RoyK ignores Quest 22:09
QuestRoyK,  yes. and a remote gui is an addon22:09
Questin daily work.22:10
maxbIs there any way to safely flush the history stored in an LVM2 metadata area? I have a weird GRUB issue and I'd like to eliminate the possibility it's reading an old version of the LVM metadata22:10
Questand https is for filtering  services which lets browsing facebook.com  if its blocked in firewall for example22:10
Questright Pici  and geofft ?22:11
* RoyK wonders if Quest is a bot22:12
geofftQuest: no idea, never used those services22:13
RoyKmaxb: what's the issue?22:14
maxbgrub-probe is returning some warning like: grub-probe: warning: Couldn't find physical volume `pv1'. Some modules may be missing from core image..22:14
maxbThe system boots, but I'm interested in figuring out what grub is unhappy about22:15
RoyKdid you upgrade from an older version?22:15
maxbYes, but the warnings didn't start appearing precisely then22:16
maxbI guess I could force pvcreate to reinitialize the on-disk metadata from a backup file22:17
RoyKmaxb: single drive?22:18
QuestRoyK,  adduser -m makes the default shell as sh. it should be bash.  any solution Pici ?22:21
RoyKQuest: do you even read what I write?22:23
RoyK23:52 < RoyK> Quest: edit /etc/default/useradd22:23
geofftQuest: I think you're wearing folks' patience thin. If you're unfamilar with the process of getting answers to these questions, you can ask22:25
geofftQuest: But I'm pretty sure nobody has told you anything that's unavailable in package man pages, Wikipedia, HOWTOs, debian-administration.org, etc. etc. etc.22:25
geofftQuest: And you'll get more thorough answers that way.22:26
QuestRoyK,  iam talking about add use rnot useradd . /etc/default/useradd is for useradd. it says SHELL=/bin/sh22:27
RoyKtried to change it?22:27
Questwhy should why when 1. i use adduser and not useradd 2. users added by GUI have bash. why?22:28
Questgeofft,  those articales made me confuse. you guys solved it22:29
geofftQuest: as mentioned earlier, adduser is a wrapper around useradd22:29
Questif i have not insisting questions though.22:29
geofftQuest: The GUI tool probably has different defaults.22:29
Questgeofft,  hm22:29
Questso I did needed to change the sh to bash22:29
Questgeofft,  how to add the user , make /home but dont allow it to login /home folder. (only login to sftp by ssh)?22:30
Questis there a way22:30
RoyKQuest: before you complain any more - try to add the file I've mentioned a couple of times - try to add a user22:32
Questi have22:32
RoyKand it worked?22:32
geofftQuest: Did you read the article I linked earlier and the comments?22:32
Questit made the account but i can login.22:32
geofftQuest: Did you look at rssh, which RoyK has recommended a few times?22:32
RoyKgeofft: I don't think Quest reads anything we link to, he just asks here22:33
Questgeofft,  RoyK  is rssh the only way. if i recall correct . there are other ways not to make the user login console?22:33
geofftQuest: There are lots of ways. Is there a problem with rssh?22:33
RoyKQuest: can you spell google?22:33
Questgeofft,  i have mostly read it22:33
geofftHave you tried it?22:34
Questgeofft,  by ways. i mean natvie ways. not third party apps like rssh22:34
geofftInstall it on a machine, set it up, see if it does what you want.22:34
Questrssh is good. but iam asking for learning22:34
geofftYou can see what rssh does.22:34
geofftLook at the configuration changes it makes, or look at its source. No better way to learn. :)22:34
geofftif you haven't read the sshd_config manpage, read that too22:35
Questthere is no native way?22:35
geofftit's incredibly dense, but everything's in there22:35
Questi mean a way (if i recall) that was some arg at adduser/useradd22:35
geofftDid you see the debian-administration.org article I linked to?22:35
RoyKgeofft: just trop it - Quest will just ask here - he doesn't read22:35
geofftIt talks about a way to do this that doesn't involve using rssh.22:35
Questok. if you guys are annoyed. ill stop asking22:36
Questgeofft,  whats that. i missed it22:36
geofftEr, that's the entire article.22:36
RoyKany ops around?22:37
PiciQuest: they're annoyed.  We're here to help, and it seems you're ignoring advice that has already been said and asking again.22:39
Questadvice admired and regarded. stoped asking22:39
Picithank you.22:39
Questdid i said thank you to RoyK ?22:40
RoyKQuest: maybe - but I'd still say "read the manual, google it" etc before asking too much in here22:40
Questmy question was valid. as sftp is command execution. and so is same as ssh. if i need sftp but dont want to console login. even rssh might not help (just making a jail around /home is not enough)22:42
RoyKQuest: as I said22:42
geofftQuest: Why "might not help"? Have you tried it?22:43
Pici"rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. It now also includes support for rdist, rsync, and cvs. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that."22:43
RoyKPici: don't help him - he may even find the command "man" one day22:44
PiciRoyK: if I don't help then I'm going to say things that I might regret.22:44
geofftspecifically the "Before you ask" section.22:45
QuestPici,  great!!!22:45
QuestRoyK,  just saying rssh does it. is less better than what Pici  explain. now iam confident.22:45
Questi was nervous22:46
Questbut thanks alot RoyK22:46
PiciQuest: fyi, that was a direct quote from rssh's website. which you could have looked for yourself. It took me two seconds to find it.22:46
geofftQuest: All of us here learned what we know by reading documentation and trying things.22:48
Questlooked. not quit efficeitly looked as a start. contrary to you22:48
Quest the ssh-terminal can be locked out, by adding <sftplib> to /etc/shells, and setting that shell for the user logon22:48
geofftQuest: It takes time. I've been sysadminning ssh for years. But I now know it very well.22:49
geofftQuest: You're going to get better answers by reading things slowly and being patient with web searches than expecting other people to do things for you.22:49
geofftGuessing at the purpose behind your questions, you're trying to do something very complicated.22:50
geofft(thinking about the file transfer question, and the FreeNX question, and ...)22:50
geofftThat's fine! You can do complicated things with Linux.22:50
geofftIt will just take you more than a few hours to learn how to do.22:50
geofftAnd especially for things like secure file transfer and remote logins, you want to make sure you understand it.22:50
Questtring to assemble a huge server in two days22:51
geofftBecause otherwise you risk setting up the security wrong.22:51
Picigeofft: thanks for explaining this all :)22:51
Questi have already done network reporting. now with these things22:51
geofftAgain, you totally _can_ understand it. It's just not the sort of thing you want to try to rush to understand22:51
Quest2 day deadline is  a rush22:51
geofftI would not feel confident setting up a remote file access + networked login server in two days, even knowing what I do about these things.22:52
geofftI would feel confident in taking, oh, maybe a week to set up a dev server.22:52
Questam i correct about  the ssh-terminal can be locked out, by adding <sftplib> to /etc/shells, and setting that shell for the user logon22:52
geofftI don't know.22:52
geofftI mean, I could think about it, and figure it out, but I'm not the one doing this project. :-)22:53
geofftAnd it will take me more than five seconds to figure that out.22:53
Picibut after that week you'd know what to do and probably know how to fix many of the problems that might occur after it is live.22:54
geofftDepending on the constraints of your project, you might also want to hire an experienced sysadmin / consulting firm to do this22:54
geofftand to maintain its security long term22:54
geofftbut anyone you could hire that's worth hiring will refuse to do it in a mere two days.22:54
QuestPici,  ya22:55
=== Ursinha_ is now known as Ursinha
Questjust to confirm, geofft  pici that its a good practice . to not allow console login for a user23:03
Quest    change the user's shell to /bin/false (in /etc/passwd)23:03

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!