=== Guest12076 is now known as yeats === megha is now known as Guest99477 === alex88_ is now known as alex88 [03:53] hi guys [05:58] Hello! [05:58] bastebin for wads of text right? [05:59] I'm trying to set up a L4D2 ubuntu server, I have most of it correct but I'm missing something and confused [06:03] pastebin, yes [06:03] anyone alive in here? [06:03] http://pastebin.com/NcrcHJC7 [06:03] there it is [06:09] I need to add my steam user ID to the srcds_run file don't I? [06:09] and pass [06:09] right? [06:09] what [06:09] what [06:10] it's a proprietary app last i knew of, consider asking their own support [06:11] Iapetus: I don't know anything about running L4D2 servers, sorry; it is unlikely that folk here will know, because it isn't open source. [06:11] Iapetus: I would look on the steampowered forums [06:11] well balls, thanks, i'll go hunting [06:13] Iapetus: you might try the -debug option the program recommends [06:15] yup, saw that in something I googled a bit ago, required a plugin of some sort. Didn't get to it yet. Also bugger no sticky on the steampowered about ubuntu! BOOO [06:22] i am having a issue getting my bind server to start getting the error: permission denied on opening the config files [06:47] Hello. I am on 10.04, how do i get a more recent version of php on my server? Is there some repo i can without fear of breakage? [07:00] apt-get install php5 [07:18] Not quite the newest php5 === hachre1 is now known as hachre [12:10] Morning everyone [12:31] <[twisti]> hey, when i log into my ubuntu lts 12.04, i get this: *** /dev/md2 will be checked for errors at next reboot *** for all my partitions. but i just sudo reboot'ed, and it just rebooted in the normal time, and still says that. === hggdh is now known as hggdh_ [12:32] <[twisti]> the answer at http://askubuntu.com/questions/182804/12-04-indicates-filesystem-check-on-next-boot-but-never-does-one sounds sensible, but im worried that the fsck will sit there with something like "found errors, want me to fix them? y/n" [12:32] <[twisti]> its a headless server, so that would effectively brick it === hggdh_ is now known as hggdh [12:38] Do you have a reason to distrust the system boot scripts that much [12:38] ? [12:39] <[twisti]> none at all [12:39] <[twisti]> but it doesnt say anywhere that fsck at boot time is non interactive [12:40] <[twisti]> before i brick our server id like a better reason to assume it will run without interaction than "maybe we'll get lucky" [12:42] <[twisti]> in my experience, things that check hdds ask for user input if they find anything out of the usual [12:42] <[twisti]> i have no reason to assume that fsck is any different === hggdh is now known as hggdh_ [12:46] need help with an openfiler OS krasch [12:49] hello [12:49] need help [12:49] #openfiler [12:59] is there anyone who knows anything about mdadm [13:59] morning. I'm looking for the right place to report issues with a real live ubuntu.com servers. === glebihan_ is now known as glebihan [15:06] Can any one tell a package / app for getting network stats/ speed for individual ports numbers . (it would be much better if it would be web based)? === syncsys_ is now known as Quest === bastidra1or is now known as bastidrazor [15:59] can anyone tell why in iptraf in port 80 (breakdown by ports) the "in" is always zero and the "out" at bottom shows speed stats for download and for upload as well. on other strange thing. its showing download and upload . both speeds in "out" and "in" in is 0 .. ? [17:05] anyone home? [18:33] I need to stop postfix from delivering mail temporarily while still accepting incoming mails [18:49] hallyn: (or anyone else) Is there current work on libtpms + qemu packaging? [18:50] i cannot connect to freenx server by nx client. it quites at establishing display. [18:51] ppa:serge-hallyn/tpm is kinda old. (Also some parts of this landed in upstream qemu very recently) [18:54] anyone using ksplice? if yes, how's the experience? [20:54] dracula [21:01] for LAN file sharing for Linux as server and windows as most clients. simple sftp:/ip from windows would be suffice (provied every user has an acccount in the server and a home folder) ? or an ftp server is needed? 2. what is fast and how much generally, sftp of ftp? [21:15] Quest: if you want to share data between a linux server and windows clients, use samba [21:15] !samba | Quest [21:15] Quest: Samba is the way to cooperate with Windows environments. Links with more info: https://wiki.ubuntu.com/MountWindowsSharesPermanently and https://help.ubuntu.com/12.04/serverguide/C/windows-networking.html - Samba can be administered via the web with SWAT. [21:18] RoyK, samba cant give acces over wan internet [21:18] we need that [21:19] what different is vsftpd from ftp over openssh server? [21:19] security [21:19] traditional ftp sends passwords in cleartext [21:19] you really don't want that [21:19] just setup ssh and have the clients use filezilla [21:20] vsftpd and ftp over ssh is same underneath. s ftp. [21:20] ya that what i meant [21:20] no [21:20] with ftp over ssh, sshd controls the business [21:20] "sftp" is a misnomer, it involves no FTP at all. [21:21] with vsftpd, you can choose between traditional plaintext ftp or ftp over ssl [21:21] You might be thinking of "ftps", which is to ftp what https is to http. [21:21] sftp is an SSH thing with no relation to FTP servers or FTP clients [21:21] although many FTP clients also, independently, happen to support SFTP too [21:21] hm [21:21] Quest: just setup ssh and forget about the ftp server [21:22] Quest: then setup rssh if you want to limit the clients' access to other parts of the system [21:23] sftp is bascially ftp over ssl and file transfer over ssh is on 22 and does the same as ftp [21:23] right? [21:23] sftp is not really ftp over ssl [21:23] Quest: no, sftp is the built-in ftp-like thing in ssh [21:24] SSH doesn't involve SSL. [21:24] SFTP != FTPS [21:24] * RoyK hands out popcorn [21:25] (I kind of wish they'd picked a different name for sftp.) [21:26] whats the difference b/w ftp server like vsftpd and ftp of ssh (i typed sftp:// for access over ssh) [21:26] confusing [21:26] and whats the advantage of an ftp server ls vsftpd [21:27] 3. how to restrict users not going outside their /home dir if ftp over ssh is used. [21:27] 23:22 < RoyK> Quest: then setup rssh if you want to limit the clients' access to other parts of the system [21:28] You can restrict users to just running sftp-server as the target command, I believe. [21:28] (I'm not familiar with rssh, but it sounds likely to work too) [21:28] we use it for 17k users at work [21:29] RoyK, rssh? whats that. similar to open ssh? [21:29] Quest: try man rssh first, please [21:29] RoyK, no manual. please inform [21:29] then install it [21:30] geofft, any ftp server will do like vsftpd? [21:30] RoyK, is it just an ssh server like open ssh server is? [21:30] y/n [21:31] rssh is a restricted shell, used as a login shell, that allows users to perform only scp, sftp, cvs, [21:31] Quest: I'm not familiar with vsftpd, I haven't used it. [21:31] geofft, but you meant an sftp server? [21:31] Quest: http://bit.ly/Z0jxk1 [21:31] Quest: The SFTP server is part of the SSH server [21:32] RoyK, rssh is a restricted shell, used as a login shell, that allows users to perform only scp, sftp, cvs, [21:32] Quest: If you want to run SFTP (instead of FTPS), you don't need a separate FTP / FTPS server [21:32] SFTP is poorly named. It is not an FTP server, although many things that function as FTP client are able to connect to it if they have the proper support. [21:33] Quest: It sounds like it is worthwhile for you to do some googling about SFTP and securing SSH, or about FTPS [21:33] Quest: If you intend to deploy this across the WAN, you should be very confident you understand the security of what you're deploying [21:33] Pici, oh. so sftp is just file transefer over ssh? [21:33] FTPS is horrible and no one should use it. [21:33] Quest: if your users have ssh login access, they can access anything they are given access to, also for file transfer [21:33] Quest: if your users only need file transfer, rssh is good [21:33] Quest: essentially. [21:34] Quest: I don't think the scattered advice of folks on an IRC channel is sufficient for setting up a secure file server. [21:34] geofft: I don't think FUD is any better :P [21:35] Sure. I'm not trying to spread FUD -- there are good ways to learn about this [21:35] And they're all reasonable for being in a good position to set up a server. [21:35] RoyK, doesnt an sftp server like vsftpd restricts users to get out of their /home dirs by default? [21:35] I'm just pointing out that IRC is a bad way. [21:35] Quest: no, rssh does [21:35] Quest: vsftpd is not an SFTP server. [21:35] Pici, what is it then? [21:35] Pici, its an ftps server theN? [21:35] vsftpd is an FTP or FTPS server [21:35] Quest: but if your users have ssh login access already, they can get whatever they can access out of there by other means [21:35] oh [21:36] Quest: what geofft said. [21:36] Oh, I guess the fact that "vsftpd" contains "sftp" in its name is also confusing :-( [21:36] Quest: so, please, tell us, do your users have ssh login access? [21:36] ok. 2nd last question. can windows explorer get sftp and ftps dirs ? [21:36] Windows Explorer cannot. [21:37] Quest: no, but filezilla can [21:37] Frankly there are few good solutions for Windows file access across a WAN [21:37] Quest: fyi, getting connected to an FTPS server if you are behind a corporate firewall is hell. [21:37] I suspect SMB will work as well as anything. You could also try using WebDAV over https, but performance is very poor on Windows [21:37] geofft: well. SMB2 works well over a closed WAN [21:37] over the internet - wouldn't dare it [21:38] and last question. 1. I need WAn and LAn access for users, 2. i will not give users a login to console. just make their /homes and login pass. 3. i have encrypted their /homes 4. [21:38] Quest: rssh [21:38] again [21:39] RoyK, explorer cant do for both? i remember i did sftp or ftps once in windows exploror [21:39] no, explorer can't [21:39] period [21:39] filezilla can [21:39] RoyK, ok [21:39] explorer (iexplore) can do straight ftp. [21:39] Quest: when you say "over wan", do you mean "over internet" or "over a closed wan"? [21:39] and what do i need. sftp or ftps? [21:40] Pici, not iexplorer. windows explorer [21:40] RoyK, ^ [21:40] Quest: ! [21:40] ahh [21:40] ok. period.. [21:40] i recall the period [21:41] Quest: sftp is what we suggest. If you want ftps you're on your own. [21:41] hm [21:41] RoyK suggests doing this with rssh, as he has said many, many times. [21:41] Pici, ok. why ftps is discouraged? [21:41] Quest: can you please take an advice for once? [21:42] RoyK, i do need to configure rssh. ? ( i may want some users to rom around outside /home [21:42] ssh combined with rssh is very secure [21:42] Quest: then google it [21:42] RoyK, ofcourse. your advice is admired [21:42] it's not hard [21:42] Quest: In my experience, it works horribly. Extra configuration for clients needs to be done if you are behind a corporate NAT. [21:42] ok [21:42] nice [21:42] rather, if the clients are behind a nat [21:43] I've spent many hours trying to get things working at my employer, where I need to upload files to other companys' FTPS servers. [21:43] With SFTP, things just work the first time. [21:43] hm great [21:44] hm [21:47] Pici: out of interest - what would be troublesome with NAT for FTPS? It's just TCP, after all [21:47] I think the security story (in terms of vulnerabilities in the server) for OpenSSH is a lot better, btw [21:48] Pici, RoyK I have read a bit tutorials about adduser and useradd. and chatted in freenode. i still didnt got an expert answer on how 1. to add a user as is added by default by ubuntu GUI with prober /home/userlongname constructing the /home and the .files dot file like .cashe . bash etc and 2. how to add a user with /home but no priviliges and NO console login . just files in his folder (for sftp) [21:48] Quest: using a gui isn't really a server question [21:48] RoyK, Pici: isn't this the active/passive FTP nonsense? [21:48] Quest: the "adduser" command should do #1 [21:49] geofft: ah - right - you need a nat helper etc etc etc [21:49] ftp sucks rather badly at nat [21:49] RoyK: From what I understand (and I don't feel like researching it in detail this moment) is that the additional port needed for extra communication between your client and the FTPS server is sent encrypted between yourself and the ftps server. So if you don't have the right range of ports open for that particular ftps server's configuration, it just won't work. [21:49] RoyK, ya. thats why i need console [21:49] Pici: makes sense [21:49] Quest: http://www.debian-administration.org/articles/94 [21:50] geofft, whats better. add user or useradd [21:50] Quest: looks like the comments in that page suggest using rssh for #2 [21:50] useradd -m blah [21:50] Quest: on Ubuntu / Debian, "adduser" does everything. "useradd" creates the account but doesn't initialize it [21:51] Quest: I basically always use "adduser" [21:51] adduser should generally be used unless you want to do something special. [21:51] geofft: well, useradd -m creates the user, adds it to its default group, creates the homedir, copies /etc/skel there etc [21:51] Oh, does -m do that? Good to know [21:51] man useradd ;) [21:52] -m == create homedir [21:52] I just use adduser, or edit /etc/passwd by hand :-) [21:52] RoyK, useradd -m dont give bash as its defual shel [21:52] Quest: edit /etc/default/useradd [21:52] geofft, useradd" creates the account but doesn't initialize it ? whats that mean [21:53] Quest: it just means geofft hasn't rtfm [21:53] I have in fact never rtfm for useradd since I haven't had a use for it :) [21:54] well, then don't blame it [21:54] how users are added in all linux distros? ubuntu is different? [21:55] I think all Debian-based distros do the same thing with adduser and useradd. [21:55] Red Hat-based distros tend to just have adduser as an alias for useradd. I don't know if it's the same useradd. [21:55] in user add and add user . when the password is set? and can i just give the login name to clients and ask them to setup their password themselft? [21:55] at first login i mean [21:56] * Quest thanks all in advance! [21:58] oh yes. most important question. I need to auto block ssh acces to ips that repeatedly entered incorrect login passwords 5 or 7 times [21:59] on redhat, adduser is a symlink to useradd [22:00] adduser is a debian thing, it's a wrapper script [22:00] hmm, indeed it is. /me adds to notes [22:00] (perl, for those playing at home) [22:00] Quest: I've heard of fail2ban and DenyHosts used for this, but I've never used either [22:01] Quest: I use denyhosts [22:01] I use fail2ban. [22:01] default config is a bit nazi - perhaps good to slow it down a bit [22:01] I haven't thoroughly researched either though, but it works well with zero config for me. [22:01] the good thing about denyhosts, is that it works distributedly [22:02] so you can deny a host from all your servers if it tries n times on one machine [22:02] both work, though [22:03] need easy for starters [22:04] Pici, oh so no need to config it? [22:04] Quest: correct. [22:04] The defaults are sane. [22:04] it bans 5 incorrect logins for how much time by default? [22:05] just a rought i dea Pici [22:05] i hope it works for every ssh based app. which includes sftp [22:06] Yes. sftp happens by opening an ssh connection and requesting an sftp-server instead of requesting a shell [22:06] is it ok to ask questions about ispconfig3 here ? [22:06] Quest: omg, can you just try to read the config before asking? or the manual? or google it? [22:06] ya.. i should not get consious [22:07] good idea [22:07] has anyone happen to run freenx or vnc4server? [22:08] weren't you in the process of learning how to secure your server? [22:09] I wonder apps like spotflux.com and hotspotshield use what protocol. https i guess? [22:09] * RoyK ignores Quest [22:09] RoyK, yes. and a remote gui is an addon [22:10] in daily work. [22:10] Is there any way to safely flush the history stored in an LVM2 metadata area? I have a weird GRUB issue and I'd like to eliminate the possibility it's reading an old version of the LVM metadata [22:10] and https is for filtering services which lets browsing facebook.com if its blocked in firewall for example [22:11] right Pici and geofft ? [22:12] * RoyK wonders if Quest is a bot [22:13] Quest: no idea, never used those services [22:14] maxb: what's the issue? [22:14] grub-probe is returning some warning like: grub-probe: warning: Couldn't find physical volume `pv1'. Some modules may be missing from core image.. [22:15] The system boots, but I'm interested in figuring out what grub is unhappy about [22:15] did you upgrade from an older version? [22:16] Yes, but the warnings didn't start appearing precisely then [22:16] thx [22:17] I guess I could force pvcreate to reinitialize the on-disk metadata from a backup file [22:18] maxb: single drive? [22:18] Two [22:21] RoyK, adduser -m makes the default shell as sh. it should be bash. any solution Pici ? [22:23] Quest: do you even read what I write? [22:23] 23:52 < RoyK> Quest: edit /etc/default/useradd [22:24] moron [22:25] Quest: I think you're wearing folks' patience thin. If you're unfamilar with the process of getting answers to these questions, you can ask [22:25] Quest: But I'm pretty sure nobody has told you anything that's unavailable in package man pages, Wikipedia, HOWTOs, debian-administration.org, etc. etc. etc. [22:26] Quest: And you'll get more thorough answers that way. [22:27] RoyK, iam talking about add use rnot useradd . /etc/default/useradd is for useradd. it says SHELL=/bin/sh [22:27] tried to change it? [22:28] why should why when 1. i use adduser and not useradd 2. users added by GUI have bash. why? [22:29] geofft, those articales made me confuse. you guys solved it [22:29] Quest: as mentioned earlier, adduser is a wrapper around useradd [22:29] if i have not insisting questions though. [22:29] Quest: The GUI tool probably has different defaults. [22:29] geofft, hm [22:29] so I did needed to change the sh to bash [22:29] ok [22:30] geofft, how to add the user , make /home but dont allow it to login /home folder. (only login to sftp by ssh)? [22:30] is there a way [22:32] Quest: before you complain any more - try to add the file I've mentioned a couple of times - try to add a user [22:32] i have [22:32] and it worked? [22:32] Quest: Did you read the article I linked earlier and the comments? [22:32] it made the account but i can login. [22:32] Quest: Did you look at rssh, which RoyK has recommended a few times? [22:33] geofft: I don't think Quest reads anything we link to, he just asks here [22:33] geofft, RoyK is rssh the only way. if i recall correct . there are other ways not to make the user login console? [22:33] Quest: There are lots of ways. Is there a problem with rssh? [22:33] Quest: can you spell google? [22:33] geofft, i have mostly read it [22:34] Have you tried it? [22:34] geofft, by ways. i mean natvie ways. not third party apps like rssh [22:34] Install it on a machine, set it up, see if it does what you want. [22:34] rssh is good. but iam asking for learning [22:34] You can see what rssh does. [22:34] Look at the configuration changes it makes, or look at its source. No better way to learn. :) [22:35] hm [22:35] if you haven't read the sshd_config manpage, read that too [22:35] there is no native way? [22:35] it's incredibly dense, but everything's in there [22:35] i mean a way (if i recall) that was some arg at adduser/useradd [22:35] hm [22:35] Did you see the debian-administration.org article I linked to? [22:35] geofft: just trop it - Quest will just ask here - he doesn't read [22:35] yes [22:35] It talks about a way to do this that doesn't involve using rssh. [22:36] ok. if you guys are annoyed. ill stop asking [22:36] geofft, whats that. i missed it [22:36] Er, that's the entire article. [22:37] k [22:37] any ops around? [22:38] hm? [22:39] Quest: they're annoyed. We're here to help, and it seems you're ignoring advice that has already been said and asking again. [22:39] advice admired and regarded. stoped asking [22:39] thank you. [22:40] did i said thank you to RoyK ? [22:40] Quest: maybe - but I'd still say "read the manual, google it" etc before asking too much in here [22:42] my question was valid. as sftp is command execution. and so is same as ssh. if i need sftp but dont want to console login. even rssh might not help (just making a jail around /home is not enough) [22:42] Quest: as I said [22:42] earlier [22:42] we [22:43] are [22:43] using [22:43] rssh [22:43] for [22:43] 17000 [22:43] users [22:43] Quest: Why "might not help"? Have you tried it? [22:43] "rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. It now also includes support for rdist, rsync, and cvs. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that." [22:44] Pici: don't help him - he may even find the command "man" one day [22:44] RoyK: if I don't help then I'm going to say things that I might regret. [22:44] http://catb.org/~esr/faqs/smart-questions.html [22:45] specifically the "Before you ask" section. [22:45] Pici, great!!! [22:45] RoyK, just saying rssh does it. is less better than what Pici explain. now iam confident. [22:46] i was nervous [22:46] ... [22:46] but thanks alot RoyK [22:46] Quest: fyi, that was a direct quote from rssh's website. which you could have looked for yourself. It took me two seconds to find it. [22:48] Quest: All of us here learned what we know by reading documentation and trying things. [22:48] looked. not quit efficeitly looked as a start. contrary to you [22:48] the ssh-terminal can be locked out, by adding to /etc/shells, and setting that shell for the user logon [22:49] Quest: It takes time. I've been sysadminning ssh for years. But I now know it very well. [22:49] Quest: You're going to get better answers by reading things slowly and being patient with web searches than expecting other people to do things for you. [22:49] k [22:50] Guessing at the purpose behind your questions, you're trying to do something very complicated. [22:50] (thinking about the file transfer question, and the FreeNX question, and ...) [22:50] ya [22:50] That's fine! You can do complicated things with Linux. [22:50] It will just take you more than a few hours to learn how to do. [22:50] hm [22:50] And especially for things like secure file transfer and remote logins, you want to make sure you understand it. [22:51] tring to assemble a huge server in two days [22:51] Because otherwise you risk setting up the security wrong. [22:51] geofft: thanks for explaining this all :) [22:51] i have already done network reporting. now with these things [22:51] Again, you totally _can_ understand it. It's just not the sort of thing you want to try to rush to understand [22:51] 2 day deadline is a rush [22:52] I would not feel confident setting up a remote file access + networked login server in two days, even knowing what I do about these things. [22:52] hm [22:52] I would feel confident in taking, oh, maybe a week to set up a dev server. [22:52] am i correct about the ssh-terminal can be locked out, by adding to /etc/shells, and setting that shell for the user logon [22:52] I don't know. [22:52] k [22:53] I mean, I could think about it, and figure it out, but I'm not the one doing this project. :-) [22:53] And it will take me more than five seconds to figure that out. [22:54] hm [22:54] but after that week you'd know what to do and probably know how to fix many of the problems that might occur after it is live. [22:54] Depending on the constraints of your project, you might also want to hire an experienced sysadmin / consulting firm to do this [22:54] and to maintain its security long term [22:54] but anyone you could hire that's worth hiring will refuse to do it in a mere two days. [22:55] Pici, ya === Ursinha_ is now known as Ursinha [23:03] just to confirm, geofft pici that its a good practice . to not allow console login for a user [23:03] change the user's shell to /bin/false (in /etc/passwd)