/srv/irclogs.ubuntu.com/2013/05/10/#ubuntu-server.txt

peteyif you're doing something like sudo find you wont need to do it recursively right01:07
peteya sudo find chmod since it's finding all of those file types01:07
sarnoldhallyn_: hey, how do I test this new libvirt package in quantal? :) I don't recall exactly the steps I had to take to trigger the bug in the first place...01:08
sarnoldpetey: indeed, find recurses down directories and mountpoints by default01:08
peteyokay cool thanks01:08
sarnoldhallyn_: I've got a suspicion that it's something like (a) start from precise (b) install a specific SRU release of libvirt and dnsmasq (c) upgrade to quantal...? (d) install new libvirt from proposed and see if the link is repaired?01:09
sarnoldhallyn_: (in other words, I'm not very confident in my ability to provide good verification of your package... I'm hoping you or stgraber have an easy way to reproduce the problem and verify the fix. :)01:14
hallyn_sarnold: apt-get install libvirt-bin; apt-get rm libvirt-bin; apt-get install libvirt-bin should do it01:51
sarnoldhallyn_: oh, keen, that's easy to try01:51
hallyn_you shouldn't have to start from precise.  it was the act of removing the package which removed the /etc/dnsmasq.d/libvirt-bin, and installing it then didn't recreated it01:51
hallyn_then apt-get purge libvirt-bin; apt-get install libvirt-bin; add quantal-proposed; apt-get update; apt-get rm libvirt-bin; apt-get install libirt-bin01:52
hallyn_i *think* that's all it is, though there were a few bugs along the way there weren't there...01:52
hallyn_sarnold: thanks  (heading out)01:54
sarnoldhallyn_: have a good night :)01:54
Free99hey everyone. Having an issue where someone on my network keeps trying to nab my server's IP address. Can't tell if its malicious or accidental, but... any suggestions on what to do?02:12
sarnoldFree99: tcpdump or ethereal ought to show you the MAC address involved. if you have managed switches, you can drop packets from that MAC before they cause problems.02:14
pythonirc1012TheLordOfTime: Any pushes yet?02:15
Free99sarnold, my organization is big enough where I'd have to loop the network guy in, and he's very busy (but I know that's the actual solution). Until then, I seem to recall some app or something in the repos that would hold on to your ARP registration really tightly02:15
Free99like it'd block anyone else from stealing your ip pretty effectively02:15
pythonirc1012does anyone have a good backup script/software for backing up /home?02:16
sarnoldpythonirc1012: investigate rsnapshot and duplicity02:16
Free99sarnold, how would I do that with tcpdump? I know arping can do that kind of thing02:16
sarnoldFree99: add enough -e switches to see ethernet macs..02:17
pythonirc1012sarnold: thanks02:17
Free99sarnold, what if they are spoofing my MAC address? I'm sorry if these are obvious questions, never dealt with this before02:18
pythonirc1012sarnold: in my case, my users have copies of exactly the same file stored multiple times. I was hoping that the backup sofware was good enough to not backup multiple copies of the same file.02:18
Free99pythonirc1012, the ZFS filesystem supposedly does this pretty effectively, it's called data deduplication02:19
Free99try looking around to see if anyone has ported just the data dedup part into a utility or something02:19
sarnoldFree99: sorry, I can't recall the name of the tool you're thinking of.. and no idea what to do if they clone your mac, you're in trouble at that point, you'll need to mac-firewall every port, I expect. :/02:20
Free99crud-butter02:20
Free99so wait a sec, I thought the networks were a lot more resilient to this kind of thing02:20
sarnoldrsnapshot is decent at not duplicating files itself, but I doubt it recognizes duplicated files in homedirs :)02:20
Free99is that the type of issue that ipsec was supposed to handle?02:21
sarnold.. and I don't know how well it would manage, even if you hardlinked them all02:21
pythonirc1012sarnold: perhaps dar would help?02:21
sarnoldFree99: ipsec would prevent the new machine from impersonating yours, but yours would be every bit as offline..02:21
sarnoldpythonirc1012: maybe? never heard of it before :)02:21
Free99(facepalm)02:22
agu10^Hello. I had a software running on https (443 port) but after installing Nginx, it stops answering on that port. Any idea why?02:24
sarnoldagu10^: perhaps your nginx is configured to listen there? check the output of sudo netstat -nlpt02:26
agu10^sarnold, http://paste.ubuntu.com/5649815/02:27
TheLordOfTimewheee i missed things02:28
TheLordOfTimepythonirc1012:  yeah i did02:28
TheLordOfTimepythonirc1012:  not sure if i broke it or not, but it builds... :/02:28
* TheLordOfTime yawns02:28
sarnoldagu10^: hrm, I don't even see :443 ...02:28
agu10^yeah, i don't know what happened02:28
pythonirc1012TheLordOfTime: Trying it out now02:28
TheLordOfTimeagu10^:  what did you have installed on that port?02:28
TheLordOfTimeor rather what were you running before nginx02:28
agu10^iredmail02:29
pythonirc1012TheLordOfTime: This time it stared and the pid error is gone.02:29
agu10^ooooh. iredmail is set up to apache and has a virtualhost.conf for apache. I'm running nginx :/02:30
TheLordOfTimepythonirc1012:  yeah that was the idea :P02:30
pythonirc1012TheLordOfTime: this time it starts with the default config, but not with my config - complains invalid option /var/run/nginx.pid02:30
TheLordOfTimepythonirc1012:  pastebin your ENTIRE config file02:30
TheLordOfTimeagu10^:  and that's your issue02:31
TheLordOfTimeagu10^:  does iredmail run as its own native application?02:31
agu10^no, it doesn't02:32
agu10^i don't know02:32
TheLordOfTimesarnold:  whenever there's a weird question about nginx, you're free to ping me02:38
TheLordOfTimeagu10^:  here's an example conf file for iredmail on nginx: http://wiki.nginx.org/IRedMail02:38
TheLordOfTimecan't guarantee it works though, I don't use IRedMail02:38
sarnoldTheLordOfTime: thanks :)02:39
TheLordOfTimesarnold:  especially when there's a huge version difference between what's in Ubuntu and what they're running :P02:39
TheLordOfTimecase in point pythonirc1012's situation (sorry for the ping!)02:40
sarnoldTheLordOfTime: indeed, that'd have been supremely confusing without you :)02:40
TheLordOfTimesarnold:  xD02:40
TheLordOfTimesarnold:  lucky random appearance i guess xD02:40
pythonirc1012TheLordOfTime: do you recommend running ubuntu's nginx instead of the PPA nginx? I think the problem was that I was using some of the new features of nginx at the time I configured it02:41
TheLordOfTimepythonirc1012:  i stick to what's in the PPA, but meh02:42
TheLordOfTimepythonirc1012:  new features in 1.2.x are probably standard features in 1.4.x02:43
TheLordOfTimepythonirc1012:  but your error was unrelated to features02:43
TheLordOfTimeso IDK what's with that02:43
TheLordOfTimepythonirc1012:  the stable PPA's updated based on whatever's in Debian, so...02:44
TheLordOfTime... yeah, i stick with debian stuff.02:44
Free99TheLordOfTime, I have several nginx servers to manage. Having a lot of trouble supporting webdav though, do you have any tips?03:05
pythonirc1012Free99: ubuntu? what OS?03:08
Free99yeah, ubuntu03:09
Free99I had to make a really weird config file so that WPMU and Owncloud would work together03:09
Free99but the webdav doesn't work03:09
Free99*webdav part of owncloud03:09
pythonirc1012Free99: what are you using owncloud for?03:10
Free99file hosting/sharing03:11
pythonirc1012Free99: with? at work or personal?03:11
Free99work. It's a server for engineering students to share/backup large CAD files03:12
pythonirc1012ah cool03:12
Free99as well as make websites for their respective organizations easily03:12
pythonirc1012how do deal with the authentication part then?03:12
agu10^Why is my email taking so long into my inbox? I'm using postfix with iRedMail.03:14
Free99what do you mean? little hackery of the backend keeps the same credentials in the database for both of them03:14
Free99agu10^, stop posting in several rooms at once, that's pretty annoying03:14
agu10^Free99, what do you suggest instead?03:15
Free99not everyone is at their keyboard waiting for someone to talk to bro. Just wait a little, try somewhere else when you think you've waited enough and nobody helped you03:16
agu10^okay, i guess i should code a delay for cross-posts ?03:17
pythonirc1012Free99: how many people are using this thing that you are setting up?03:17
Free99a bunch? at least 8 clubs, each has their own account and the club president delegates the user/pass to each member03:18
Free99each club has at least 5 users03:18
Free99(they have to, to become a club)03:18
Free99everything works so far but the webdav03:19
pythonirc1012so 40 users03:20
TheLordOfTimeFree99:  which nginx package are you using03:20
* TheLordOfTime doesn'03:20
TheLordOfTimebleh03:20
* TheLordOfTime doesn't use WebDAV on his deployments, but might be able to tell you if you're using the wrong nginx binary package03:21
Free99TheLordOfTime, nginx 1.1.19 I believe03:21
TheLordOfTimeFree99:  i meant nginx-light, nginx-full, etc.03:22
TheLordOfTimeFree99:  wait 1.1.19...03:22
TheLordOfTimethat's... either precise or quantal...03:22
TheLordOfTime!ping03:22
ubottupong!03:22
TheLordOfTime!info nginx precise03:22
ubottunginx (source: nginx): small, but very powerful and efficient web server and mail proxy. In component universe, is optional. Version 1.1.19-1ubuntu0.1 (precise), package size 6 kB, installed size 84 kB03:22
TheLordOfTimeyep precise03:22
Free99precise it is03:22
Free99I did nginx-naxsi03:23
Free99haven't setup the naxsi part yet, its disabled03:23
axisys_how should one install multiple perl modules ? one way is cat list-of-perl-modules | cpanm --interactive ..  is there a better way to do it?03:24
TheLordOfTimeFree99:  I don't think the naxsi version of nginx ships with webdav support03:24
Free99hmm. how would I get naxsi along with the full module support then?03:25
TheLordOfTimebut i'm on the nginx PPAs, so i have to dig in the 1.1.19 version instead...03:25
TheLordOfTimeFree99:  a customized version of the naxsi package maybe, i don't see WebDAV and naxsi together in any of the binaries03:26
Free99(shrug) I guess I can live without naxsi, I have zbblock on the server too03:26
TheLordOfTimebut remember i'm working with 1.4.x i don't have the 1.1.19 stuff around03:26
Free99let me check03:27
Free99ah cripes. my ssh server is acting up again03:30
Free99TheLordOfTime, I'll have to ask you tomorrow if you don't mind03:30
Free99maybe even monday03:30
TheLordOfTimeFree99:  i am pulling a copy of 1.1.19 right now03:30
TheLordOfTimeif you can hold on a sec i can double check03:30
TheLordOfTimeFree99:  yeah, none of the packages ship with both naxsi and webdav03:32
TheLordOfTimeand that won't ever be changed for precise, because it's kinda frozen that way03:32
TheLordOfTimethe only way to get webdav + naxsi is to either build from source or have someone build you a customized version of nginx03:32
* TheLordOfTime would do that but meh03:33
Free99lol03:33
Free99it's not a big deal, I'm fine with compiling myself and using checkinstall03:33
Free99heading to bed, thanks guys03:44
=== irv_ is now known as irv
=== jiriki- is now known as jiriki
=== mrmist_ is now known as mrmist
=== irv_ is now known as irv
=== _KaszpiR__ is now known as _KaszpiR_
=== ivoks_ is now known as ivoks
shwaiilhi10:10
shwaiilQ: My server is setup in a VM (virtualbox). I'd like to start apache2 automatically whenever the VM is started or the user logins. What's the best way to do it ? The best practice ? Any suggestion are appreciated! Thank you ;)10:10
shwaiilI heard about "upstart" script10:10
bekksJust install Apache, and it is started by default.10:13
shwaiilbekks: thanks for looking. not really, whenever I restart the VM, apache is off10:23
shwaiiladding: service apache2 start, to /etc/rc.local and restarting my VM, I mean my ubuntu server it still doesn't auto init apache210:23
ShogootHi guys i got this little php file im running on my webserver. itss supoised to load somexml file  and loop troguh and echo/frite to file somdata...     but my opendir is failing....       must be the relative path i think, but my combination of  solutions are not working. HOW CAN i see from wich relative path the file is calling from?       I know its from a /var/ww/html/etcx etc etc, but what is the visiility of the file?10:37
=== LargePrime is now known as Guest17151
=== LargePrime_ is now known as LargePrime
oDiafanoshello:) what monitoring system do you propose for monitoring web server with databases irc server and icecast ?11:09
bekksNagios.11:11
oDiafanosis there any how to article to help me set it up on 12.04 server? I know the basics but I need it on a "live" srv and I can't experiment a lot11:13
bekksoDiafanos: http://www.nagios.org/documentation11:14
jacobwIcinga11:23
=== mjeanson_ is now known as mjeanson
yobrohello13:58
yobroI can't seem to mount my dvd-rw, I'm getting an error message :"wrong fs type, bad option, bad superblock on /dev/sr013:59
bekksyobro: Then how do you try to mount it?14:01
gyre007is there a way how I can tell which repo takes priority over which for certain package?14:32
gyre007there was some apt command but I canf seem to find it even in man pages...14:32
PiciThe one with the latest version.14:32
gyre007not really14:32
gyre007if you have multiple sources...14:32
gyre007which provide same packages...14:32
gyre007how does apt figure out which one to get the package from ?14:33
PiciAre the packages the same version?14:33
gyre007not necessarily14:33
gyre007they can be diffrerent14:33
PiciI'm not sure how apt treats packages that are the same version, but the highest version number will always be pulled in the other case.14:34
Picimaybe I'm misunderstanding your question.14:35
gyre007lets say you have 5  nginx repos...and you decide to install nginx14:35
gyre007which repo will the nginx be installed from ?14:35
gyre007Pici: apt-cache policy nginx-full14:36
gyre007apt-cache policy <pkg_name>14:37
gyre007now the question is, how do you change the priorities...14:39
Picigyre007: aha! found it.  according to the apt_preferences manpage, the entry earliest in the sources.list file will be used for packages with the same version in different repos.14:40
PiciI think the manpage also has information on how to set the priority for those14:41
gyre007im checking this now https://help.ubuntu.com/community/PinningHowto14:42
gyre007actually this wont prioritise the source over another..mm14:48
=== wedgwood_away is now known as wedgwood
=== masACC is now known as maswan
kearneykiddoes anyone know about smoothwall firewall (linux)16:45
kearneykidA ping is getting through the network and into the web but for some reason websites are being blocked16:49
sarnoldkearneykid: sounds like you allow icmp but block tcp16:49
kearneykidu see it has been working all along and suddenly it just refuses my connections16:51
kearneykidsarnold: i cant find anything in the control pannel that would let me block TCP16:54
sarnoldkearneykid: I think you've already blocked tcp..16:54
slide23Does anyone know of a way to limit ssh accepting connections to a specific hostname? I have many virtualhosts setup that people attempt to connect to all the time and I dont want to limit ssh to just my IPs (because they may change or I may need to access it from somewhere else)16:55
kearneykidsarnold how will i un-block TCP?16:56
andolslide23: The ssh protocol doesn't really deal with hostname that way. There is (obviously) a DNS lookup on the client side, but that is a about it. The server has no idea what hostname the client went for.16:57
slide23hrm dang16:58
slide23any other ideas for reducing login spam heh, I am using fail2ban which is helping16:58
sarnoldkearneykid: sorry, I've never used smoothwall, can't suggest how to unblock a protocol..16:59
sarnoldslide23: something hokey like port knocking?16:59
andolslide23: One option, especially if you are the only one connecting to the server, is to have sshd listen on an alternate port. While it might not matter much security wise, it will keep your log files a bit more clean.17:00
kearneykidsarnold: just looking at the firewall logs and there are connections blocked about 2 every second. most of them are odd ports like 5309917:00
sarnoldkearneykid: src ports or dst ports?17:00
slide23hrm port knocking seems interesting17:01
kearneykidsarnold: its a different src ip going to my ip.17:02
kearneykidsarnold: there are both UDP and TCP ports17:02
sarnoldkearneykid: note that outgoing requests from web browsers will use a randomly-selected port, often in the range 40,000-65535, for the source port..17:03
kearneykidsarnold: could this be the problem so; its blocking the websites for no reason17:05
sarnoldkearneykid: hrm, can you pastebin your rules? perhaps someone here will be able to spot the issue17:05
kearneykidI'm sorry i can only post it here as the web isn't working17:06
kearneykid11:12:12 IN=ppp0 OUT= MAC= SRC=189.222.24.70 DST=*****(MY IP) LEN=131 TOS=0x00 PREC=0x00 TTL=114 ID=22709 PROTO=UDP SPT=43731 DPT=25732 LEN=11117:07
kearneykidthat is just a random one i picked out of the list17:08
sarnoldthat's just a blocked packet, not rule. but you can _irc_ fine but not http?17:09
sarnoldhow about https?17:09
kearneykidyes both http and https17:10
kearneykidthe error is saying "connection refused"17:11
kearneykidalso a nslookup works17:11
winterpkHi I'm having a problem with my ubuntu webserver.  I have multiple sites set up with virtual hosts and one has an SSL cert.  However, my client is getting an ssl cert error on a different site (even though I have no links to https on that site) where its trying to use a differet domain ssl. Does anyone know the best practice when setting up mulitple sites on the same server where some17:12
winterpkuse SSL and others dont?17:12
kearneykidsarnold: actually for http; i get the error connection refused17:14
kearneykidsarnold: and for https; it just times out17:14
sarnoldkearneykid: ah, perhaps a REJECT for http and DROP for https?17:14
sarnoldwinterpk: investigate SNI: http://en.wikipedia.org/wiki/TLS/SSL#Support_for_name-based_virtual_servers17:15
kearneykidmabye, how could i fix that?17:16
sarnoldkearneykid: perhaps I could pastebin your firewall rules for you, if you /query me, then paste them in, it wo'nt flood the channel..17:17
winterpksarnold thank you.  I will look into it directly17:17
winterpkSo I can only use one cert per server?!17:18
kearneykidthanks very much for your help sarnold query opened17:18
winterpkor a different IP17:19
winterpkugh, this is not good17:19
sarnoldwinterpk: different IP is the usual approach, but I think SNI lets you get there, with newer clients anyway17:19
winterpkwell what If I only really care about one cert.  I just dont want to get a cert error on the other sites.17:20
sarnoldah. I don't think there's anything you can do about that :/17:20
winterpkoh  man this is not good17:21
RoyKSNI should work with most clients these days17:21
winterpkclient = browser?17:21
RoyKyes17:21
winterpkhmm ok I'll try it.17:22
winterpkits still trying to use the default ssl darnit17:25
gyre007anyone here understands how package pinning works ? arrrgh...major headache17:26
winterpkis there someway to just turn of SSL for the sites that dont use it?17:26
=== wedgwood is now known as wedgwood_away
gyre007I have the following preferences set https://gist.github.com/milosgajdos83/555558417:30
gyre007YET they are totally ignored17:30
gyre007nginx-full is being installed from the second source..17:31
gyre007arrrgh..17:31
sarnoldwinterpk: you only get to open a port on an ip address. you can't selectively 'close' that port for requests coming in with one name vs another name -- it can't know which hostname the request is intended for until it has accepted the connection and read some bytes from it.17:33
winterpkI see ok17:34
winterpkits a chicken before egg paradox17:35
sarnoldhehe, yeah17:35
winterpkSNI is supposed to hint at the right domain17:35
sarnoldor, one more motivating factor behind ipv6 :)17:35
winterpkbefore the connection actually happen17:35
winterpkI'm just having trouble with my config now I suppose17:35
sarnold.. but sni assumes all domains you're hosting on that IP are supposed to have SSL :)17:35
sarnoldyou _could_ segregate your hosts onto two IPs: the first IP for ones with ssl, the second one for hosts without ssl17:36
winterpkugh this is getting worse17:36
sarnoldmost providers will sell you a second IP for sometihng like $5/mo. not too bad.17:36
winterpkhmm I don't think I can assign two IPs to myu server.  I'm on AWS17:36
sarnoldwinterpk: that might be "elastic IPs" in the console..17:38
winterpkright, but I think I can only assign 1 per17:38
winterpkstupid17:38
=== r0tha_ is now known as r0tha
sarnoldoh? hrm. that is stupid.17:38
sarnoldwinterpk: oh, check out the section titles "Assigning an Elastic IP Address to the Secondary Private IP Address" here http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html17:41
kearneykidsarnold should i leave smoothwall and use a different firewall/router ?17:41
winterpkhmm ok17:41
sarnoldkearneykid: maybe? :)17:42
kearneykidwhat would ye recommend because this is really annoying me.17:43
kearneykidany ideas on what to try?17:47
winterpkhmm so aws has this virtual nic i need to implement. weird17:50
=== wedgwood_away is now known as wedgwood
ppetrakihallyn_, can you do me a favor and mark this triaged until we learn different? Thanks. https://bugs.launchpad.net/ubuntu/+source/multipath-tools/+bug/117872118:34
uvirtbotLaunchpad bug 1178721 in multipath-tools "multipathd fails to create mappings when multipath.conf is present" [Undecided,Confirmed]18:34
jkylee18:34
=== lool- is now known as lool
=== wedgwood is now known as wedgwood_away
=== wedgwood_away is now known as wedgwood
slide23Can anyone see anything wrong with this rule for allowing ssh in from a specific ip?20:44
slide23/sbin/iptables -A INPUT -s 192.168.0.99 -p tcp --dport ssh -m state --state NEW,ESTABLISHED -j ACCEPT; /sbin/iptables -A OUTPUT -d 192.168.0.99 -p tcp --sport ssh -m state --state ESTABLISHED -j ACCEPT20:44
bekksIt doesnt allow new connections to be established (outbound in return to inbound new)20:55
kathy1Holaaa21:12
RoyKkathy2: hi21:22
RoyKslide23: not really21:22
kathy2How are you?21:23
RoyKfine, thanks21:23
kathy2emmm21:23
kathy2ok21:23
kathy2;)21:23
RoyKso what up?21:24
hxmi configured smtp and all mails are marked as spam21:37
hxmi have defined the spf in the txt dns record21:38
hxmand configured openkim21:38
hxmwhat do i miss21:38
sarnoldhxm: which tool said your mails are spam? did it give you any reasoning?21:38
hxmgmail and hotmail, they just redirect to a generic page for many reasons21:39
sarnoldhxm: you could try this.. https://ers.trendmicro.com/reputations/index21:44
=== yeats_ is now known as yeats
=== mikal_ is now known as mikal
coalwaterI want to build a clustered/distributed web server using virtual boxes for learning purposes, is there a good link/book i could read ? thanks.23:35

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!