[04:37] <ClientAlive> What is the best way to align partitions across multiple disks? Is there a way to do it that doesn't involve creating partitions on the other disks just as spacers? My problem is, I'll have a raid array but not everything on this systeam can be in a raid array (the uefi system partition for instance). I still want the partitions in the raid array to lign up on the physical platters across all disks though.
[04:53] <soy_el_pulpo> I guess you can copy the partition of the disk you want to be the source to the other targets, assuming they are exactly the same
[04:54] <soy_el_pulpo> and only add to the raid the ones you need, excluding those that can't be RAIDed
[04:55] <soy_el_pulpo> you can use "sfdisk -d /dev/sda | sfdisk /dev/sdb" to copy the partition form sda to sdb
[04:56] <soy_el_pulpo> ClientAlive: hope this helps
[04:57] <ClientAlive> thx man
[04:57] <ClientAlive> it does :)
[04:57] <jacksonka> Anyone aware of an encryption algorithm stronger than ECDSA
[05:01] <jacksonka> Anyone aware of an encryption algorithm stronger than Elliptic Curve Digital Signature Algorithm?
[05:02] <jacksonka> Specifically ECDSA 521
[05:15] <jacksonka> I am attempting to deploy Jabber has anyone done it on Ubuntu 12.04?
[06:10] <madprops> hi, I was wondering what the justifications for forking apache are
[06:12] <madprops> some folks at httpd seem to be appalled by this
[06:23] <andol> madprops: what fork are you refering to?
[06:26] <madprops> andol, http://wiki.apache.org/httpd/DebianDeb0rkification
[06:28] <andol> Wouldn't call that so much a fork, as providing a different set of default configuration.
[06:31] <andol> My personal opinion is that I do appreciate this split into include files, but agree with the wiki page on some not-optimal default. From what I have understood that is at least partly done in regards to backward compability, not breaking upgrades for packages which depend on Apache2, etc
[07:13] <balachmar> Hi, I am installing postfix as a mailserver on a vps and it is working with ufw disabled. But when I enable it it blocks port 587 even when in the status it allows udp and tcp from Anywhere
[07:16] <sarnold> balachmar: can you pastebin your ufw status output somewhere?
[07:16] <sarnold> balachmar: have you manually added any rules that would prevent it from working?
[07:17] <sarnold> balachmar: does netstat -tnlp | grep :587  show it listening? is it listening on the interfaces you expect?
[07:17] <sarnold> s/interfaces/addresses/
[07:18] <balachmar> @sarnold: http://pastebin.com/uwV47Dr6 for ufw status verbose
[07:18] <sarnold> balachmar: hrm, I see an explicit DENY on 25; how are you testing that 587 doesn't work?
[07:19] <balachmar> sarnold: I am using thunderbird. and it works fine with ufw disabled
[07:20] <balachmar> sarnold: iptables output: http://pastebin.com/BKSjcCzd
[07:20] <sarnold> oof, I'm once again reminded that I need to study iptables more. :)
[07:21] <balachmar> sarnold: and netstat: http://pastebin.com/rZNyT7yx
[07:21] <sarnold> balachmar: and you're confident thunderbird isnt using 25?
[07:21] <balachmar> sarnold: yes, that was what I was thinking as well, with all that chaining, I am a bit abffled
[07:22] <balachmar> sarnold: well, it is telling me it uses 587 with STARTTLS
[07:22] <balachmar> But I can allow 25 for now
[07:22] <sarnold> balachmar: can you try something like openssl s_client -connect mailserver.foo.example.com:587   ? I think that should work..
[07:23] <balachmar> sarnold: even with 25 open (according to ufw) no luck
[07:24] <balachmar> openssl s_client -connect mail.wligtenberg.nl:587
[07:24] <balachmar> CONNECTED(00000003)
[07:24] <balachmar> mmm, I could have ubfoscated the server name there :)
[07:24] <sarnold> CONNECTED is actually encouraging..
[07:24] <sarnold>    16  2272 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:587
[07:25] <sarnold> that shows some 16 packets accepted through to port 587, right?
[07:25] <sarnold> (line 73)
[07:26] <balachmar> sarnold: http://pastebin.com/695FdJc7 full thing from openssl
[07:26] <sarnold> balachmar: can you check the postfix logs? thjere might be something else oging on..
[07:28] <sarnold> balachmar: aha, add a -starttls smtp to that openssl command line; I just got a nice SMTP session with your server
[07:29] <balachmar> @sarnold: you were able to send mail?
[07:36] <balachmar> @sarnold: I don't know :)
[07:37] <sarnold> balachmar: hehe :)
[07:37] <balachmar> @sarnold: aah I know why it whines about that
[07:37] <sarnold> balachmar: well, there's lots of reasons why it might fail to relay.. hopefully the logs say _why_
[07:37] <balachmar> @sarnold: you need to login to do that
[07:37] <balachmar> @sarnold: do you know how I can login using the openssl command?
[07:38] <sarnold> balachmar: oh man, it looks complicated :)  http://tools.ietf.org/html/rfc2554
[07:38] <balachmar> maybe I can use this: http://www.ndchost.com/wiki/mail/test-smtp-auth-telnet
[07:39] <sarnold> balachmar: ooh. worth a shot.
[07:44] <balachmar> @sarnold: ok, authenticated :)
[07:46] <balachmar> @sarnold: and seemingly able to send an e-mail
[07:46] <sarnold> balachmar: nice :) can you send...
[07:46] <sarnold> woo.
[07:46] <balachmar> @sarnold: but it didn't arrive yet...
[07:48] <balachmar> @sarnold: mmm, it didn't work
[07:49] <balachmar> So, as soon as I turn off ufw, I can send e-mail
[07:49] <balachmar> sarnold: I think it is actually about sending it, not receiving the task of sending mail
[07:50] <balachmar> sarnold: yes, it is unable to resolve google.com hostname
[07:50] <balachmar> sarnold: I can't ping on that machine either when I turn on ufw
[07:52] <balachmar> sarnold: I just don't know which ports are required for that
[07:52] <sarnold> balachmar: ping is different, that uses icmp rather than tcp or udp
[07:53] <balachmar> @sarnold, ok and which port is used for DNS?
[07:53] <sarnold> balachmar: resolving google.com would require probably allowing input from port 53 back to your server on any ephemeral port...
[07:53] <sarnold> balachmar: (the request is probably made from an ephemeral port rather than a well-known port..)
[07:54] <sarnold> balachmar: .. is there a connection tracking module required / available for dns?
[07:54] <balachmar> sarnold: don't know
[07:55] <balachmar> sarnold: I know that ping google.com doesn't work as soon as I enable ufw and that postfix also complains about not knowing where to send the mail
[07:55] <sarnold> balachmar: hrm, I don't see one on my system anyway..
[07:56] <sarnold> balachmar: 'ufw allow proto icmp' would probably fix that...
[07:56] <sarnold> (fix ping, that is. dunno about the rest. :)
[07:57] <balachmar> sarnold: ERROR: Need 'to' or 'from' clause ... (I forgot to mention this thing is running 8.04...)
[07:57] <sarnold> balachmar: aha, my shiny 13.04 laptop has them both optional :)
[07:58] <sarnold> .. though maybe that's just a shotrhand in the manpage.
[07:58] <balachmar> sarnold: and since it is a vps on openvz upgrading I cannot upgrade it
[07:58] <sarnold> balachmar: maybe 'to 0.0.0.0'?
[08:00] <balachmar> sarnold:ERROR: Unsupported protocol 'icmp'
[08:01] <sarnold> balachmar: try 'proto 1' ?  (I found it via grep icmp /etc/protocols)
[08:03] <balachmar> sarnold:ERROR: Unsupported protocol '1'
[08:03] <balachmar> :)
[08:07] <balachmar> sarnold: Aah, there seem to be issues with ufw using non stock ubuntu kernels (which vps companies do)
[08:07] <balachmar> sarnold: so, fixing that first
[08:28] <sarnold> balachmar: oooof. :/ it's bedtime for me, I hope you get something working to your liking. :)
[08:28] <sarnold> balachmar: if you wind up fixing it, I'd be curious to know what the end result is. :) good luck
[08:42] <balachmar> sarnold: I will let you know via a pm
[10:27] <_dreamer> Hello, I am installing a webserver with apache mysql and php. I ran into some trouble while trying to connect to my mysql server (from a local machine that's not the server). I get the Can't connect to [local] MySQL server error and I do not understand how to fix it even after reading this, http://dev.mysql.com/doc/refman/5.6/en/can-not-connect-to-server.html. Can anyone help me?
[10:32] <_dreamer> Hello, I am installing a webserver with apache mysql and php. I ran into some trouble while trying to connect to my mysql server (from a local machine that's not the server). I get the Can't connect to [local] MySQL server error and I do not understand how to fix it even after reading this, http://dev.mysql.com/doc/refman/5.6/en/can-not-connect-to-server.html. Can anyone help me?
[10:36] <_dreamer> nvm, gonna use phpmyadmin...
[11:57] <balachmar> Hi, I'm installing my own mail server, and I can send mail, and connect to imap. But I don't receive mails that I send from my gmail account to my new mail address.
[11:57] <balachmar> I am not sure how I can check that
[12:06] <e_t_> balachmar: do you have an MX record pointing to the mail server you set up?
[12:07] <balachmar> e_t_: yes, I now found this website that allowed me to check to which server it is pointing
[12:07] <balachmar> e_t_: http://mxtoolbox.com/SuperTool.aspx and that was fine
[12:07] <balachmar> e_t_: however when I did an smtp check, it failed. Now I allow port 25 as well, I didn't know if that was required
[12:08] <balachmar> e_t_: and that seemed to fix it :) I didn't really want to open 25, because I am sending over ssl, but apparently I also need it to receive mails :D
[12:09] <e_t_> Port 25 has to be open on a mail server. Otherwise, it's like welding your mailbox shut.
[12:09] <balachmar> e_t_: yep, kind of got that now :D
[13:39] <liri> hey guys
[13:40] <liri> I've got an Ubuntu natty server, where all of my repositories are configured to use us.archive.ubuntu.com. When I issue an apt-get update, I get 404 Not Found on many of the configured repositories.
[13:42] <liri> Should I fix up the repositories configuration some how or should I just go about doing a dist-upgrade?
[13:45] <mardraum> personally I would upgrade, otherwise, look for a mirror that still holds that ancient release.
[13:46] <liri> yeah I think I found a way
[13:46] <liri> just convert the source.list file from us.archive.ubuntu.com to old-releases.ubuntu.com
[13:46] <liri> should do it for the basic stuff
[13:46] <liri> thanks though
[17:22] <garrettkajmowicz> Greetings! I just upgraded my server from 10.04 LTS to 12.04 LTS and the newly-installed kernels will not boot. Specifically, I get dumped to a busybox shell. If I boot a kernel from 10.04, everything comes up fine. The funny thing is that if I am in the busybody shell, the root volume isn't mounted, but "mount /dev/md0 /root" works just fine. Any thoughts?
[17:44] <qman__> garrettkajmowicz, try creating/recreating /etc/mdadm/mdadm.conf
[17:44] <qman__> backing up any existing files of course
[17:45] <qman__> the 10.04 kernel may be doing autodetection that the 12.04 kernel isn't doing
[17:48] <garrettkajmowicz> qman__: I can buy that (working on the file now). However, simply running "mount /dev/md0 /root" works flawlessly once I'm in busybox - the RAID set has been automatically assembled.
[17:52] <garrettkajmowicz> qman__: I've checked the mdadm.conf file and updated it with a few bits. Next reboot (which will disable this connection) I will see if anything works better.
[17:52] <qman__> ok, just an idea
[17:54] <qman__> one other thing, check to make sure /boot didn't fill up
[17:55] <qman__> if it did you may have gotten partial/broken files on your new kernels or new initramfs files
[18:19] <lenny__> Hello this may be the wrong place for this question so I am sorry in advanced. I have set up my own server and have configured the DNS to point to it when I arrive at the page the page displays webpagename.com but when I go to any link it shows my server name. Is doing a mod rewrite the best way to handle this or is their a better way to do this?
[18:19] <lenny__> sorrry server IP not name
[18:25] <qman__> lenny__, that means you need to reconfigure your web application's settings
[18:26] <qman__> most web applications have a configuration file which has a setting for your site URL - where it is will depend on that application
[18:30] <lenny__> ok so for instance this is a wordpress install I should be looking their?
[18:31] <balachmar> I am trying to install roundcube, installed package form repos, but server/roundcube/installer/ doesn't exist
[18:31] <qman__> yes, wordpress should have a configuration file with a setting that is currently set to your server's IP, and that should be changed to your site name
[18:31] <lenny__> ok thank you very much qman__
[18:32] <andol> Seem to recall that wordpress has that setting in the database? (Commonly modified from /wp-admin/)
[18:33] <lenny__> I think wp-config.php should have it if not ill check the database. myserver is locked down to only allow shell access from my network though so I will check in an hour when I get back.
[23:31] <codepython777> anyone using vagrant / puppet / chef here?
[23:31] <codepython777> I was thinking of provisioning using bash, and was wondering if someone had any luck with that?
[23:49] <madprops> is there much difference between CentOS and Ubuntu Server when it comes to security?
[23:52] <qman__> yes, the two take different approaches on a number of issues
[23:53] <qman__> if you're really asking if one is more secure than the other though, the answer is no
[23:56] <qman__> security isn't about selecting one product over another, it's about strategy and behavior, you're only as strong as your weakest link