/srv/irclogs.ubuntu.com/2013/11/16/#ubuntu-server.txt

basil_Hi guys, any chance of advice on getting vnc server working (x11vnc actually) working on Ubuntu 12.04 running on XenServer 6.2? I want access to a graphical mode, rather than be stuck in CLI00:05
=== RoyK^ is now known as RoyK
=== Guest64913 is now known as wylde
=== Laogeodritt| is now known as Laogeodritt
TimRcan anybody tell me why I cant edit SSH port anymore I did have it on port 26 but it dont work anymore so when I switched it back to port 22 it works03:53
pmatulisTimR: did you restart the daemon after changing?03:57
TimRyes many times03:57
pmatulisTimR: check the listening ports with netstat or lsof03:58
TimRI stopped the service and started it back up again and still will not work or change03:58
TimRI dont see ssh even started03:59
pmatulisTimR: there should be an error in the logs.  or try to start it on the command line manually04:00
TimRsee when I try to edit sshd_config the what ports,ips protocols we listen for is commented out but when I try to add the ports and save it would just go back to commented out04:04
pmatulisTimR: you're having editor problems.  what editor are you using?04:05
TimRwell I was using webmin file to edit it out04:05
pmatulisTimR: that's your problem04:05
pmatulisreason #523 on why you should not use webmin on ubuntu04:06
TimRwell I did the vi04:08
TimRedit04:08
TimRthen when I try to restart ssh it gives me since the script you are attempting to invoke has been converted to an upstart job04:09
pmatulisshould have still worked but it is nagging you to use upstart directly next time04:11
TimRwell its not04:11
pmatulis'sudo restart ssh' should do it i think, it's been a while since i needed to restart sshd04:11
TimRwhen I do that I get restart unknown instance:04:12
TimRI am starting to think my server got hacked or something04:13
pmatulis'sudo start ssh' then04:14
TimRi tried to uninstall and reinstall noting happens04:30
TimRthat is openssh-server04:30
TimRcould iptables cause this issue?04:35
=== RoyK is now known as carlsen
=== carlsen is now known as RoyK
msihey guys, my server got hacked about an hour ago12:06
msithey bruteforced the ssh12:06
msiand did an rm f12:06
msiso I lost everything12:06
msiwhat should I do to prevent this from happening next time?12:06
msiThe ssh password was long, not in the dictionary or anything12:07
msimust of been alot of bruteforce power12:07
bekksmsi: Dont use password, but use password protected ssh keys.12:07
bekksThats what you should have learned from that.12:07
msibekks what is thath?12:07
bekksmsi: https://help.ubuntu.com/community/SSH/OpenSSH/Keys12:08
bekksmsi: And hopefully you did use a strong password for the user for sudo purposes, and hopefully you did not enable the root account for ssh on your server.12:08
mardraumI bet you use the same password somewhere else.12:09
msiNop it's a random generated12:09
msiThe attack came from germany12:10
mardraumthen I find it very unlikely and perhaps you are running old www apps and haven't kept the kernel updated?12:10
msiI run a script that does sudo apt-get update, upgrade, dist upgrade every day so12:11
mardraumdo you reboot into the new kernel?12:11
msiyeah the server reboots automatic every day12:12
mardraumif they removed everything, how did you come to this conclusion?12:12
msisaw it inside my  snort logs12:13
msifrom pfsense12:13
mardraumyou saw a shitload of bruteforce attempts, and then an eventual success logging in as root@ ?12:15
mardraumor your user could sudo su?12:15
msithey used the couchpotato user and then resetted the root password and used root acces to wipe all12:15
mardraumhow did they reset the root password?12:16
msiI have no clue12:17
msiI also see there were files transfered over ftp12:24
msiweird :s12:24
bekksmsi: You did not reinstall that box?12:25
msithe box is currently doing a dban 35 pass wipe12:25
msiand the os ssd is already secure erased12:26
bekks35pass wipe - you have too much time to spend, do you? :)12:26
msiWell the backup server is up and running so no problems, only 3 days left on the wipe12:27
msijust going to reinstall the os and add the disk back in later12:28
bekksI dont see why that takes longer than an hour, actually.12:28
msi1 tb drives :p12:29
msiand verifying every pass12:29
bekksWhy not just "mkfs" and start over?12:30
msiThey transferd files to my server and I want them gone for ever12:31
msiwho knows what it was12:31
msicould of been anything12:31
msijust paranoia I guess12:31
bekksThats just paranoid, yes. I guess, there are meds against that :P12:31
bekksI'd just used mkfs, reinstalled, and secure the server.12:32
msi^^12:32
msiSecuring the server you mean using ssh keys instead of password?12:32
bekksThat just one small step.12:32
msiCan you enlighten me about what other steps i should do?12:34
bekksmsi: https://help.ubuntu.com/12.04/serverguide/security.html and http://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics12:34
msithanks il read it in a secondĀµ12:35
msiI see, What would be the difference between recject and block in the firewall?12:37
msiHmm seems like the root login came from inside the network12:48
msiI can see a local ip12:48
bekksYou enabled root login?!12:48
msiyup12:49
bekksmsi: That was the first mistake.12:53
msihow so12:58
bekksmsi: It is disabled by default - for securit reason. You ignored that and payed your bill.13:03
msilol13:03
msiyou always need root to do stuff don't i?13:03
msior do you mean always use sudo13:03
bekks!sudo13:03
ubottusudo is a command to run command-line programs with superuser privileges ("root") (also see !cli). Look at https://help.ubuntu.com/community/RootSudo for more information. For graphical applications see !gksu (GNOME, Xfce), or !kdesudo (KDE). If you're unable to execute commands with sudo see: http://www.psychocats.net/ubuntu/fixsudo13:03
msiinstead of root account13:03
bekkssudo is not a replacement for root.13:03
bekksroot has no password by default, so you cannot login as root directly.13:04
bekksThats done for security reasons.13:04
msii see13:04
msiso for every service I run i should make another account?13:04
bekksyou should read the linked documents before setting up your server again.13:04
msian not all of them on the root acc13:05
bekksWhy do you want to create an account for every service?13:05
bekksYou are mixing things up.13:05
msirestricted acces to folders etc13:05
msilike my deluge only has acces to 3 folders13:05
bekksyou should not set a root password. You should use sudo when needing root privs. Thats all.13:05
msioh k13:05
msity dude13:06
=== freeflying_away is now known as freeflying
makarahi. I'm running 12.04. On desktop version I can add a PPA with add-apt-repository, but not on server. How to get it?16:08
jacobwmakara: `sudo apt-get install python-software-properties`16:09
makarayeah16:11
jrwrenwhat is the command to install build deps?16:29
jrwrendpkg-checkbuilddeps complains, i swear there was a command to install build deps16:29
jacobwis it possible to mirror main/installer-amd64 with apt-mirror?17:10
Beatstreetcan anyone tell me what this stuff means? box keeps locking up and going offline http://tinypic.com/r/2qtuvwo/518:48
mdeslaurBeatstreet: looks like xfs is crashing18:49
Beatstreethow do I fix that - this is a fresh OS install18:50
mdeslaurdon't use xfs, or perhaps try the 12.04 release iso instead of the 12.04.3 one18:50
mdeslaurther 12.04.3 has the 3.8.0 kernel backported from raring, perhaps the 3.2.0 one that was in 12.04 originally doesn't contain that particular issue18:51
BeatstreetI have 12.04.3 running on a few servers but this is the only one crashing18:52
mdeslaurthat's about all I can suggest, perhaps someone else has another idea18:52
mdeslauryou can also try installing the linux-lts-saucy kernel, it's more recent and is available for precise now18:53
qman__xfs is pretty stable these days, you more than likely have a hardware problem18:58
Beatstreethow can I ID the hardware issue?18:59
qman__run memtest and check your disks, those are the most likely culprits18:59
qman__when it locks up, if you have physical access, check to see if one of the disks is hanging and has a light stuck on19:00
Beatstreethdd are good but i will test mem ory- thanks19:00
BeatstreetI dont have physical access19:00
qman__how much RAM do you have?19:00
BeatstreetI've bene checking drives with smartmontools19:00
Beatstreet*been19:01
Beatstreet4GB19:01
qman__ok, that should be enough19:01
qman__drives don't always throw SMART errors, and especially if you're using desktop-class drives, they can just lock up and hang without producing an error19:01
qman__and that's normal and accepted behavior according to the manufacturer19:01
qman__if you had a controller problem you'd normally see an ATA DRDY error, and I don't see any of those, so that's probably not it19:03
Beatstreetit's pretty consistantly locks up so not sure where to look19:05
qman__well, you could eliminate xfs as the culprit by using a different filesystem and seeing if problems remain19:07
qman__but it sounds like hardware to me19:07
Beatstreetthanks qman__, mdeslaur19:10
basilHi any chance of some help in troubleshooting my attempt to connect to my Ubuntu 12.04 server (sitting on XenServer 6.2) via VNC (and GUI). I've installed X11VNC but get an error when I try to connect with my Viewer (on WinXP)21:42
jkitchenganglia-monitor's init doesn't have a 'status' and the pid file is wrong.23:11
jkitchen:(23:11
jkitchenat least in 12.04, I'll try out 13.10 in a bit23:12
Beatstreetis there another tool for testing HDD for failure other then smartmontools? Something for someone with no physical access to the box23:21
Beatstreetis there another tool for testing HDD for failure other then smartmontools? Something for someone with no physical access to the box23:22
=== chaos_ is now known as soahccc
=== freeflying is now known as freeflying_away

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!