[00:05] <basil_> Hi guys, any chance of advice on getting vnc server working (x11vnc actually) working on Ubuntu 12.04 running on XenServer 6.2? I want access to a graphical mode, rather than be stuck in CLI
[03:53] <TimR> can anybody tell me why I cant edit SSH port anymore I did have it on port 26 but it dont work anymore so when I switched it back to port 22 it works
[03:57] <pmatulis> TimR: did you restart the daemon after changing?
[03:57] <TimR> yes many times
[03:58] <pmatulis> TimR: check the listening ports with netstat or lsof
[03:58] <TimR> I stopped the service and started it back up again and still will not work or change
[03:59] <TimR> I dont see ssh even started
[04:00] <pmatulis> TimR: there should be an error in the logs.  or try to start it on the command line manually
[04:04] <TimR> see when I try to edit sshd_config the what ports,ips protocols we listen for is commented out but when I try to add the ports and save it would just go back to commented out
[04:05] <pmatulis> TimR: you're having editor problems.  what editor are you using?
[04:05] <TimR> well I was using webmin file to edit it out
[04:05] <pmatulis> TimR: that's your problem
[04:06] <pmatulis> reason #523 on why you should not use webmin on ubuntu
[04:08] <TimR> well I did the vi
[04:08] <TimR> edit
[04:09] <TimR> then when I try to restart ssh it gives me since the script you are attempting to invoke has been converted to an upstart job
[04:11] <pmatulis> should have still worked but it is nagging you to use upstart directly next time
[04:11] <TimR> well its not
[04:11] <pmatulis> 'sudo restart ssh' should do it i think, it's been a while since i needed to restart sshd
[04:12] <TimR> when I do that I get restart unknown instance:
[04:13] <TimR> I am starting to think my server got hacked or something
[04:14] <pmatulis> 'sudo start ssh' then
[04:30] <TimR> i tried to uninstall and reinstall noting happens
[04:30] <TimR> that is openssh-server
[04:35] <TimR> could iptables cause this issue?
[12:06] <msi> hey guys, my server got hacked about an hour ago
[12:06] <msi> they bruteforced the ssh
[12:06] <msi> and did an rm f
[12:06] <msi> so I lost everything
[12:06] <msi> what should I do to prevent this from happening next time?
[12:07] <msi> The ssh password was long, not in the dictionary or anything
[12:07] <msi> must of been alot of bruteforce power
[12:07] <bekks> msi: Dont use password, but use password protected ssh keys.
[12:07] <bekks> Thats what you should have learned from that.
[12:07] <msi> bekks what is thath?
[12:08] <bekks> msi: https://help.ubuntu.com/community/SSH/OpenSSH/Keys
[12:08] <bekks> msi: And hopefully you did use a strong password for the user for sudo purposes, and hopefully you did not enable the root account for ssh on your server.
[12:09] <mardraum> I bet you use the same password somewhere else.
[12:09] <msi> Nop it's a random generated
[12:10] <msi> The attack came from germany
[12:10] <mardraum> then I find it very unlikely and perhaps you are running old www apps and haven't kept the kernel updated?
[12:11] <msi> I run a script that does sudo apt-get update, upgrade, dist upgrade every day so
[12:11] <mardraum> do you reboot into the new kernel?
[12:12] <msi> yeah the server reboots automatic every day
[12:12] <mardraum> if they removed everything, how did you come to this conclusion?
[12:13] <msi> saw it inside my  snort logs
[12:13] <msi> from pfsense
[12:15] <mardraum> you saw a shitload of bruteforce attempts, and then an eventual success logging in as root@ ?
[12:15] <mardraum> or your user could sudo su?
[12:15] <msi> they used the couchpotato user and then resetted the root password and used root acces to wipe all
[12:16] <mardraum> how did they reset the root password?
[12:17] <msi> I have no clue
[12:24] <msi> I also see there were files transfered over ftp
[12:24] <msi> weird :s
[12:25] <bekks> msi: You did not reinstall that box?
[12:25] <msi> the box is currently doing a dban 35 pass wipe
[12:26] <msi> and the os ssd is already secure erased
[12:26] <bekks> 35pass wipe - you have too much time to spend, do you? :)
[12:27] <msi> Well the backup server is up and running so no problems, only 3 days left on the wipe
[12:28] <msi> just going to reinstall the os and add the disk back in later
[12:28] <bekks> I dont see why that takes longer than an hour, actually.
[12:29] <msi> 1 tb drives :p
[12:29] <msi> and verifying every pass
[12:30] <bekks> Why not just "mkfs" and start over?
[12:31] <msi> They transferd files to my server and I want them gone for ever
[12:31] <msi> who knows what it was
[12:31] <msi> could of been anything
[12:31] <msi> just paranoia I guess
[12:31] <bekks> Thats just paranoid, yes. I guess, there are meds against that :P
[12:32] <bekks> I'd just used mkfs, reinstalled, and secure the server.
[12:32] <msi> ^^
[12:32] <msi> Securing the server you mean using ssh keys instead of password?
[12:32] <bekks> That just one small step.
[12:34] <msi> Can you enlighten me about what other steps i should do?
[12:34] <bekks> msi: https://help.ubuntu.com/12.04/serverguide/security.html and http://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics
[12:35] <msi> thanks il read it in a secondµ
[12:37] <msi> I see, What would be the difference between recject and block in the firewall?
[12:48] <msi> Hmm seems like the root login came from inside the network
[12:48] <msi> I can see a local ip
[12:48] <bekks> You enabled root login?!
[12:49] <msi> yup
[12:53] <bekks> msi: That was the first mistake.
[12:58] <msi> how so
[13:03] <bekks> msi: It is disabled by default - for securit reason. You ignored that and payed your bill.
[13:03] <msi> lol
[13:03] <msi> you always need root to do stuff don't i?
[13:03] <msi> or do you mean always use sudo
[13:03] <bekks> !sudo
[13:03] <msi> instead of root account
[13:03] <bekks> sudo is not a replacement for root.
[13:04] <bekks> root has no password by default, so you cannot login as root directly.
[13:04] <bekks> Thats done for security reasons.
[13:04] <msi> i see
[13:04] <msi> so for every service I run i should make another account?
[13:04] <bekks> you should read the linked documents before setting up your server again.
[13:05] <msi> an not all of them on the root acc
[13:05] <bekks> Why do you want to create an account for every service?
[13:05] <bekks> You are mixing things up.
[13:05] <msi> restricted acces to folders etc
[13:05] <msi> like my deluge only has acces to 3 folders
[13:05] <bekks> you should not set a root password. You should use sudo when needing root privs. Thats all.
[13:05] <msi> oh k
[13:06] <msi> ty dude
[16:08] <makara> hi. I'm running 12.04. On desktop version I can add a PPA with add-apt-repository, but not on server. How to get it?
[16:09] <jacobw> makara: `sudo apt-get install python-software-properties`
[16:11] <makara> yeah
[16:29] <jrwren> what is the command to install build deps?
[16:29] <jrwren> dpkg-checkbuilddeps complains, i swear there was a command to install build deps
[17:10] <jacobw> is it possible to mirror main/installer-amd64 with apt-mirror?
[18:48] <Beatstreet> can anyone tell me what this stuff means? box keeps locking up and going offline http://tinypic.com/r/2qtuvwo/5
[18:49] <mdeslaur> Beatstreet: looks like xfs is crashing
[18:50] <Beatstreet> how do I fix that - this is a fresh OS install
[18:50] <mdeslaur> don't use xfs, or perhaps try the 12.04 release iso instead of the 12.04.3 one
[18:51] <mdeslaur> ther 12.04.3 has the 3.8.0 kernel backported from raring, perhaps the 3.2.0 one that was in 12.04 originally doesn't contain that particular issue
[18:52] <Beatstreet> I have 12.04.3 running on a few servers but this is the only one crashing
[18:52] <mdeslaur> that's about all I can suggest, perhaps someone else has another idea
[18:53] <mdeslaur> you can also try installing the linux-lts-saucy kernel, it's more recent and is available for precise now
[18:58] <qman__> xfs is pretty stable these days, you more than likely have a hardware problem
[18:59] <Beatstreet> how can I ID the hardware issue?
[18:59] <qman__> run memtest and check your disks, those are the most likely culprits
[19:00] <qman__> when it locks up, if you have physical access, check to see if one of the disks is hanging and has a light stuck on
[19:00] <Beatstreet> hdd are good but i will test mem ory- thanks
[19:00] <Beatstreet> I dont have physical access
[19:00] <qman__> how much RAM do you have?
[19:00] <Beatstreet> I've bene checking drives with smartmontools
[19:01] <Beatstreet> *been
[19:01] <Beatstreet> 4GB
[19:01] <qman__> ok, that should be enough
[19:01] <qman__> drives don't always throw SMART errors, and especially if you're using desktop-class drives, they can just lock up and hang without producing an error
[19:01] <qman__> and that's normal and accepted behavior according to the manufacturer
[19:03] <qman__> if you had a controller problem you'd normally see an ATA DRDY error, and I don't see any of those, so that's probably not it
[19:05] <Beatstreet> it's pretty consistantly locks up so not sure where to look
[19:07] <qman__> well, you could eliminate xfs as the culprit by using a different filesystem and seeing if problems remain
[19:07] <qman__> but it sounds like hardware to me
[19:10] <Beatstreet> thanks qman__, mdeslaur
[21:42] <basil> Hi any chance of some help in troubleshooting my attempt to connect to my Ubuntu 12.04 server (sitting on XenServer 6.2) via VNC (and GUI). I've installed X11VNC but get an error when I try to connect with my Viewer (on WinXP)
[23:11] <jkitchen> ganglia-monitor's init doesn't have a 'status' and the pid file is wrong.
[23:11] <jkitchen> :(
[23:12] <jkitchen> at least in 12.04, I'll try out 13.10 in a bit
[23:21] <Beatstreet> is there another tool for testing HDD for failure other then smartmontools? Something for someone with no physical access to the box
[23:22] <Beatstreet> is there another tool for testing HDD for failure other then smartmontools? Something for someone with no physical access to the box