/srv/irclogs.ubuntu.com/2014/03/16/#ubuntu-server.txt

basil60Hi I'm using Ubuntu 12.04 with xfce 4.8 as a GUI. What do I change my keyboard layout to, so if I press shift+3, I get a hash instead of a pound (english currency) symbol?00:06
sheptardbasil60: google changing your locale00:10
basil60my locale is correct I believe00:10
basil60mostly en_AU.utf-800:12
basil60<sheptard>I've got the change keyboard command...just not which option gives mu us international00:13
sheptardhttp://dry.sailingissues.com/us-international-keyboard-layout.html00:14
sheptardthat's US international00:14
basil60<sheptard>I'd been on that site. Which is more appropriate - generic 102 key intl or 105 key?00:15
basil60or 104?00:15
=== Malediction_ is now known as Malediction
basil60Hi fixed my keyboard layout...but when I punch in my password now, it's not recognised. I wasn't running as root - just a normal user. How can I change my passwd to something recognisable under the new keyboard layout? Please?00:45
=== Ursinha is now known as Ursinha-afk
=== Ursinha-afk is now known as Ursinha
=== markthomas_away is now known as markthomas
=== markthomas is now known as markthomas_away
=== Ursinha is now known as Ursinha-afk
=== Ursinha-afk is now known as Ursinha
wkmanireWhat specifically makes a DNS server authoritative for a domain?07:03
wkmanireI'm trying to get set up a slave to zone transfer from my master following the Official Ubuntu Serve guide.07:03
wkmanireI can't get the zone to transfer and I get this message in syslog.07:04
wkmanireMar 15 23:40:28 ubuntu5 named[760]: client 192.168.1.102#6962: received notify for zone 'wkmanire.net': not authoritative07:04
wkmanireAlthough the master DNS is resolving all of the sub domains for my network with no problems.07:05
wkmanirenevermind07:21
wkmanireI made a mistake07:21
lordievaderGood morning.08:54
=== Ursinha is now known as Ursinha-afk
=== Ursinha-afk is now known as Ursinha
PeterGriffinHi there. I have a cupple of servers on my net with 1000 Mb network interfaces and a few with 100 Mb. The speed between them is awfully slow, like 5K. Is it possible this to be caused by the differentspeed setting of the interfaces?11:03
SpamapSPeterGriffin: use ethtool to check what they're actually linked at11:04
PeterGriffinwhat in the output shows this11:06
PeterGriffinDo you mean the actual speed being set11:06
SpamapSPeterGriffin: sometimes auto-negotiation fails.. or silly things happen like it chooses half duplex11:07
bekksYou should check duplex settings and MTU sizes, too.11:07
SpamapSPeterGriffin: just 'sudo ethtool eth0'11:07
SpamapSon a single flat layer 2 I would be surprised if MTU was an issue11:07
SpamapSyou have to try really hard to screw that up11:08
bekksOr just play with "oh, wow, those jumbo frames sound cool." :)11:08
arrithcan test network speed with iperf11:12
arrithcould be application-level issue11:12
PeterGriffinthis is the ethtool output on both sides of the problem http://pastebin.com/NBmACLhq11:12
bekksAnd how do you "test" the connection speed?11:13
PeterGriffinI showld mention that there are some switches and an optic between them, but the speed is bad only when connecting with the servers, not other Kubuntu desktops.11:14
PeterGriffinWell not very precisely actually. I send a bog file with netcat and monitorthe  progress.11:15
bekksSo you have to check all physical links, maybe there is somethjing odd.11:15
PeterGriffinbig* file11:16
PeterGriffinbut when I send a file using exactly the same route, but from my laptop, the speed is ok11:17
PeterGriffindoesn't this exclude the phisical links11:17
bekksNo.11:18
SpamapSPeterGriffin: tracepath otherbox11:18
bekksUnless you connect your laptop to the same switch port as the "other" computer you are trying it with.11:18
SpamapSPeterGriffin: give iperf a try11:19
PeterGriffinbekks: I didn't use exactly the same port. What I did is I changed the whole switch, so I suppose the port wouldn't matter. I did this on both sides just to be sure. Only I had one extra switch so I was able to have a new switch only on one side at a time.11:23
bekksSo use iperf for further investigations.11:24
PeterGriffinSpamapS: tracepath reaches the other end11:24
SpamapSPeterGriffin: with pmtu == 1500 ?11:24
PeterGriffinI will11:24
PeterGriffinSpamapS: yes11:24
PeterGriffin 1:  192.168.68.1                                          0.097ms pmtu 150011:24
PeterGriffin 1:  192.168.68.10                                         1.008ms reached11:24
SpamapSPeterGriffin: ok, -> iperf11:25
PeterGriffinthese are the endpoints. The route does not show11:25
PeterGriffiniperf it is ... :)11:25
bekksbeing in the same network, no route is need.11:26
bekks*needed11:26
PeterGriffinI have never used iperf so I started the server and the client without options. It connects, but it does not showanything useful.11:30
PeterGriffindo I need to send a file throu it or something?11:31
arrithhttp://www.reddit.com/r/linux/comments/1maws6/checking_lan_transfer_speed_under_linux/11:35
=== Ursinha is now known as Ursinha-afk
=== Ursinha-afk is now known as Ursinha
=== Ursinha is now known as Ursinha-afk
=== Ursinha-afk is now known as Ursinha
PeterGriffinOk. I did some learning and testing with ierf. I make the desktop server for iperf and start a connection from the ubuntu-servers as clients (both of them). When test UDP connection it is just fine. But when I start a TCP connection it fails. tcpdump shows that the iperf server sends ack for each packet, but the client recieves only a small part of them. So may be somewhere on the network they are lost and that makes the12:29
PeterGriffinconnection fail.12:29
SpamapSPeterGriffin: I'd postulate that there is a bad cable, bad switch, switching loop, etc.14:45
PeterGriffinok. I'll check again everything. Thanks for your help.14:50
raj__ which folder should be used for storing data to be used freely by all users(or preferably sudoers) of system ?17:30
el_seanoraj__: I'm a fan of /srv, personally17:30
raj__el_seano: /srv.. what kind of files does that contain ?17:31
el_seanoraj__: nothing, out of the box17:31
raj__okay17:32
el_seanolater revisions of the FHS recommend using it as a place for data stored by services17:32
el_seanoe.g., ftp, http, whatever17:32
raj__i mainly want to store some bash scripts that are used by all sudoers..17:32
el_seanoraj__: http://www.pathname.com/fhs/pub/fhs-2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM17:32
el_seanoah, probably simpler would be one of the */bin's17:33
el_seanolike /usr/share/bin17:33
el_seanootherwise, just make a /srv/bin and ensure that it's added to the path of your skeleton file, set guid, etc17:33
raj__okay..17:34
el_seanoone org I worked with actually pointedly didn't add our sysadmin team's script directory to our PATHs, largely with the thinking of "If you're going to be using the gun, you need to unlock the safe"17:35
raj__el_seano: hmm.. thanks for the pointers..17:38
el_seanosure17:38
el_seanoif you're not familiar with skel or guid, look at the man pages for chmod and useradd17:38
raj__how does the '-f' in 'bash -f script.sh' make a difference ? what is it for ?18:29
cwiggscan someone help me with an NFS mount problem i'm having with my server?  I've tried everything i can think of.19:22
bekkscwiggs: Just state the problem then, please :)19:23
cwiggsthe nfs mount works on all computers except one, and i don't see anything in the logs on either the client or the server19:23
cwiggswhen i run mount.nfs in verbose mode it doesn't list anything, just hangs forever19:23
cwiggsi restarted nfsd on the server already19:24
cwiggsand checked the exports file19:24
cwiggseverything looks good, in fact, this server did mount fine until recently19:24
cwiggsi've done all updates as well19:24
bekks"mount.nfs" is an incomplete command, and please dont use enter as a punctuation sign.19:24
cwiggsokay19:24
cwiggswhen i run mount -t nfs -v it outputs19:26
cwiggs"mount.nfs: timeout set for Sun Mar 16 12:27:43 2014"19:26
cwiggs"mount.nfs: trying text-based options 'vers=4,addr=192.168.1.2,clientaddr=192.168.1.7'""19:26
cwiggsand now it just hangs there19:26
cwiggsnothing in syslog for the server or client19:26
bekksWhich is an incomplete command.19:27
bekksYou need to specify the share and the mountpoint.19:27
cwiggs"sudo mount -t nfs -v 192.168.1.2:/mnt/sdb1 /mnt/sdb1/"19:27
cwiggsi did19:27
cwiggsi just didn't type it here to save time19:27
cwiggsthe command above is what i typed19:27
bekksWhich did not save time at all. And DONT use enter as a punctuation sign. Please.19:28
cwiggswithout the ""s of course19:28
bekksSo is the server actually sharing that share, using NFS v4?19:28
cwiggsyes19:28
cwiggsyes.*19:28
cwiggsLike i said above, i have a few other computers that are accessing that share using NFS.19:29
cwiggs"/mnt/sdb1192.168.1.0/24(rw,async,no_root_squash,nohide)" is what /etc/exports contains.19:30
bekksThats a NFS v3 export line.19:30
bekksMount it using NFS v3, not v4.19:31
cwiggsYou're right, my mistake.19:31
cwiggsI can't remember the option for using v3 off the top of my head.19:32
bekksvers=319:32
cwiggsThank you, that fixed it.19:34
cwiggsDoes anyone know how to make autofs use nfsv3?19:36
cwiggsbekks: btw, thank you for your help.19:42
raj__do bash scripts need to have any extension like .sh.. I used .sh extension with my "bash scripts".. & now realised it .. should I remove the .sh extension from those files ?19:57
=== markthomas_away is now known as markthomas
RoyKraj__: no, extensions aren't necessary on unix systems20:02
RoyKjust chmod +x, and a file is runnable20:02
raj__RoyK: thanks!!20:02
RoyKwith scripts, usually the first line contains something like '#!/bin/bash' which tells the shell which interpretor to use20:03
raj__RoyK: Thanks a lot !! when I  use any extension like .sh the editors on my desktop identify the file as a script but without extension they have no clue, for that purposes if I keep any extension, what should it be ? .sh worked but mine  is a bash file20:09
jrwrenthere is nothing wrong with having a .sh or .bash extension.20:12
RoyKjrwren: didn't say that - just said it wasn't mandatory ;)20:20
jrwrenRoyK: I was not attempting to correct you. ;]  Just trying to help our raj__20:21
RoyKraj__: if run from the shell, it doesn't matter. it's not like on windows where files are run in different instances on behalf of their extensions20:21
raj__RoyK: yes I understood that.. Thank you very much! :)20:23
raj__jrwren: yes, I got that.. thanks jrwren !! :)20:23
RoyKif only ubuntu had proper zfs support...20:24
=== markthomas is now known as markthomas_away
jrwrenwhy zfs? isn't btrfs supposed to be the future?20:34
RoyKjrwren: yes, it's possibly the future, but it's been the future for a long time20:41
RoyKjrwren: and I'd rather want something that works in the present20:41
=== lfaraone_ is now known as lfaraone
raj__$ rm "-home.hist"           says: rm: invalid option -- 'h'         Try `rm --help' for more information.21:21
raj__deleting the above file fails.. how do I delete the above file successfully .. ?21:21
sheptardraj__: \-21:21
sheptard\-home.hist21:21
raj__sheptard: trying out21:21
raj__sheptard : didn't work but acutually the actual file name is a bit more complex.. tried:                   rm  \-home-raj-.history21:21
raj__sheptard , the actual file name is "-home-raj-.history", how could I remove ?21:21
raj__sheptard: sorry it was due to my mistake.. fixed!!21:21
=== alexmoldovan1 is now known as alexmoldovan
raj__when i give a space before writing a command in terminal.. it does not appear in history.. is that a way to skip history ???21:29
RoyKraj__: rm -- -home.hist21:36
RoyK-- terminates the parsing of options21:36
=== markthomas_away is now known as markthomas
miceikenhi guys, total noobie on the security front here. I'm running a simple ubuntu server, what precautions should I take? will a firewall suffice?21:50
Patrickdkwell, a firewall works21:50
Patrickdkas long as you never make connections into or out of the server21:50
Patrickdkmight as well unplug it and get the same security21:50
Patrickdkyou have to worry about everything, any program that makes connections from pulling in something bad21:51
markthomasmiceiken: you haven't said anything about what you're doing with the server, or anything about the environment it's in.  You can get some general rules-of-thumb that way, but it will be of limited use.21:51
Patrickdkand anything listening for connections, doing something bad (like webservers)21:51
Patrickdkand this assumes no one has console/ssh access21:52
miceikensorry markthomas, I'm renting a VPS - for now I'm running a few services, nothing major but I have a mail server, web server, an irc bouncer and stuff like that21:52
miceikenI'm most worried about someone gaining control over my server21:52
Patrickdkso every insecure thing you could locate :)21:53
markthomasmiceiken: is this system behind a firewall?  Does it have local users besides yourself?21:53
miceikenI am the only user, but the system has multiple users "running" different services. And no, no firewall.21:54
markthomasmiceiken: First, start with something like this: https://help.ubuntu.com/10.04/serverguide/firewall.html21:56
markthomasmiceiken: then, if this is a VPS, one of the most vulnerable attack points will be one you haven't mentioned yet: how are you logging into the system to administer it?  SSH?21:57
miceikenmarkthomas, yep, ssh with plain username/password auth21:58
markthomasmiceiken: that is where you need to start your security efforts.  If someone compromises your account, that's a serious problem.21:59
markthomasmiceiken: Start with authentication.  If you can, use a keypair for authentication and disable password logins.  Of course, make sure root ssh is disabled for good measure, even if you have the root password "locked"22:00
markthomasmiceiken: then, look into an application called fail2ban.22:01
miceikenkeypair is what? private ssh keys?22:01
markthomasmiceiken: yes.  man ssh-keygen22:01
RoyKmiceiken: just run ssh-keygen and then ssh-copy-id yourserver:22:02
RoyKuser@yourserver, perhaps, if you haven't setup ssh aliases22:03
markthomasmiceiken: one you've done that, you need to review the docs for every service you've listed.  If this is running services you care about (i.e. you're running a business on this instance) then you'll want to get some help.22:03
miceikenah right, well no, it's only private use, I just want to take the basic measures to prevent anything22:04
markthomasmiceiken: It'll be a fun learning project.22:06
markthomasRoyK: thanks for jumping in.  I have to drop off for awhile.  miceiken, have fun.22:06
miceikenthanks for your help markthomas22:08
miceikenRoyK, can I use sudo passwd -l <user> to disable log in to a user account?22:08
miceikenby disabling I mean login22:08
RoyKmiceiken: better google it - http://www.cyberciti.biz/faq/linux-disable-user-account-command/ was ok22:16
RoyKmiceiken: locking a user by changing the password won't disable her/him to login with ssh keys22:17
miceikenokay, thanks22:17
miceikenif I have 2 computers I want to access ssh from - do I make 2 seperate keys? or do I use the same? (I'm asking because of the username@HOST part)22:18
RoyKyou can use the same keys22:18
RoyKssh keys are just like any other cryptographic keys22:18
RoyKI usually use a set of keys per machine22:19
RoyKif one is stolen or otherwise lost, I don't need to change the keys for everything22:19
RoyKa set of keys meaning a public and private key, the set that's generated with ssh-keygen22:20
=== markthomas is now known as markthomas_away
miceikenhow can I tell if it works though RoyK?22:34
miceikenI set PasswordAuthentication to no in ssh_config but it still prompts me when I connect22:35
miceikenduh sshD22:40
=== pHcF_ is now known as pHcF
=== ABC-XYZ_ is now known as ABC-XYZ
miceikenthanks RoyK - got it all set up now22:43

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!