[00:06] <basil60> Hi I'm using Ubuntu 12.04 with xfce 4.8 as a GUI. What do I change my keyboard layout to, so if I press shift+3, I get a hash instead of a pound (english currency) symbol?
[00:10] <sheptard> basil60: google changing your locale
[00:10] <basil60> my locale is correct I believe
[00:12] <basil60> mostly en_AU.utf-8
I've got the change keyboard command...just not which option gives mu us international
[00:14] <sheptard> http://dry.sailingissues.com/us-international-keyboard-layout.html
[00:14] <sheptard> that's US international
I'd been on that site. Which is more appropriate - generic 102 key intl or 105 key?
[00:15] <basil60> or 104?
[00:45] <basil60> Hi fixed my keyboard layout...but when I punch in my password now, it's not recognised. I wasn't running as root - just a normal user. How can I change my passwd to something recognisable under the new keyboard layout? Please?
[07:03] <wkmanire> What specifically makes a DNS server authoritative for a domain?
[07:03] <wkmanire> I'm trying to get set up a slave to zone transfer from my master following the Official Ubuntu Serve guide.
[07:04] <wkmanire> I can't get the zone to transfer and I get this message in syslog.
[07:04] <wkmanire> Mar 15 23:40:28 ubuntu5 named[760]: client 192.168.1.102#6962: received notify for zone 'wkmanire.net': not authoritative
[07:05] <wkmanire> Although the master DNS is resolving all of the sub domains for my network with no problems.
[07:21] <wkmanire> nevermind
[07:21] <wkmanire> I made a mistake
[08:54] <lordievader> Good morning.
[11:03] <PeterGriffin> Hi there. I have a cupple of servers on my net with 1000 Mb network interfaces and a few with 100 Mb. The speed between them is awfully slow, like 5K. Is it possible this to be caused by the differentspeed setting of the interfaces?
[11:04] <SpamapS> PeterGriffin: use ethtool to check what they're actually linked at
[11:06] <PeterGriffin> what in the output shows this
[11:06] <PeterGriffin> Do you mean the actual speed being set
[11:07] <SpamapS> PeterGriffin: sometimes auto-negotiation fails.. or silly things happen like it chooses half duplex
[11:07] <bekks> You should check duplex settings and MTU sizes, too.
[11:07] <SpamapS> PeterGriffin: just 'sudo ethtool eth0'
[11:07] <SpamapS> on a single flat layer 2 I would be surprised if MTU was an issue
[11:08] <SpamapS> you have to try really hard to screw that up
[11:08] <bekks> Or just play with "oh, wow, those jumbo frames sound cool." :)
[11:12] <arrith> can test network speed with iperf
[11:12] <arrith> could be application-level issue
[11:12] <PeterGriffin> this is the ethtool output on both sides of the problem http://pastebin.com/NBmACLhq
[11:13] <bekks> And how do you "test" the connection speed?
[11:14] <PeterGriffin> I showld mention that there are some switches and an optic between them, but the speed is bad only when connecting with the servers, not other Kubuntu desktops.
[11:15] <PeterGriffin> Well not very precisely actually. I send a bog file with netcat and monitorthe  progress.
[11:15] <bekks> So you have to check all physical links, maybe there is somethjing odd.
[11:16] <PeterGriffin> big* file
[11:17] <PeterGriffin> but when I send a file using exactly the same route, but from my laptop, the speed is ok
[11:17] <PeterGriffin> doesn't this exclude the phisical links
[11:18] <bekks> No.
[11:18] <SpamapS> PeterGriffin: tracepath otherbox
[11:18] <bekks> Unless you connect your laptop to the same switch port as the "other" computer you are trying it with.
[11:19] <SpamapS> PeterGriffin: give iperf a try
[11:23] <PeterGriffin> bekks: I didn't use exactly the same port. What I did is I changed the whole switch, so I suppose the port wouldn't matter. I did this on both sides just to be sure. Only I had one extra switch so I was able to have a new switch only on one side at a time.
[11:24] <bekks> So use iperf for further investigations.
[11:24] <PeterGriffin> SpamapS: tracepath reaches the other end
[11:24] <SpamapS> PeterGriffin: with pmtu == 1500 ?
[11:24] <PeterGriffin> I will
[11:24] <PeterGriffin> SpamapS: yes
[11:24] <PeterGriffin>  1:  192.168.68.1                                          0.097ms pmtu 1500
[11:24] <PeterGriffin>  1:  192.168.68.10                                         1.008ms reached
[11:25] <SpamapS> PeterGriffin: ok, -> iperf
[11:25] <PeterGriffin> these are the endpoints. The route does not show
[11:25] <PeterGriffin> iperf it is ... :)
[11:26] <bekks> being in the same network, no route is need.
[11:26] <bekks> *needed
[11:30] <PeterGriffin> I have never used iperf so I started the server and the client without options. It connects, but it does not showanything useful.
[11:31] <PeterGriffin> do I need to send a file throu it or something?
[11:35] <arrith> http://www.reddit.com/r/linux/comments/1maws6/checking_lan_transfer_speed_under_linux/
[12:29] <PeterGriffin> Ok. I did some learning and testing with ierf. I make the desktop server for iperf and start a connection from the ubuntu-servers as clients (both of them). When test UDP connection it is just fine. But when I start a TCP connection it fails. tcpdump shows that the iperf server sends ack for each packet, but the client recieves only a small part of them. So may be somewhere on the network they are lost and that makes the
[12:29] <PeterGriffin> connection fail.
[14:45] <SpamapS> PeterGriffin: I'd postulate that there is a bad cable, bad switch, switching loop, etc.
[14:50] <PeterGriffin> ok. I'll check again everything. Thanks for your help.
[17:30] <raj__>  which folder should be used for storing data to be used freely by all users(or preferably sudoers) of system ?
[17:30] <el_seano> raj__: I'm a fan of /srv, personally
[17:31] <raj__> el_seano: /srv.. what kind of files does that contain ?
[17:31] <el_seano> raj__: nothing, out of the box
[17:32] <raj__> okay
[17:32] <el_seano> later revisions of the FHS recommend using it as a place for data stored by services
[17:32] <el_seano> e.g., ftp, http, whatever
[17:32] <raj__> i mainly want to store some bash scripts that are used by all sudoers..
[17:32] <el_seano> raj__: http://www.pathname.com/fhs/pub/fhs-2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM
[17:33] <el_seano> ah, probably simpler would be one of the */bin's
[17:33] <el_seano> like /usr/share/bin
[17:33] <el_seano> otherwise, just make a /srv/bin and ensure that it's added to the path of your skeleton file, set guid, etc
[17:34] <raj__> okay..
[17:35] <el_seano> one org I worked with actually pointedly didn't add our sysadmin team's script directory to our PATHs, largely with the thinking of "If you're going to be using the gun, you need to unlock the safe"
[17:38] <raj__> el_seano: hmm.. thanks for the pointers..
[17:38] <el_seano> sure
[17:38] <el_seano> if you're not familiar with skel or guid, look at the man pages for chmod and useradd
[18:29] <raj__> how does the '-f' in 'bash -f script.sh' make a difference ? what is it for ?
[19:22] <cwiggs> can someone help me with an NFS mount problem i'm having with my server?  I've tried everything i can think of.
[19:23] <bekks> cwiggs: Just state the problem then, please :)
[19:23] <cwiggs> the nfs mount works on all computers except one, and i don't see anything in the logs on either the client or the server
[19:23] <cwiggs> when i run mount.nfs in verbose mode it doesn't list anything, just hangs forever
[19:24] <cwiggs> i restarted nfsd on the server already
[19:24] <cwiggs> and checked the exports file
[19:24] <cwiggs> everything looks good, in fact, this server did mount fine until recently
[19:24] <cwiggs> i've done all updates as well
[19:24] <bekks> "mount.nfs" is an incomplete command, and please dont use enter as a punctuation sign.
[19:24] <cwiggs> okay
[19:26] <cwiggs> when i run mount -t nfs -v it outputs
[19:26] <cwiggs> "mount.nfs: timeout set for Sun Mar 16 12:27:43 2014"
[19:26] <cwiggs> "mount.nfs: trying text-based options 'vers=4,addr=192.168.1.2,clientaddr=192.168.1.7'""
[19:26] <cwiggs> and now it just hangs there
[19:26] <cwiggs> nothing in syslog for the server or client
[19:27] <bekks> Which is an incomplete command.
[19:27] <bekks> You need to specify the share and the mountpoint.
[19:27] <cwiggs> "sudo mount -t nfs -v 192.168.1.2:/mnt/sdb1 /mnt/sdb1/"
[19:27] <cwiggs> i did
[19:27] <cwiggs> i just didn't type it here to save time
[19:27] <cwiggs> the command above is what i typed
[19:28] <bekks> Which did not save time at all. And DONT use enter as a punctuation sign. Please.
[19:28] <cwiggs> without the ""s of course
[19:28] <bekks> So is the server actually sharing that share, using NFS v4?
[19:28] <cwiggs> yes
[19:28] <cwiggs> yes.*
[19:29] <cwiggs> Like i said above, i have a few other computers that are accessing that share using NFS.
[19:30] <cwiggs> "/mnt/sdb1	192.168.1.0/24(rw,async,no_root_squash,nohide)" is what /etc/exports contains.
[19:30] <bekks> Thats a NFS v3 export line.
[19:31] <bekks> Mount it using NFS v3, not v4.
[19:31] <cwiggs> You're right, my mistake.
[19:32] <cwiggs> I can't remember the option for using v3 off the top of my head.
[19:32] <bekks> vers=3
[19:34] <cwiggs> Thank you, that fixed it.
[19:36] <cwiggs> Does anyone know how to make autofs use nfsv3?
[19:42] <cwiggs> bekks: btw, thank you for your help.
[19:57] <raj__> do bash scripts need to have any extension like .sh.. I used .sh extension with my "bash scripts".. & now realised it .. should I remove the .sh extension from those files ?
[20:02] <RoyK> raj__: no, extensions aren't necessary on unix systems
[20:02] <RoyK> just chmod +x, and a file is runnable
[20:02] <raj__> RoyK: thanks!!
[20:03] <RoyK> with scripts, usually the first line contains something like '#!/bin/bash' which tells the shell which interpretor to use
[20:09] <raj__> RoyK: Thanks a lot !! when I  use any extension like .sh the editors on my desktop identify the file as a script but without extension they have no clue, for that purposes if I keep any extension, what should it be ? .sh worked but mine  is a bash file
[20:12] <jrwren> there is nothing wrong with having a .sh or .bash extension.
[20:20] <RoyK> jrwren: didn't say that - just said it wasn't mandatory ;)
[20:21] <jrwren> RoyK: I was not attempting to correct you. ;]  Just trying to help our raj__
[20:21] <RoyK> raj__: if run from the shell, it doesn't matter. it's not like on windows where files are run in different instances on behalf of their extensions
[20:23] <raj__> RoyK: yes I understood that.. Thank you very much! :)
[20:23] <raj__> jrwren: yes, I got that.. thanks jrwren !! :)
[20:24] <RoyK> if only ubuntu had proper zfs support...
[20:34] <jrwren> why zfs? isn't btrfs supposed to be the future?
[20:41] <RoyK> jrwren: yes, it's possibly the future, but it's been the future for a long time
[20:41] <RoyK> jrwren: and I'd rather want something that works in the present
[21:21] <raj__> $ rm "-home.hist"           says: rm: invalid option -- 'h'         Try `rm --help' for more information.
[21:21] <raj__> deleting the above file fails.. how do I delete the above file successfully .. ?
[21:21] <sheptard> raj__: \-
[21:21] <sheptard> \-home.hist
[21:21] <raj__> sheptard: trying out
[21:21] <raj__> sheptard : didn't work but acutually the actual file name is a bit more complex.. tried:                   rm  \-home-raj-.history
[21:21] <raj__> sheptard , the actual file name is "-home-raj-.history", how could I remove ?
[21:21] <raj__> sheptard: sorry it was due to my mistake.. fixed!!
[21:29] <raj__> when i give a space before writing a command in terminal.. it does not appear in history.. is that a way to skip history ???
[21:36] <RoyK> raj__: rm -- -home.hist
[21:36] <RoyK> -- terminates the parsing of options
[21:50] <miceiken> hi guys, total noobie on the security front here. I'm running a simple ubuntu server, what precautions should I take? will a firewall suffice?
[21:50] <Patrickdk> well, a firewall works
[21:50] <Patrickdk> as long as you never make connections into or out of the server
[21:50] <Patrickdk> might as well unplug it and get the same security
[21:51] <Patrickdk> you have to worry about everything, any program that makes connections from pulling in something bad
[21:51] <markthomas> miceiken: you haven't said anything about what you're doing with the server, or anything about the environment it's in.  You can get some general rules-of-thumb that way, but it will be of limited use.
[21:51] <Patrickdk> and anything listening for connections, doing something bad (like webservers)
[21:52] <Patrickdk> and this assumes no one has console/ssh access
[21:52] <miceiken> sorry markthomas, I'm renting a VPS - for now I'm running a few services, nothing major but I have a mail server, web server, an irc bouncer and stuff like that
[21:52] <miceiken> I'm most worried about someone gaining control over my server
[21:53] <Patrickdk> so every insecure thing you could locate :)
[21:53] <markthomas> miceiken: is this system behind a firewall?  Does it have local users besides yourself?
[21:54] <miceiken> I am the only user, but the system has multiple users "running" different services. And no, no firewall.
[21:56] <markthomas> miceiken: First, start with something like this: https://help.ubuntu.com/10.04/serverguide/firewall.html
[21:57] <markthomas> miceiken: then, if this is a VPS, one of the most vulnerable attack points will be one you haven't mentioned yet: how are you logging into the system to administer it?  SSH?
[21:58] <miceiken> markthomas, yep, ssh with plain username/password auth
[21:59] <markthomas> miceiken: that is where you need to start your security efforts.  If someone compromises your account, that's a serious problem.
[22:00] <markthomas> miceiken: Start with authentication.  If you can, use a keypair for authentication and disable password logins.  Of course, make sure root ssh is disabled for good measure, even if you have the root password "locked"
[22:01] <markthomas> miceiken: then, look into an application called fail2ban.
[22:01] <miceiken> keypair is what? private ssh keys?
[22:01] <markthomas> miceiken: yes.  man ssh-keygen
[22:02] <RoyK> miceiken: just run ssh-keygen and then ssh-copy-id yourserver:
[22:03] <RoyK> user@yourserver, perhaps, if you haven't setup ssh aliases
[22:03] <markthomas> miceiken: one you've done that, you need to review the docs for every service you've listed.  If this is running services you care about (i.e. you're running a business on this instance) then you'll want to get some help.
[22:04] <miceiken> ah right, well no, it's only private use, I just want to take the basic measures to prevent anything
[22:06] <markthomas> miceiken: It'll be a fun learning project.
[22:06] <markthomas> RoyK: thanks for jumping in.  I have to drop off for awhile.  miceiken, have fun.
[22:08] <miceiken> thanks for your help markthomas
[22:08] <miceiken> RoyK, can I use sudo passwd -l <user> to disable log in to a user account?
[22:08] <miceiken> by disabling I mean login
[22:16] <RoyK> miceiken: better google it - http://www.cyberciti.biz/faq/linux-disable-user-account-command/ was ok
[22:17] <RoyK> miceiken: locking a user by changing the password won't disable her/him to login with ssh keys
[22:17] <miceiken> okay, thanks
[22:18] <miceiken> if I have 2 computers I want to access ssh from - do I make 2 seperate keys? or do I use the same? (I'm asking because of the username@HOST part)
[22:18] <RoyK> you can use the same keys
[22:18] <RoyK> ssh keys are just like any other cryptographic keys
[22:19] <RoyK> I usually use a set of keys per machine
[22:19] <RoyK> if one is stolen or otherwise lost, I don't need to change the keys for everything
[22:20] <RoyK> a set of keys meaning a public and private key, the set that's generated with ssh-keygen
[22:34] <miceiken> how can I tell if it works though RoyK?
[22:35] <miceiken> I set PasswordAuthentication to no in ssh_config but it still prompts me when I connect
[22:40] <miceiken> duh sshD
[22:43] <miceiken> thanks RoyK - got it all set up now