| === Lcawte is now known as Lcawte|Away | ||
| === paralle21_ is now known as parallel21 | ||
| z1haze | how can i remove a symlink without deleting the whole directory it points to? | 01:20 |
|---|---|---|
| MontyH | I have what will be a simple question for you, but my google fu has failed to find an answer | 01:21 |
| MontyH | how do you deny all to cron | 01:21 |
| MontyH | oh, yeah, ubuntu 12.04 server 32bit | 01:21 |
| MontyH | the google fu says I should edit /etc/cron.deny which does not exist | 01:22 |
| MontyH | any help? | 01:22 |
| sarnold | z1haze: rm will only delete the symlink; I couldn't even find any way in the manpage to get it to follow a link :) -- and bonus, deleting a directory requires the -r command line option :) | 01:22 |
| z1haze | oh ok lol | 01:23 |
| z1haze | was just nervous | 01:23 |
| sarnold | MontyH: check the cron(1) manpage, it describes the interations between /etc/cron.allow and /etc/cron.deny | 01:24 |
| sarnold | z1haze: it's good to be nervous :) | 01:24 |
| MontyH | sarnold: ok read the whole man page twice, no mention on how to shut everyone out of cron | 01:29 |
| sarnold | MontyH: oh! nuts, maybe it was an addition between precise and trusty.. | 01:31 |
| MontyH | it WAS there in 10.04 I used it | 01:31 |
| sarnold | MontyH: oh man. I'm sorry. it's in crontab(1). :( http://manpages.ubuntu.com/manpages/precise/en/man1/crontab.1.html | 01:32 |
| MontyH | ok long story short, monday night some guys, 1 geolocated to China, the other to Viet Nam somehow slipped a cron job in that repeatedly attacked the password on the root user. no biggie it can't log on, but how did they get it in there? | 01:33 |
| sarnold | MontyH: things to check: (a) do you still allow password logins via sshd? require keys (b) do you use any cpanel or webmin or plesk or other "control panels"? those are normally crap | 01:35 |
| MontyH | yeah I know control panels are a no go. working on sshd as we speak | 01:38 |
| MontyH | I need some words of wisdom, how would someone from china or viet nam slip a cron job into my server that repeatedly bangs the root door? | 01:54 |
| MontyH | I know they arent that good because theyre trying root on ubuntu | 01:54 |
| MontyH | and I mean 46 pages of logs bangin the door | 01:55 |
| sarnold | MontyH: can you share some log entries? | 01:56 |
| MontyH | unfortunately the server that contained the log has been removed and quarantined. my desktop at work has the log | 01:58 |
| MontyH | and naturally I got no way to get there | 01:59 |
| MontyH | and naturally I didnt email it to myself. I'll be back tomorrow with it, thx | 02:02 |
| sarnold | MontyH: heh, sounds like a good way to enjoy the rest of the night :) | 02:03 |
| PryMar56 | MontyH, if its an ssh login attempt, move the service off port 22 on the WAN | 02:05 |
| stoned | IdleOne, here too I hope? | 03:32 |
| IdleOne | keep it up with your attitude and yes you will get banned her also | 03:32 |
| stoned | There was no attitude. | 03:33 |
| stoned | You're just an asshole. | 03:33 |
| stoned | Please get your dick hard. | 03:33 |
| IdleOne | if you would like to discuss how to resolve your bans you can join #ubuntu-ops | 03:33 |
| stoned | ban me. | 03:33 |
| stoned | NOW. | 03:33 |
| stoned | No thanks. | 03:33 |
| IdleOne | fine | 03:33 |
| MontyH | friends and neighbors I have a problem you guys can unite around. Monday 00:00:00 to Wednesday 12:32:00 I was the recipient of a hack. I geolocated the 2 ip's to china and viet nam. they did not penetrate ssh, but they DID somehow penetrate cron. leaving behind a coocoo's egg that kept beating on root's door and trying to log in. now we all know root cannot log in so I brought up just | 03:49 |
| MontyH | ssh on a different machine | 03:49 |
| MontyH | I need help shutting off cron | 03:50 |
| MontyH | pls, thx and all the niceties I can present | 03:50 |
| cfhowlett | MontyH *I* can't help, but if no response here, ask the ##linux channel. | 03:51 |
| MontyH | well therein lies the rub, other distros have cron.deny, ubuntu does not | 03:51 |
| cfhowlett | MontyH sadly such technical discourse far exceeds my paygrade | 03:52 |
| MontyH | 46 pages of logged attempts in 3 days all after root, wonder why they dint find out it was ubuntu first | 03:52 |
| cfhowlett | MontyH kiddiescripters will do that | 03:53 |
| MontyH | somehow they slipped my cron a crontab without breaking ssh | 03:53 |
| hilarie | I'm on Lubuntu 14.04 server, and have it running openVPN and DHCP it NATS everything on my LAN over the openvpn tunnel, I'd like to exempt things from SSL from going over the tunnel, is there any way to use IPtables to make it so some traffic that is being natted doesn't go through the tunnel? | 05:01 |
| === karl_marx is now known as karl | ||
| === karl is now known as Guest65021 | ||
| === Guest65021 is now known as orwe | ||
| === orwe is now known as orwell | ||
| === orwell is now known as skizo | ||
| === skizo is now known as phrenia | ||
| === phrenia is now known as phren | ||
| === phren is now known as skizo | ||
| === skizo is now known as khaitanya | ||
| sarnold | hilarie: you may get more traction in an openvpn channel -- I don't know how to do it, but I'd first guess that you need to modify routing table to have some IPs that have traffic routed through openvpn, some IPs that don't, and then use iptables rules to re-write port 443 traffic to an IP that's not routed via openvpn.. | 05:58 |
| === Trey is now known as Guest21536 | ||
| hilarie | sarnold, I'll try over there in the morning, thank you | 07:03 |
| sarnold | hilarie: good luck :) | 07:04 |
| ws2k3 | hello i'm trying to install ubuntu 12.04 but it hangs after selecter the mirror it shows an emty purple window | 07:54 |
| ws2k3 | i restarted the installation twice so this is the 3th time it happens | 07:54 |
| === Asandari- is now known as Asandari | ||
| === medberry is now known as Guest96733 | ||
| === dhkl is now known as fruitloop | ||
| === fruitloop is now known as dhkl | ||
| pmatulis | morning | 10:53 |
| === EzeQL____ is now known as EzeQL | ||
| === med_ is now known as Guest81993 | ||
| === Trey is now known as Guest73727 | ||
| tarvid | In a rash move I upgraded apache2 to 2.4.9 and now all the virtualhosts are broken | 13:23 |
| tarvid | is there a way to run the upgrade again and answer the configuration questions more carefully? I answered "keep" | 13:24 |
| pmatulis | tarvid: man dpkg-reconfigure | 13:26 |
| tarvid | pmatulis, I can't invoke the configuration prompts, | 13:33 |
| pmatulis | tarvid: have backups of your original configurations? | 13:34 |
| tarvid | yes pre upgrade | 13:35 |
| tarvid | they don't work with 2.4.9 | 13:35 |
| pmatulis | that's odd | 13:35 |
| tarvid | I never had a working 2.4.9 | 13:35 |
| pmatulis | what release of ubuntu is this? | 13:35 |
| tarvid | 12.04 | 13:36 |
| tarvid | but I munged things by trying to get to php 5.5 | 13:36 |
| tarvid | which prompted an upgrade to apache 2.4.9 | 13:37 |
| pmatulis | how did you get 2.4.9? | 13:37 |
| tarvid | from a PPA I am looking it up | 13:38 |
| tarvid | ondrej-php5 | 13:38 |
| pmatulis | well, you are installing PHP and Apache outside the Precise archives. problems should be expected | 13:39 |
| tarvid | I've got them | 13:40 |
| pmatulis | there you go | 13:40 |
| pmatulis | apache 2.4.9 will only available in 14.10 , and you're installing it on 12.04 | 13:41 |
| pmatulis | *be available | 13:41 |
| tarvid | I trusted the PPA | 13:42 |
| pmatulis | i bet that PPA installed a lot of other stuff right? | 13:42 |
| tarvid | yes | 13:42 |
| pmatulis | yeah, tons of libraries prolly | 13:42 |
| tarvid | and that makes restoring old files problematic | 13:42 |
| tarvid | I do have a recent backup of most things | 13:43 |
| tarvid | will etc and bin catch most of that | 13:44 |
| === Ursinha is now known as Ursinha-afk | ||
| pmatulis | if you need php 5.5 then why not install 14.04 LTS? i'm not sure why you were forced to install apache 2.4.9 b/c trusty ships with 2.4.7 | 13:44 |
| pmatulis | (14.04 = trusty) | 13:45 |
| OpenTokix | pmatulis: I am guessing some idiot developer gagging for the 0.0.2 difference | 13:46 |
| tarvid | I can run the rsync backwards, I don't want to push homes | 13:46 |
| pmatulis | heh heh, gagging | 13:47 |
| OpenTokix | =) | 13:47 |
| === Ursinha-afk is now known as Ursinha | ||
| === TDog_ is now known as TDog | ||
| === medberry is now known as Guest15740 | ||
| === med_ is now known as Guest429 | ||
| === Lcawte|Away is now known as Lcawte | ||
| aboSamoor | Hi all, I upgraded my ubuntu server on my gateway, and the connectivity with the internet stopped working, I am not sure how to debug what happened, is there any default values changed in the new ubuntu, everything used to work | 16:18 |
| markthomas | aboSamoor, the first thing I would check is your network interfaces and the routing table to make sure they're intact. Have you done this? | 16:23 |
| aboSamoor | markthomas: my /etc file is kept under etckeeper, I could not see anything that should the networking changed, I am kind of lost, do not know which tool I should use to debug the situation. The gateway runs DHCP, DNS, NIS and the local network services running really fine, it is just the gateway can not connect to the internet. One more thing, the gateway is able to ping the router it is behind. | 16:35 |
| === n2deep is now known as N2Deep | ||
| markthomas | aboSamoor okay, so that's a partial answer to my question. | 16:36 |
| markthomas | If you can ping out, then it's likely that the external interface and at least a portion of the routing table are correct. You may want to run netstat -rn (or route) and verify that the default route is set up correctly. Then, check that IP forwarding is enabled, and check your iptables rules | 16:37 |
| markthomas | aboSamoor, cat /proc/sys/net/ipv4/ip_forward | 16:40 |
| aboSamoor | markthomas: after two days of work | 16:43 |
| aboSamoor | markthomas: and nothing worked, I just restarted it and it works | 16:43 |
| aboSamoor | markthomas: :-D, man you are a miracle, I do not know what happened, but it works | 16:44 |
| === psivaa is now known as psivaa-afk | ||
| tarvid | Managed to revert but the process was ugly | 17:25 |
| s0x_ | hey guys ... im trying to setup an ubuntu server atm but am struggling with setting the domain for it. It gets its ip from an existing DNS but the domain should be set manually. I tried to add a domain entry into /etc/resolvconf/resolv.conf.d/head so it does add it to resolv.conf. Even though hostname -d or -f does not recognize the domain | 17:25 |
| s0x_ | there is hardly any documentation online how to properly set the domain name ... could anyone give me a bit of support? | 17:25 |
| markthomas | s0x_ have you tried adding the FQDN to /etc/hosts? | 17:26 |
| markthomas | or adding the FQDN to /etc/hostname? I'm not clear what the problem is, but one of those might help. | 17:27 |
| s0x_ | markthomas: thats not the proper way to do that, is it? | 17:27 |
| s0x_ | if you do so hostname acts kind of weired | 17:27 |
| s0x_ | hostname gives you the fqdn while hostname -f does not | 17:28 |
| markthomas | s0x_ the question is, what problem are you trying to solve? | 17:28 |
| s0x_ | i tried that earlier | 17:28 |
| markthomas | FQDN is a function of DNS. I'm not sure what behavior on the local system you're trying to modify. | 17:28 |
| s0x_ | we are setting up a private cloud over hear ... and there is no way to influence the dns that it could give us the domainname | 17:28 |
| markthomas | Okay, working in a cloud environment is 1000x more complex than setting up "a server" | 17:29 |
| s0x_ | it is actually just a couple of vm's inside a dmz which act as kind of a mini cloud | 17:29 |
| markthomas | You mentioned "it gets its IP from an existing DNS" and I'm not sure from that what your setup is. | 17:29 |
| markthomas | Since IPs are not assigned by a DNS server. | 17:30 |
| ryan_turner|MTW | so all you're really trying to do is set the fqdn | 17:30 |
| markthomas | Okay, so you have two VMs. And these have statically-assigned IPs? | 17:30 |
| s0x_ | aehhh sry DHCP | 17:30 |
| s0x_ | just a typo :D | 17:30 |
| s0x_ | no DNS at all :p | 17:31 |
| markthomas | Okay. What are you trying to solve by assigning server IPs by DHCP? | 17:31 |
| markthomas | Because if you want to use DHCP to assign IPs and you want the hostnames to resolve, you have to have dynamic DNS set up. | 17:31 |
| markthomas | For such a tiny setup, would you not be better off using static IPs? | 17:31 |
| s0x_ | these are public ips so there is no way to set them statically | 17:31 |
| ryan_turner|MTW | ^^ which most of the time is unnecessary | 17:31 |
| markthomas | That statement in itself is not accurate. Who is issuing the IPs? | 17:32 |
| s0x_ | well ... we are deployin machines on demand | 17:32 |
| ryan_turner|MTW | coulsnt be dhcp | 17:32 |
| s0x_ | an existing DHCP we cant influence | 17:32 |
| lordievader | Good evening. | 17:33 |
| ryan_turner|MTW | set your fqdn and then have your dns folks give you a dyndns script. | 17:33 |
| markthomas | Okay. So back to my initial question: if this is external DNS resolution, you will need a properly-configured dynamic DNS. If not...then what are you trying to solve? | 17:33 |
| s0x_ | well ... we have to setup the FQDN manually ... .there is no point in discussin if that makes sense ... | 17:35 |
| ryan_turner|MTW | Reading your original question, all you're asking is how do you ignore the domain-name given during dhcp negotiation? | 17:36 |
| s0x_ | i dont get one! | 17:36 |
| ryan_turner|MTW | Then that's your DHCP server configuration's issue. | 17:37 |
| ryan_turner|MTW | But in all honesty that's not really... normal | 17:38 |
| ryan_turner|MTW | it's usually a search domain that it gives out | 17:38 |
| lock | Is there any way to check if a NIC is supportted on ubuntu? | 17:42 |
| markthomas | s0x_ when you don't have a FQDN assigned by DHCP, what affect is it having? | 17:45 |
| sarnold | lock: easiest is to just try; next easiest is to look through e.g. http://www.ubuntu.com/certification/catalog/search/?query=nic | 17:46 |
| sarnold | lock: you could also look for model number or chipset numbers in /lib/modules/`uname -r`/kernel/drivers/net | 17:47 |
| lock | thank you sarnold | 17:48 |
| === Guest429 is now known as med_ | ||
| med_ | jamespage, have you ever had kernel panics using neutron with VXLAN? | 17:52 |
| * med_ is stuck in kernel panics on a neutron node | 17:52 | |
| === Jare_ is now known as Jare | ||
| genii | jahayes91: If you just state ( as briefly as possible) the actual type of help you need into the channel, someone may know how to assist you. | 17:55 |
| genii | Like, if you're having a specific question about setting up your dhcp server, etc | 17:56 |
| jahayes91 | I'm looking for some help with isc-dhcp server | 17:56 |
| jahayes91 | Ah apologies, I'm having issues with starting the service. I have it all installed and configured as far as I can see. | 17:57 |
| genii | jahayes91: If you put what's in your /etc/dhcp/dhcpd.conf into a pastebin for us to see please :) | 17:59 |
| jahayes91 | Sure | 18:00 |
| === Trey is now known as Guest89489 | ||
| jahayes91 | http://pastebin.com/WNi5Q9XE Thanks guys :) | 18:08 |
| jahayes91 | http://pastebin.com/WNi5Q9XE Thanks guys :) | 18:17 |
| sarnold | hey jahayes91, you didn't miss anything while you were gone | 18:18 |
| jahayes91 | New to this irc business... I think i managed to disconnect myself... | 18:18 |
| sarnold | you did :) but just for twenty seconds | 18:19 |
| === unreal_ is now known as unreal | ||
| === jahayes91 is now known as JamieHayes | ||
| === medberry is now known as Guest81830 | ||
| forrest | Hi guys, is anyone familiar enough with febootstrap to know why this error:febootstrap: aptitude: error: no file was downloaded corresponding to package dpkg would be generated when running update-guestfs-appliance? I've already reviewed the relevant search via google and confirmed I am running febootstrap 3.14-2. This is on a 12.04 machine. | 19:17 |
| === med_ is now known as Guest68322 | ||
| znf | Hello. | 20:18 |
| znf | Can someone give me a hint of how to configure the network interface with dhcp on a server? I did edit /etc/networking/interfaces but it doesn't do anything after reboot, just like I haven't touched it | 20:19 |
| sarnold | znf: can you pastebin your /etc/network/interfaces? someone might be able to give it a look (lunchtime for me ;) | 20:31 |
| znf | nevermind, I somehow typed "auth eth0" instead of "auto eth0" | 20:31 |
| === EzeQL__ is now known as EzeQL | ||
| cloudman | Hi is mod_expires.c installed as default on 12.04? | 21:03 |
| zartoosh | HI I am using ubuntu 12.04. The top command indicates one of the applications are running %172 how is that possible? | 21:05 |
| cloudman | Hi is mod_expires.c installed as default on Buntu12.04? | 21:07 |
| cloudman | and mod_headers.c | 21:07 |
| cloudman | I cannot locate them on a system | 21:08 |
| sarnold | zartoosh: one core = 100% -- so your application is using 1.72 cpu cores. | 22:01 |
| zartoosh | sarnold, thanks | 22:28 |
| === Trey is now known as Guest94523 | ||
| tarvid | I have a remote machine with 13.10 desktop. I want to load 14.04 server. I can access the 13.10 desktop with ssh | 22:54 |
| sarnold | tarvid: do-release-upgrade ought to get you there | 22:58 |
| tarvid | I suppose the remnants of the desktop installation will not be all that significant | 22:59 |
| sarnold | ? | 22:59 |
| tarvid | It has 13.10 desktop installed | 23:00 |
| tarvid | but do-release-upgrade is running | 23:00 |
| sarnold | do-release-upgrade can upgrade desktops :) | 23:00 |
| tarvid | I am going to make it a server and I have this lingering attachment to the rubric that real servers don't run desktop | 23:01 |
| sarnold | ah :) feel free to apt-get purge whatver you don't want to keep, either before or after the upgrade. | 23:02 |
| tarvid | but frankly, I don't give a damn as long as it works reasonably well | 23:02 |
| tarvid | shbouldn | 23:03 |
| tarvid | t be too hard to make a recovery partition | 23:03 |
| === Lcawte is now known as Lcawte|Away | ||
| === danfinch1 is now known as danfinch | ||
| genitrust_ | hey everyone! i have a server that is giving the internet to all other computers on the network through eth1 192.168.0.1 | 23:56 |
| genitrust_ | ...but for the machines (there are many) that grab the DNS automatically from my gateway, how do I tell these machines to use 8.8.8.8 as the default DNS? | 23:56 |
| sarnold | genitrust_: why not run a caching recursor yourself? | 23:57 |
| genitrust_ | sure why not? i mean if that helps us solve this , great :D | 23:58 |
| sarnold | genitrust_: I've used powerdns recursor and enjoyed it :) | 23:58 |
| genitrust_ | is that somethign i can apt-get install ? :D | 23:58 |
| sarnold | genitrust_: package pdns-recursor -- some online documentation (of newer version, of course) is at http://doc.powerdns.com/html/built-in-recursor.html | 23:59 |
| genitrust_ | instead of us logging into every machine and saying, "ok use 8.8.8.8 every time you boot up!" ... we want to have our gateway tell the machines, "hey dumbass, use 8.8.8.8 for your DNS, not 127.0.0.1" | 23:59 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!