/srv/irclogs.ubuntu.com/2014/07/08/#ubuntu-server.txt

=== Ursinha-afk is now known as Ursinha
=== aarcane_ is now known as aarcane
xopI am hosting ssh server behind a router. I already port forwarded port 22 to my server, and it was accessible via public ip until yesterday when it suddenly decided to stop working, though accessing through local ip is fine (OpenSSH).what might be the cause of this?02:38
Patrickdkheh?02:42
Patrickdkwhat does router and portforwarding have to do with each other?02:42
Patrickdkyou mean behind a nat firewall?02:43
xopyes02:43
xop#s02:46
histoxop: did your public ip change?02:46
histoxop: ipchicken.com02:46
xopno02:47
xopi checked that02:47
histoxop: What happens when you try to connect?02:47
xoptimeout02:47
xopnothing02:47
xopno promt for password02:48
xopit is just weird.. it was fine (public access) until lastnight02:48
histoxop: tracepath some.ip.add.ress02:49
Patrickdkdid you install something like fail2ban?02:50
xopsshguard yes02:50
histoxop: sshguard is a windows application isn't it?02:50
histo!info sshguard02:50
ubottusshguard (source: sshguard): Protects from brute force attacks against ssh. In component universe, is optional. Version 1.5-5 (trusty), package size 123 kB, installed size 333 kB02:50
histonvm me02:50
histoxop: that's probably blocking you then.02:50
xopeh02:50
xoplet me check on that02:51
xopi[i02:54
xopholy hell you were right02:55
histoxop: so you enterred your password wrong to many times02:55
derekthat's the most random and awesome guess at a connectivity problem I've seen yet lol02:55
xopi did not access it last night02:55
xopsomebody must have,,,02:56
xopi have a shared account and device so i guess that must be it02:56
histoxop: sshguard shouldn't be blocking everything if someone tries to access.  If it is uninstall it and install fail2ban02:56
xopah wlp02:57
xopwelp*02:57
histoxop: sshguard should just add a rule to block whatever IP was trying to login multiple times.02:57
xopwell the defualt limit is 4 so a little mistyping can result in banning02:58
xopperhaps i should change that02:58
xopThank you for the help02:58
xopI must get going. Awesome hunch btw02:59
solarflyxop++02:59
Patrickdkderek, not random at all :)03:00
lkthomashey guys, for standard upstart script, how could I let upstart track the process status ?03:00
Patrickdkdunno, I need to get moving on my upstart scritps03:01
Patrickdkhave to rewrite them all to systemd now :(03:01
lkthomaswhy03:01
lkthomasversion 14 ubuntu using systemd only ?03:01
RoyKupstart sucks03:01
Patrickdkyou don't read the news I guess03:01
Patrickdkhttp://www.markshuttleworth.com/archives/131603:01
lkthomaswhat the fsck03:02
lkthomasso init -> upstart -> systemd03:02
lkthomaswhen does it going to settle03:03
Patrickdkwhile, I think it was odd for ubuntu to go upstart03:03
Patrickdksystemd devs are kindof an ass03:03
Patrickdkso I'm conflicted both ways03:03
Patrickdkroyk, systemd wants to bend the system to their will03:03
Patrickdkthey have attempted to make kernel changes for things they broke in systemd03:04
Patrickdklots of fun03:04
lkthomasI got it03:08
lkthomasnevermind03:08
histoPatrickdk: why are you rewriting them now? Just to be ahead of the curve?03:09
Patrickdkneed them for 16.0403:09
Patrickdk:)03:09
histoPatrickdk: you have 2 years03:09
PatrickdkI have around 18months03:09
Patrickdkthen I will be defently in testing03:09
histotechnically 5 years but meh03:09
Patrickdk5?03:10
Patrickdkyou want me to upgrade when it's going eol?03:10
histoyeah if you are a procrastinator03:10
Patrickdkand you don't want me to build any new servers using the newer version03:10
Patrickdknormally, I have things fully tested a month before release03:10
Patrickdkso I can be filing lots of bug reports :)03:10
Patrickdkand hope they get fixed03:11
lkthomasPatrickdk: in theory you shouldn't run your production infrastructure with latest version03:12
Patrickdkheh?03:12
Patrickdkso upgrading 8 months after release is unacceptable?03:13
lkthomasI am serious03:13
lkthomasyeah03:13
Patrickdkeven if I fully tested it?03:13
lkthomasit took us 2 years to migrate from Lucid to Precise03:13
lkthomasmanagement decide to stay on Precise a while03:13
cfhowlettPatrickdk yes it's acceptable.03:13
Patrickdkand why?03:13
lkthomasPatrickdk: 10 servers deployment every month make us very busy03:14
Patrickdkwell, that sounds like your issue :)03:14
lkthomaswe don't have time to test and retest production system with latest release03:14
Patrickdkmy issue is making sure it tests good03:14
lkthomasOH03:14
lkthomasQA engineer ? LO03:14
lkthomasLOL03:14
Patrickdkall my critical systems have been upgraded already to trusty03:15
cfhowlettPatrickdk 12.04 still works.  use it or don't.  it's supported for 5 years.  unless your deployment NEEDS the very latest, greatest, shiniest stuff, why would you, lemming-like, upgrade the instant the new version hits?  wait for the first point release at least.03:15
Patrickdkthe other ones, I haven't, cause of other issues, like php changes03:15
Patrickdkthose will likely get side-by-side deployments03:15
lkthomasPatrickdk: actually our developer have their code written on precise03:15
Patrickdkyou mean, it's supported for 2.6years :)03:15
lkthomasso effort to move to new version is huge03:15
Patrickdkor 3.6, something like that03:16
lkthomasPatrickdk: it's enough until we change to new job :P03:16
PatrickdkI'm not going anywhere03:16
lkthomasI think eventually we will hire someone do it or I already change job03:16
Patrickdkthis is my 4th time03:17
lkthomascentos run like what, 10 years03:17
Patrickdkthis time has been perfectly smooth so far03:17
Patrickdkcentos is likely to run 2months03:17
lkthomasPatrickdk: no ?03:17
lkthomasPatrickdk: they hardly do big version change03:17
PatrickdkI have no love for centos03:17
Patrickdklikely better now with rhel backing them03:17
Patrickdkbut getting security updates 2-3months late03:18
Patrickdkis not something that is acceptable03:18
Patrickdkbut you get what you get for free03:18
Patrickdklots of rhel installs03:18
Patrickdklots of ubuntu installs03:18
lkthomasfor me I find it easier to manage Centos03:18
Patrickdkno centos03:18
lkthomasthan ubuntu03:18
PatrickdkI always found rpm a huge pain, and deb worked better03:19
lkthomashow so ?03:19
Patrickdkrpm always broke my systems everytime it updated software03:19
* lkthomas never had that problem03:19
Patrickdkrpm doesn't track installed files03:19
Patrickdkif you delete a file, it will magically return03:19
Patrickdkif that file caused a config issue, well, your software just broke03:20
lkthomaswe are using puppet to manage those crap03:20
lkthomasit will never get into problem03:20
Patrickdkpuppet doesn't fix it03:20
lkthomasPatrickdk: puppet is a workaround03:20
Patrickdkthough it can make sure it's corrected03:20
lkthomasyeah03:20
lkthomasanyway03:21
lkthomasbrb03:21
lkthomasneed to work on puppet again03:21
lkthomasLOL03:21
=== Sachiru is now known as Guest45106
=== Sachiru_ is now known as Sachiru
=== Sachiru is now known as Guest20043
=== Sachiru_ is now known as Sachiru
=== a1berto_ is now known as a1berto
blaaaI might want to add a wifi-AP/router-function to my home server, I am looking into buying http://www.compex.com.sg/productdetailinfo.asp?model=WLE900VX as a network card, how well is is suopported in ubuntu?08:16
avernosI have an application that requires several tcp open sockets, and i'd like to increase the default tcp limit on open connections, where can i do this?09:02
=== Adri2000_ is now known as Adri2000
jdstrandhallyn: hi! would you mind joing #apparmor on oftc?14:45
jdstrandhallyn: I have the developer of the libvirt-lxc apparmor patches there and he is looking at fixing that bug for us14:45
jdstrandhallyn: he has an unrelated question about libvirt-lxc being started in the net namespace and I thought you might be able to answer his question better than I14:46
jdstrandhallyn: (that bug being bug #1331081)14:47
uvirtbotLaunchpad bug 1331081 in libvirt "please split libvirt-driver apparmor abstraction for qemu and containers" [Wishlist,Triaged] https://launchpad.net/bugs/133108114:47
rickbeldinHi. Working a Canonical support ticket  00069682.  I have a large file (900mb) to upload and getting connection refused on ftp to archive.admin.canonical.com.     Don't know if that is 'normal' for that machine.15:54
rickbeldinWhat is the attachment limit for Launchpad?15:55
rickbeldinTrying to find this specific version of qemu-kvm and dbgsyms for coredump analysis:  1.2.0+noroms-0ubuntu2.12.10.7~precise1+lp1309676debug.  I have precise repos enabled and can't find it.16:05
RoyKrickbeldin: upload it somewhere and link to it - guess you have a webserver somewhere?16:08
rickbeldinRoyK: I can do that, but Greg Vallande gave me the ftp site yesterday for the 64gb (!) core dump.  I assumed he wanted it in the same place.16:09
=== gaughen_ is now known as gaughen
LachezarHey all. I am trying to boot the Alternate i386 Server (14.04) on a bit of an old hardware. USB stick is a no-go: blank screen on boot. USB CD boots, but hangs immediately at language selection (complete block: NUM lock does not toggle). Please advise.16:29
rbasakLachezar: try 10.04 or 12.04 to try and pin it down?16:30
rbasakI wonder if this is related to lack of non-pae support now.16:30
rbasakThough I think it gives you a message in that case.16:30
Lachezarrbasak: the machine has 1G RAM, and is a Celeron, so no PAE and no x64.16:31
rbasakLachezar: PAE has been required recently.16:31
LachezarI have a 10.04.03 server iso. Trying it ou. I'll be back...16:31
patdk-wkI think pae requirement came into play for 12.0416:32
rbasakThat's my memory too - though in 12.04 it was possible to get a non-pae machine to work using the netinst iso or something. I have a non-pae 12.04 machine that works.16:34
Lachezar10.04 booted, now what can I do to have a 14.04 installed? Custom CD? Or LTS-Upgrade-x2?16:47
cfhowlettLachezar you can do an LTS to LTS upgrade to 12.04 > 14.04    or download 14.04 and do a clean install16:48
Lachezarcfhowlett: 14.04 won't boot. That's why I'm trying the 10.04 CD, which actually boots and does not hang.16:49
LachezarI'd very much like to install 14.04 straight away, without the LTS upgrade path.16:50
cfhowlettLachezar 14.04 won't boot?  why not?16:50
Lachezarcfhowlett: hangs on language selection.16:51
cfhowlettLachezar  odd behavior - not sure that direct upgrade would avoid the issue, but ... sorry but 10.04 > 12.04 > 14.04 is your upgrade path16:53
Lachezarcfhowlett: people here suggested it has something to do with PAE missing.16:55
cfhowlettLachezar I can't comment - not enough knowledge16:57
RepoxHello. I'm trying to disallow access to a specific port on my server with iptables. This is what I tried: http://pastie.org/9368600 - but its not working. What am I doing wrong?16:58
patdk-wkyou can't upgrade to 14.04, if you don't have pae or x64 support16:58
patdk-wkoh, 12.04 will work16:59
patdk-wkbut >12.04 won't16:59
patdk-wkno, I'm wrong :(17:00
patdk-wk12.04 needs it too17:00
patdk-wkhttp://www.webupd8.org/2012/05/how-to-install-ubuntu-1204-on-non-pae.html17:00
patdk-wkdoubt that is recommended though17:00
Lachezarpatdk-wk: So basically I'm stuck with 10.04 on that machine?17:16
lordievaderGood evening.17:17
patdk-wksounds like you could upgrade to 12.04, but it won't be much fun17:18
patdk-wkand then, dead end, yes17:18
sarnoldyou could always compile your own kernels17:19
sarnoldhard to believe I used to do that for _fun_17:19
patdk-wk:)17:19
patdk-wkI used to have lots of fun with the 2.0 and 2.2 kernels17:20
patdk-wklots of patches and stuff I worked on in them17:20
sarnoldyeah, back in those days you -could- read through the whole menuconfig in an afternoon and see what the world had to offer :) hehe17:20
patdk-wknow if I could quit my jobs and stay at home all day like back then :)17:20
sarnoldhaha17:20
patdk-wksarnold, it's not just going be a kernel issue is it?17:23
patdk-wkisn't all packages compled it those options?17:23
patdk-wkand that old cpu support is going have issues with instructions not existing17:23
patdk-wkbesides just pae17:23
sarnoldpatdk-wk,Lachezar, oh this is the 'hangs at language selection' thing.. can you try again with a ps2 keyboard? iirc that was a usb keyboard problem :P17:25
patdk-wkI dunno, I'm just suggesting, he is likely to have more issues, if he does solve the pae issue :)17:27
sarnoldsure could be17:27
sarnoldheck depending upon the 12.04 installer people use they might run into issues. the original 12.04 discs might be best for long-term support for some older hardware, those get the full five years of support, I think the intermediate "hwe" kernels in the newer discs will drop out of support when 14.04.1 is released.17:28
patdk-wkhell, last night I suprised myself, I still have a machine running 32bit17:31
sarnoldnice :)17:31
michaelaguiarCan someone tell me how I can have an SSH user jailed to their var/www/sitename.com ?17:32
michaelaguiarFor example, I have multiple sites, for multiple clients.  I want to give them SFTP access to their site only17:32
patdk-wkagain?17:32
sarnoldmichaelaguiar: check ChrootDirectory in the sshd_config(5) manpage17:33
patdk-wkbut it's not likely to work the way you want :)17:33
patdk-wkif you want something easier, try proftpd17:34
michaelaguiarok I’ll try proftpd17:34
patdk-wkbut then, you can't have ssh and proftp/sftp on the same port17:34
sarnoldpatdk-wk: oh? why wouldn't chrootdirectory work out for sftp?17:35
patdk-wkit does work :)17:35
sarnoldoh okay17:35
michaelaguiarHmm, would it work if I jail the users to their home directory, and link any file they need into that home directory, so that they can upload and it can just sync over?17:36
patdk-wkit just has very insane settings to make it work17:36
patdk-wknow, those insane settings are nice, it makes it very secure17:36
michaelaguiarmaybe a symlink or something?17:36
patdk-wkyou cant symlink outside a chroot17:36
patdk-wkthat is the whole point of the chroot17:36
sarnoldmichaelaguiar: symlinks are resolved relative to the 'root' they live in. it can lead to madness.17:36
patdk-wkto not allow it17:36
michaelaguiarah17:36
* Lachezar has had enough for today. The 'server' has an 10.04.3 installation.17:37
LachezarThanks for the pointers everyone.17:37
michaelaguiarWhat would you guys recommend then?  just using proftpd or trying to use ChrootDirectory17:37
michaelaguiarAnd in the chroot path, would it be best to have that users site served from their home directory, instead of /var/www?17:38
michaelaguiarsarnold: do you know how I can use the ChrootDirectory method, but have the user access his site in /var/www?17:43
sarnoldmichaelaguiar: why not just chroot them right into their directory and not force them to know a /var/www/ prefix?17:45
michaelaguiarsarnold: thats what I want to do17:45
michaelaguiarcan I chroot them to a directory that is not their home?17:45
patdk-wkwith ssh? don't think so17:46
michaelaguiarI didn’t think so17:47
patdk-wkbut the bigger issue will be the permissions on the /var/www folder to make that work17:47
michaelaguiarMight as well just use proftpd for this case17:48
michaelaguiarthanks for the info guys17:49
=== ashleyd is now known as ashd
michaelaguiaris ACL a good solution for locking people to specific directories?19:04
FunnyLookinHatAre any of you aware of a GUI that makes it significantly easier to use Ubuntu as a router?  We've got a box already running as a router, but I have to believe there is a better way to manage IP forwards and whatnot than straight IPTables19:08
DeltaHeavyFunnyLookinHat: I forget the name but there are for sure GUI tools for iptables.19:14
lordievaderIf all you require is basic iptables support: gufw.19:15
FunnyLookinHatlordievader, is there a web-GUI version of gufw?  We run our servers headless...  :)19:17
lordievaderFunnyLookinHat: There's a cli version, but then you can just write iptables ;)19:19
FunnyLookinHatlordievader, hehe - well the problem is managing a lot of iptables rules...  they're quite... unruly :)19:19
FunnyLookinHatI've made the mistake of writing a badly written iptables rule one too many times19:19
rbergufw is pretty straight forward from the CLI. I prefer to edit /etc/iptables/rules.v? manually19:20
sarnoldufw might not be the best choice for routers though :)19:20
rbergwhooops missed that19:20
FunnyLookinHatYeah the big thing we want to be able to do is easily setup one-to-one forwards19:21
rbergvuurmuur looks pretty nifty19:22
FunnyLookinHatrberg, Ah that one is cool - I'll dig into it a bit19:22
sarnoldFunnyLookinHat: some pals really liked this, dunno if I could ever get the hang of it though: http://ferm.foo-projects.org/download/2.0/ferm.html19:23
FunnyLookinHatsarnold, ooh, nested rules!  Very cool19:23
sarnoldFunnyLookinHat: probably you know iptables better enough than I do that it'd be easy but whether it is improvement enough over iptables, no idea :)19:24
* patdk-wk loves shorewall19:24
FunnyLookinHatYeah I mean - I know how to use IPTables well enough...  this is more of a "what if my tech wants to setup a server that grabs one of our external static IPs so that a customer could test something"19:24
sarnoldI seriously miss ipf/pf -- I found that one pretty easy to use. (which is part of why I like ufw, it's close to pf, but it is just a front end with assumptions, rather than a native full language. oh well.)19:25
patdk-wkI was good at making iptables manually19:25
patdk-wkbut it becomes too much work to maintain and audit19:25
patdk-wkshorewall makes it much simpler19:25
FunnyLookinHathttp://shorewall.net/NAT.htm very cool  :)19:25
patdk-wknot sure if it will solve *that* issue though19:26
patdk-wkI tried fwbuilder, didn't really like it :(19:27
FunnyLookinHatpatdk-wk, yeah but it'd make writing a web-gui much easier19:28
patdk-wkya, my iptables was getting to be around 300 lines19:29
patdk-wkjust became unmanagable19:29
patdk-wkshorewall makes it even more secure, but does increase it to aorund 1200 iptables lines19:29
patdk-wkbut it's also quicker :)19:29
ttoll_renciquick apache2 question, how does it know to use /etc/apache2/sites-enabled as a config directory?19:46
sarnoldttoll_renci: IncludeOptional sites-enabled/*.conf19:48
ttoll_rencioh, thanks, didn't look at the apache2.conf file, used to RHEL packaging19:49
sebastianlutterhow to start VVM with BoxHeadless at startup on Ubuntu Server 12.04?20:37
=== xnox is now known as xnox_
=== xnox_ is now known as Eisbrecher
=== Eisbrecher is now known as Eisbrecher_xnox
bitfuryhi, anyone know what version of tomcat gets installed in ubuntu server 14.04 LTS when you select it during install?21:48
RepoxHi, does anyone have any experience with LXC? I'm having some issues reaching a server from a container, but not from the host.22:03
diffen_Hello, I wonder if this is a good solution. Im thinking of installing a MAAS solution with four servers and then installing iredmail on top of them. Is this a smart solution and a doable solution? If not, what is a good solution for a stable email solution.22:37
ndfhow is the auto screen off/blank configured in 13.10 server?22:39
ndfoh and also the kernel message behaviour?22:41
ndfI'm recovering a disk with safecopy and getting a lot of "buffer I/O error on device dev/sdb" in all my ttys22:42
ndfand my tty fors go blank so I have to type in the safecopy output to see it again lol22:42
ndf*ttys -for22:43
ndf**my ttys go22:43
ndfinterestingly screen contains kernel messages in an empty area of a split22:47
ndfoh, no it doesn't, the regions scroll away with the outside bbbbuffer22:49
ndf*buffer ... odd =/22:49

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!