[00:34] <ruben23> hi guys , i have issue with my ubuntu server 12.04 LTS, when i boot it wont directly boot instead i need to select first then on the booting process and loading it just freezed on the boot process part ---->http://s17.postimg.org/6k37qen7j/20141119_081525.jpg
[00:38] <ruben23> any idea guys..?
[03:18] <ojeq> @find ubuntu 12 lts
[03:18] <ojeq> !ping me
[08:18] <lordievader> Good morning.
[08:42] <blackyboy> In our Production server i can't login, Its a Ubuntu VM
[08:42] <blackyboy> While i login its login and immediately log-outs
[08:43] <lordievader> blackyboy: Tty or a gui?
[08:43] <blackyboy> What may be the issue, Even i have tried recovery mode its giving some error
[08:43] <blackyboy> lordievader: no its CLI server
[08:43] <lordievader> "its giving some error" what error?
[08:44] <blackyboy> wait 1 min sir let me take the error a screenshot
[08:44] <lordievader> !screenshot
[08:48] <blackyboy> lordievader: http://i57.tinypic.com/2drvt6o.png
[08:49] <blackyboy> imgur site not working now. so uploaded in tinypic
[08:50] <lordievader> blackyboy: Do you have a backup?
[08:50] <blackyboy> yes i have a backup
[08:51] <blackyboy> But now i have copied this vm to other server
[08:51] <lordievader> blackyboy: Good :) Grab a live-cd and check the drive. It looks to me like the disk is a bit broken (or the fs on it ofcourse).
[08:52] <blackyboy> oh ok let me try sir thankyou
[09:23] <blackyboy> lordievader: i have booted using a live cd, while i try to edit my network interface the file was reonly even i have executed this command , mount -o remount rw / and / have been mounted so i can't run fsck -y -C too
[09:23] <blackyboy> Any idea ?
[09:24] <lordievader> blackyboy: Err, you don't need to mount the install's /, so you can fsck it.
[09:26] <blackyboy> lordievader: i got these following Device to use as root file system menu
[09:26] <blackyboy> /dev/sda1
[09:26] <blackyboy> /dev/sda5
[09:26] <blackyboy> /dev/arrweb-vg/root
[09:27] <blackyboy> /dev/arwebs-vg/swap
[09:27] <lordievader> !paste
[09:27] <blackyboy> assemble RAID Array
[09:28] <blackyboy> lordievader: http://i.imgur.com/BgdmAc1.png
[09:29] <blackyboy> after choosing do not use root im getting this http://i.imgur.com/FCg4e6y.png
[09:30] <lordievader> Yeah, I suppose that first option is okay. What you want is a shell in an environment where you can check the filesystem on the harddrive.
[09:32] <blackyboy> yes i have choosed it and which executing the command fsck.ext4 /dev/sda5 its says cannot continue aborting
[09:32] <blackyboy> is in use
[09:33] <lordievader> blackyboy: You want /dev/arrweb-vg/root
[10:39] <caribou> rbasak: is the cloud-guest-utils package systematically in our cloud images ?
[10:39] <caribou> well rbasak or anyone who can answer
[11:09] <soren> caribou: cloud-guest-utils is part of the cloud-image task, so yes.
[11:09] <caribou> soren: thanks
[11:12] <soren> caribou: Since August 2013: http://bazaar.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/ubuntu.vivid/revision/2156
[11:45] <blackyboy> lordievader: can't fit :(
[11:45] <blackyboy> Three vms recoverd just i have moved those vm to other host
[11:45] <lordievader> blackyboy: Can't fit? Can't fit what?
[11:46] <blackyboy> using live cd you told me to fix the filesystem
[11:46] <lordievader> blackyboy: Yes...
[11:46] <blackyboy> when ever using fsck -y -C it saying resource busy
[11:49] <lordievader> blackyboy: What is the exact command you are using?
[11:50] <blackyboy> lordievader: now i ran the this command fsck.ext4 /dev/arrwebs--vg-root and it said clean
[11:51] <lordievader> blackyboy: Okay that is good :)
[11:52] <blackyboy> let me restart the vm and check whether  its work now
[11:54] <blackyboy> oh no
[11:54] <blackyboy> my login screen came, while entering the username and password its just kicking me out
[12:16] <neurotus> 2014 Nov 19 14:15:51 vps74689 PAM service(sshd) ignoring max retries; 6 > 3
[12:16] <neurotus> what is this ?
[12:16] <neurotus> keeps popping up on terminal now constantly
[12:16] <Vladislav> exit
[12:16] <Vladislav> quit
[12:16] <Vladislav> quit
[12:16] <neurotus> between few seconds
[12:17] <neurotus> someone bruteforcing ?
[12:17] <lordievader> neurotus: Is your sshd accessible from everywhere?
[12:17] <neurotus> lordievader: yes
[12:17] <lordievader> Then likely, yes.
[12:17] <neurotus> it just started. have been having this server for years.
[12:18] <neurotus> well all idents are not usernames
[12:18] <lordievader> Then you've had them for years, install fail2ban.
[12:19] <neurotus> some one is trying to root-login
[12:19] <neurotus> from 122.225.109.196
[12:20] <neurotus> gonna disable it
[12:20] <lordievader> That is the most common username ;)
[12:20] <neurotus> okay, knows my usenames
[12:20] <neurotus> which it cant
[12:20] <neurotus> because the idents are different than usernames
[12:21] <neurotus> no. that was just cron-job
[12:21] <neurotus> panic just made paranoid
[12:21] <lordievader> As I said, install fail2ban.
[12:23] <neurotus> i just made root-login disabled
[12:23] <neurotus> lordievader: gonna do it
[12:23] <mardraum> it is by default anyway.
[12:23] <neurotus> wasnt able to read clearly
[12:25] <neurotus> 14:18:40 user=root authentication failure
[12:25] <neurotus> havent seen anything after that in auth.log
[12:26] <neurotus> all logged users are from known ip's
[12:26] <neurotus> so everything is fine
[12:26] <neurotus> fail2ban log somewhere ?
[12:27] <neurotus> 2014-11-19 14:25:28,483 fail2ban.actions: WARNING [ssh] Ban 122.225.109.196
[12:27] <neurotus> nice
[12:27] <neurotus> banned
[12:27] <lordievader> neurotus: Err, you can also let it email you.
[12:27] <lordievader> It can include whois info too.
[12:28] <neurotus> i prefer tail -f /var/log/auth.log
[12:28] <neurotus> one terminal for that :)
[12:28] <neurotus> always ready
[12:28] <neurotus> retired so have the time
[12:30] <neurotus> that ip-range is from china
[12:30] <neurotus> is there a tor-filter ?
[12:30] <neurotus> and known public vnp's :)
[12:31] <neurotus> would like to disable those
[12:31] <lordievader> Firewall the subnet ;)
[12:32] <neurotus> fail2ban already made fail2ban-ssh chain
[12:33] <neurotus> so its enough for me
[12:33] <neurotus> bruteforcing root :P
[12:33] <neurotus> its possible but needs alot of luck :)
[12:33] <neurotus> in theory
[12:35] <phix> hi
[12:35] <lordievader> o/
[12:36] <phix> \o
[12:37] <phix> what's up?
[12:41] <phix> so how about that open source, pretty left wing right?
[14:14] <nunizacu> bttter turn off root loogin
[14:14] <nunizacu> and change shell to /bin/true
[14:15] <nunizacu> just in case
[14:16] <nunizacu> and use geoip to block all cn
[15:24] <yossarianuk> hi - is anyone aware how long packages are supported for from the mysql.com apt repo ?
[15:24] <yossarianuk> i.e http://dev.mysql.com/downloads/repo/apt/
[15:25] <lordievader> yossarianuk: That is up to Oracle.
[15:27] <yossarianuk> lordievader: thanks - I guess the version in the normal ubuntu repo is guaranteed till 2019 (the 14.04 packages anyway)
[16:21] <yossarianuk> if I am upgrading from Mysql 5.0 -> 5.6 - should I upgrade from 5.1 -> 5.5 -> 5.6 or can a just from 5.0 -> 5,6 ?
[16:21] <lordievader> !info mysql-server
[16:22] <lordievader> yossarianuk: Err, 5.6?
[16:24] <yossarianuk> lordievader: ubuntu 14.04 has in its normal repo MySQL 5.5/MySQL5.6 + mariadb 5.5
[16:26] <yossarianuk> i.e - http://packages.ubuntu.com/trusty/mysql-server-5.6  - http://packages.ubuntu.com/trusty/mysql-server
[16:27] <lordievader> !info mysql-server trusty
[16:27] <lordievader> !info mysql-server-5.6 trusty
[16:27] <lordievader> Ah, check.
[16:28] <lordievader> yossarianuk: http://dev.mysql.com/doc/refman/5.6/en/upgrading-from-previous-series.html
[16:40] <yossarianuk> lordievader: thank you.
[16:45] <yossarianuk> and by all accounts I should be able to go from 5.0 -> 5.6 ...
[17:02] <jvwjgames> hi
[17:03] <jvwjgames> i need help
[17:03] <jvwjgames> I did a distribution upgrade from 13.10 to 14.04
[17:03] <jvwjgames> and my websites that used to live at /var/www is gone
[17:03] <jvwjgames> and now 14.04 uses /var/www/html
[17:04] <jvwjgames> how do i switch it back to /var/www
[17:04] <jvwjgames> or migrate my site to /vaw/www/html
[17:04] <nunizacu> ln -s
[17:04] <nunizacu> or edit apache2.conf
[17:05] <jvwjgames> ok
[17:05] <nunizacu> 000-default in enabled sites maybe
[17:05] <jvwjgames> just wondering
[17:05] <jvwjgames> whitch is better ln -s symlinking or editing apahe2.conf
[17:06] <nunizacu> whatever you like
[17:07] <nunizacu> but i think path is in enables-sites/000-*
[17:07] <lordievader> jvwjgames: http://httpd.apache.org/docs/2.4/upgrading.html
[17:08] <jvwjgames> found it
[17:08] <jvwjgames> 000-default.conf reads DocumentRoot /var/www/html
[17:12] <jvwjgames> :)
[17:13] <jvwjgames> i fixed it yay thanks guys
[17:14] <jvwjgames> i don't have ssl on apache
[17:14] <jvwjgames> how do i enable my website for ssl
[17:14] <jvwjgames> cause i have an ssl cert
[17:15] <lordievader> jvwjgames: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04
[17:17] <lordievader> jvwjgames: You can skip step two ;)
[17:17] <jrwren> jvwjgames: didn't debconf ask you about overwriting those files in /etc/apache2 ?
[17:19] <jvwjgames> yes
[17:19] <jcastro> utlemming, hey the vagrant boxes are 14.04, not 14.04.1, who do I ping?
[17:20] <jvwjgames> i fixed the problems thanks everyone
[17:20] <jvwjgames> my website and ssl are fixed
[17:22] <jvwjgames> why must updates change everything
[17:22] <jvwjgames> one last problem to be fixed
[17:22] <jvwjgames> url rewrite is deactivated
[17:22] <jvwjgames> i need it other wise my websites goes no where
[17:23] <qwaserdf> sudo a2enmod rewrite
[17:23] <lordievader> jvwjgames: You upgraded from 13.10 to 14.04, change should be expected.
[17:24] <jvwjgames> Module rewrite already enabled
[17:24] <jvwjgames> but still not working
[17:24] <qwaserdf> sudi service apache2 restart
[17:24] <qwaserdf> sudo*
[17:26] <jvwjgames> you guys can check for your self http://jvwjgames.net
[17:26] <jrwren> jvwjgames: next time when debconf asks, just say "no" to replacing config files :)
[17:26] <jvwjgames> ok
[17:27] <jrwren> jvwjgames: the conf files will still be written along side the functioning conf files, but with a dpkg-dist file extension. Then you can diff and merge as you see fit.
[17:27] <jrwren> with zero downtime.
[17:27] <jvwjgames> ok
[17:28] <qwaserdf> https works I guess
[17:31] <jvwjgames> should apache have been updated to latest version when i updated to 14.04
[17:31] <jvwjgames> cause this site is reporting that i have outdated apache software http://sitecheck.sucuri.net/results/jvwjgames.net/
[17:35] <lordievader> !info apache2 trusty
[17:35] <lordievader> jvwjgames: Do you have 2.4.7?
[17:35] <jvwjgames> yes
[17:36] <jvwjgames> but just to make sure how do i check
[17:36] <lordievader> jvwjgames: apt-cache policy apache2
[17:36] <jvwjgames> Installed: 2.4.7-1ubuntu4.1
[17:36] <jvwjgames>   Candidate: 2.4.7-1ubuntu4.1
[17:37] <jrwren> jvwjgames: that site is using FUD to sell you firewalls.
[17:38] <jvwjgames> hmm
[17:38] <jvwjgames> i wish the websit web of tust didn't use that site then
[17:39] <jvwjgames> cause my site is being evaluwated by a web of trust site
[17:39] <jvwjgames> and this is what they had to say
[17:40] <jvwjgames> https://www.mywot.com/en/forum/51594-jvwjgames-net
[17:43] <jrwren> jvwjgames: odds are that they are reading Server line out of HTTP headers. Use the ServerTokens directive to limit the information you leak there.
[17:44] <jrwren> jvwjgames: https://httpd.apache.org/docs/2.2/mod/core.html#servertokens
[17:48] <jvwjgames> ok
[17:50] <patdk-wk> I hate stupid websites like that
[17:50] <patdk-wk> making you think your *secure* cause your on bleeding edge
[17:50] <patdk-wk> and everything else is crap
[17:51] <jrwren> patdk-wk: +1 on the hate. Really sad that a 3rd party is using that to verify something.
[17:51] <patdk-wk> more sad they are using it to *sell* something :)
[17:51] <jrwren> patdk-wk: That is all it is, is a sales tactic.
[17:51] <jrwren> "Look, you aren't secure. Buy our magic pixie dust."
[17:52] <jvwjgames> lol
[17:52] <jvwjgames> good one
[17:52] <jrwren> my previous job was in the security industry. I quickly learned that it is a racket.
[17:52] <patdk-wk> I would guess restricting version info works
[17:52] <patdk-wk> cause it doesn't detect mine is HORRIBLE old :)
[17:53] <patdk-wk> jrwren, worst yet is, 99% of security companies, distribute their software over http, without protection
[17:54] <jrwren> patdk-wk: we did not. :)  We used SSL and even used client certificate authentication.
[17:55] <jvwjgames> nice
[17:55] <jvwjgames> i still need my rewrite to work otherwise my site is broken
[17:55] <patdk-wk> heh?
[17:55] <patdk-wk> what rewrite?
[17:57] <jrwren> jvwjgames: oh, your old conf files should be there with a .dpkg-old extension if you would like to compare them or put them back.
[18:17] <mgz> smoser: review please! https://code.launchpad.net/~gz/simplestreams/setup_user_install/+merge/242248
[18:22] <smoser> mgz, done
[18:23] <mgz> smoser: ta!
[18:31] <jvwjgames> jrwren: where is the old conf located
[18:33] <jrwren> jvwjgames: apache config is in many files. find /etc/apache2 -name '*.dpkg-old'
[18:38] <jvwjgames> ok irestored old config
[18:38] <jvwjgames> but apache fails to start
[18:38] <jvwjgames> [Wed Nov 19 11:37:17.907774 2014] [ssl:emerg] [pid 10365] AH01892: Illegal attempt to re-initialise SSL for server (SSLEngine On should go in the VirtualHost, not in global scope.)
[18:39] <jvwjgames> i have it in virtual host
[18:52] <jvwjgames> nevermind i fixed it
[18:52] <jvwjgames> ewrite is still deactivated
[18:54] <teward> jvwjgames: you might have to turn on the rewrite mod...  a2enmod rewrite
[19:07] <jvwjgames> still not working
[19:07] <jrwren> confirm that rewriteengine on is where you think it should be?
[19:07] <jrwren> grep -iR rewriteengine /etc/apache2/
[19:09] <jvwjgames> error
[19:09] <jvwjgames> when typing that command
[19:09] <jvwjgames> but no listings
[19:11] <jvwjgames> jrwren: any ideas
[19:14] <jrwren> jvwjgames: i don't know about the error. If you get zero results, then you must enable turn on the rewrite engine somewhere.
[19:14] <jvwjgames> ok
[20:00] <jvwjgames> ok i got rewrite working parshaly
[20:01] <jvwjgames> i edited the file apache2.conf and added server tokens prod and serversigniture off but it is still there
[20:01] <jvwjgames> and yes i did a restart and reload of apache
[20:04] <jrwren> jvwjgames: i just changed mine and it works for me. You must not be editing the correct files or correct virtual hosts.
[20:36] <miccheck> hi. i'm new to linux and recently setup a vps running ubuntu to host a web blog. i'm running UFW. is that good enough for a simple blog server? i also don't have a IDS installed. is that necessary?
[20:37] <sarnold> miccheck: ufw is good, there's no real need for an IDS though it never hurts to keep an eye on your logs
[20:37] <lordievader> miccheck: Do you have an sshd running on it? If so fail2ban might be a nice addition.
[20:38] <miccheck> ok, cool. yeah, i setup fail2ban as well.
[20:38] <teward> lordievader: he could also restrict SSH to his IPs, `iptables -A INPUT -p tcp --dport 22 -s HISNET -j ACCEPT` or something, but still.
[20:38] <teward> only owrks if you have a static set of IPs.
[20:38] <teward> (not the case in most instances)
[20:38] <miccheck> i'm a bit nervous maintaining my own vps without knowing much about it, but sounds like i'm doing some of the right things
[20:39] <lordievader> teward: True, but with ssh I like to apply blacklisting as I use a few different dhcp addresses in different locations.
[20:39] <lordievader> miccheck: One learns it somewhere ;)
[20:40] <teward> lordievader: indeed.  'Course, in my case, my VPSes are key-auth-only which helps a bit
[20:40] <miccheck> yep, in the process now! coming along. i'm really digging linux and the command line stuff, although not sure what i'm doing completely yet
[20:42] <Kartagis> teward: speaking of which, when do we need -m tcp in iptables?
[20:42] <teward> Kartagis: `-p tcp` implies `-m tcp` i believe
[20:44] <Kartagis> I've got iptables -A INPUT -s my.ip.add.ress/32 -p tcp -m tcp --dport 8983 -j ACCEPT. is -m tcp extra here?
[20:44] <gbkersey> Kartagis: no it is not.
[20:45] <teward> gbkersey: it's not extra, but it's implied as part of `-p tcp` - for instance, this rule I added with `iptables -A INPUT -p tcp --dport 18333 -j ACCEPT`: A INPUT -p tcp -m tcp --dport 18333 -j ACCEPT
[20:45] <miccheck> here's another one. suppose i want to write a script to copy files from my mac to my ubuntu vps via ssh. how is that done given that ssh will ask for a password when running the ssh user@vpsIP part?
[20:45] <teward> at least, afaik it's implied by -p tcp
[20:45] <Kartagis> man says -m is match
[20:46] <miccheck> i've tried to do it manually via scp and sftp and keep getting permission denied errors when trying to copy directly into my site directory
[20:46] <miccheck> i think i've got the wrong permissions
[20:47] <gbkersey> teward: you are correct, it is implied...
[20:47] <sarnold> miccheck: feel free to chown -R your site's htdocs directory to your user account, just be sure to keep the permissions such that the web server can read the files
[20:47] <teward> Kartagis: you're right, it does mean match.  However, in the case of -p tcp, -m tcp is implied.  it's not extra, but it is implied with just `-p tcp`
[20:47] <teward> gbkersey: right, that's what I thought :)
[20:48] <Kartagis> k
[20:48] <teward> TBH i'm far from an iptables expert, my firewall on my networks is a pfSense appliance, the only system with its own iptables ruleset is this one laptop I take offsite
[20:48] <teward> but for my uses i know what i need to know :)
[20:48] <miccheck> ok, thanks. it's running nginx, so different directory structure, but i think same process
[20:49] <miccheck> what about for running a copy script that uses ssh, will the terminal just ask for the vps login when it gets to that part?
[20:50] <sarnold> miccheck: it's worth setting up ssh keys and running a local ssh agent so you don't have to supply login passwords all the time
[20:50] <teward> ^
[20:51] <miccheck> hmm, i thought i did that and that's what allowed me to ssh into the vps in the first place, but it does still ask for a password. hmm.
[21:37] <K4k> The new way of configuring networks in 14.04 really confuses me... I've got a if-up.d config that sets the static route for eth0 but with I ifup eth0 && ifdown eth0 I receive and error 2 on that file. If I try to run the ip route add command manually I receive "RTNETLINK answers: File exists" but there is no route currently set for eth0
[21:37] <K4k> What am I doing wrong here?
[21:40] <rbasak> Details please. What's the error exactly? What's the command that fails exactly? etc.
[21:41] <K4k> The whole error is "RTNETLINK answers: File exists" The command inside the if $IFACE = "eth0" in the if-up.d file is `ip route add 192.168.1.0/255.255.255.0 via 192.168.1.1 dev eth0`
[21:42] <K4k> when the if-up.d script runs as part of `ifup eth0` I receive a return code 2
[21:43] <K4k> which I assume is because `ip route add ...` fails
[21:44] <rbasak> Your route to 192.168.1.0/24 is via 192.168.1.1? How do you expect that to work?
[21:44] <rbasak> Are you sure you got that right?
[21:45] <K4k> er... not 100% sure
[21:45] <rbasak> That's a recursive route.
[21:45] <rbasak> How do you get to 192.168.1.1?
[21:45] <K4k> that's the gateway for the network this system is on
[21:46] <K4k> but because of the puppet module I'm using, I can't set a gateway in /etc/network/interfaces
[21:46] <K4k> I have to set it in as a route
[21:46] <rbasak> Maybe you want a default route.
[21:46] <K4k> which I thought was kind of dumb but I'm trying to go with it
[21:46] <rbasak> What you're asking it for makes no sense.
[21:47] <K4k> I didn't think so but that follows the example on the module README
[21:47] <rbasak> Probably best to fix your puppet module though.
[21:47] <rbasak> Sounds like the README is wrong then.
[21:47] <K4k> :) glad we've come to the same conclusion about that
[21:48] <K4k> now that I know how it's translating what I put into the class into the if-up.d script I think I can make it work. Thanks!
[21:52] <jvwjgames> is there a way for a device to emit a cetain hostname