| MannyLNJ | Looking for guides on securing my home ubuntu server | 00:09 |
|---|---|---|
| sarnold | disable password authentication to ssh, use ufw to allow only the ports you want open, use apparmor to confine the services that you do run; under no circumstance use a web "control panel" thing, those are usually garbage | 00:11 |
| sarnold | set up unattended upgrades if you won't be logging in regularly | 00:11 |
| MannyLNJ | sarnold, so instead of password auth for ssh use a pre-shared key? I only want to allow Point to point tunneling, for a VPN, and access to my calibre library from the outside world and inside my lan access some shared printers including a PDF printer on the Ubuntu server | 00:14 |
| sarnold | MannyLNJ: yes, the ssh public key stuff is actually more convenient than using passwords anyway, so that'll be for the best :) | 00:15 |
| MannyLNJ | sarnold, I forgot if I have another firewall on the system. i'm thinking if I got PPTPD working then i do so would UFW - Uncomplicated Firewall cause a conflict? | 00:20 |
| sarnold | MannyLNJ: ufw is a friendly front end to iptables; if you're doing iptables entries yourselves for other reasons, feel free to skip ufw. | 00:21 |
| MannyLNJ | sarnold, I prefer not to do them myself because I think a 6 year old knows more than i do about this topic | 00:21 |
| sarnold | MannyLNJ: hehe, I know the feeling, iptables baffles me. that's why I like ufw. but if you're oging to run a vpn concentrator thingy yourself, you may need more than ufw is prepared to do for you. | 00:22 |
| patdk-lap | heh? | 00:24 |
| MannyLNJ | sarnold, I am just concerned about my system being compromised and used as a base to launch DDOS attacks. Or should I not be too concerned since I'm just on a home network | 00:24 |
| patdk-lap | iptables is great | 00:25 |
| patdk-lap | it's the whole ebtables and stuff that gets odd | 00:25 |
| sarnold | patdk-lap: I used ipf and pf for years, the change to iptables way of thinking hurts my head | 00:26 |
| sarnold | you're right thuogh, ebtables is Much More So :) | 00:26 |
| MannyLNJ | I know the only truly secure system is one in a locked room with no keyboard, no network connection and encased in concrete but that would be useless ;-) | 00:26 |
| patdk-lap | I never wrapped my head around pf | 00:27 |
| patdk-lap | did a crapload of ipchains | 00:28 |
| sarnold | I never did ipchains either; I did ipfwadm, that fit my head alright.. | 00:28 |
| patdk-lap | I was huge into 2.0 and 2.2 kernels | 00:33 |
| patdk-lap | was kindof depressed when I was forced to upgrade to 2.4 | 00:33 |
| patdk-lap | and the scheduler and memory stuff was totally rewritten and my custom scheduler wouldn't work without well, months of rewrites | 00:33 |
| sarnold | and then they threw away the scheduler and memory stuff again a few releases later, hehe | 00:34 |
| MannyLNJ | Another question-- I need to print from my Windows system to a PDF printer on my Ubuntu system. I *think* I have it installed correctly on the Ubuntu system see http://paste.ubuntu.com/12460867/ but can't get it to show as a shared printer in the network list | 00:37 |
| sarnold | MannyLNJ: it looks like you need to set the access controls via <location> and set "browsing on" https://wiki.archlinux.org/index.php/CUPS_printer_sharing#Manual_setup | 00:41 |
| MannyLNJ | sarnold, reading it.... | 00:50 |
| MannyLNJ | sarnold, I followed it but must have done something wrong because it isn't being seen by the PC | 01:01 |
| sarnold | MannyLNJ: note one of the lower infoboxes that suggests windows is picky about the specific name | 01:03 |
| sarnold | it may not show up in a browser, you may need to type it out | 01:03 |
| sarnold | MannyLNJ: it may help to make the name as boring as possible -- lowercase a-z, no spaces, no punctuation, etc. | 01:04 |
| === markthomas is now known as markthomas|away | ||
| === ajmitch_ is now known as ajmitch | ||
| MannyLNJ | sarnold, I think the problem is my firewally actully | 01:23 |
| sarnold | could be :) | 01:23 |
| MannyLNJ | sarnold, Would you be willing to help me figure out where I fsked it up and fix it? | 01:24 |
| sarnold | sorry, gotta run MannyLNJ -- look for the zeroconf or whatever it's called services... | 01:26 |
| sarnold | and use samba only as a last last last resort | 01:26 |
| MannyLNJ | sarnold, k | 01:28 |
| PrudentMav | when you set dir owner to www-data then upload/edit files as root, are they still owned by www-data or do you have to keep changing the owner? | 02:12 |
| === Lcawte is now known as Lcawte|Away | ||
| === neurotus is now known as krsna | ||
| lordievader | Good morning. | 07:22 |
| lo72 | lsit | 07:30 |
| lo72 | list | 07:30 |
| linocisco | hi all | 09:34 |
| linocisco | i have only internet from USB cable of Nokia E-5 | 09:34 |
| linocisco | it is ok to use internet on ubuntu desktop but I dont know how to provide internet to ubuntu server | 09:35 |
| mripguru | hey guys - I've got a Dell 2950 III which I just freshly installed with 12.04 LTS — I can access it via the local network, etc., etc. — but, no ping or access from the outside world (though the box can access the outside world no issue). | 12:45 |
| mripguru | This was all working just fine on CentOS 6. | 12:46 |
| === Lcawte|Away is now known as Lcawte | ||
| huttan | mripguru: Does your new ubuntu have the same IP that the centos had ? | 13:28 |
| huttan | mripguru: if all worked before, it might be as easy as changing IP, assuming that your router settings are the same too | 13:29 |
| Ub3rN00b | I'm trying to use Vagrant for the first time and am having a little trouble. I'm using Ubuntu and Apache, and when I try going to mysite.dev I get the error m"You don't have permission to access / on this server." I set all file and directory permissions to 755. Any ideas? | 13:33 |
| mripguru | huttan: yes - all is the same | 13:39 |
| mripguru | huttan: that's the strange thing though | 13:41 |
| mripguru | huttan: it all works just fine on the local LAN | 13:41 |
| qman__ | mripguru: the only parts of that which are on the Ubuntu side are the IP, mask, and gateway settings, the rest is up to the router | 14:03 |
| qman__ | Firewall settings could be blocking it too, but it has no rules by default and would allow it | 14:04 |
| qman__ | If you changed hardware, the router might be unhappy about the MAC address changing | 14:06 |
| mripguru | qman__: MAC address didn't change though | 14:43 |
| saldot__ | trying to get ubuntu server running on my intel nuc but all i get is a black screen with a text cursor in the left corner when i boot | 15:29 |
| sciiam | Hi ! | 16:04 |
| sciiam | Does anyone knows why postfix would keep appending full hostname when I put in configs that: myorigin = <domain.com> ? | 16:07 |
| sciiam | i mean appending to the email address of the sender | 16:07 |
| sciiam | keep sending mail as user@host.domain.com | 16:07 |
| sciiam | anyone? | 16:14 |
| === JohanJ_ is now known as SaldoT | ||
| === PrudentMav is now known as PrudentMav[away] | ||
| === PrudentMav[away] is now known as PrudentMav | ||
| === PrudentMav is now known as PrudentMav[away] | ||
| === PrudentMav[away] is now known as PrudentMav | ||
| === PrudentMav is now known as PrudentMav[away] | ||
| === JohanJ_ is now known as SaldoT | ||
| === PrudentMav is now known as PrudentMav[away] | ||
| === PrudentMav[away] is now known as PrudentMav | ||
| === PrudentMav is now known as PrudentMav[away] | ||
| === PrudentMav[away] is now known as PrudentMav | ||
| === PrudentMav is now known as PrudentMav[away] | ||
| === PrudentMav[away] is now known as PrudentMav | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!