[00:09] <MannyLNJ> Looking for guides on securing my home ubuntu server
[00:11] <sarnold> disable password authentication to ssh, use ufw to allow only the ports you want open, use apparmor to confine the services that you do run; under no circumstance use a web "control panel" thing, those are usually garbage
[00:11] <sarnold> set up unattended upgrades if you won't be logging in regularly
[00:14] <MannyLNJ> sarnold, so instead of password auth for ssh use a pre-shared key? I only want to allow Point to point tunneling, for a VPN, and access to my calibre library from the outside world and inside my lan access some shared printers including a PDF printer on the Ubuntu server
[00:15] <sarnold> MannyLNJ: yes, the ssh public key stuff is actually more convenient than using passwords anyway, so that'll be for the best :)
[00:20] <MannyLNJ> sarnold, I forgot if I have another firewall on the system. i'm thinking if I got PPTPD working then i do so would UFW - Uncomplicated Firewall cause a conflict?
[00:21] <sarnold> MannyLNJ: ufw is a friendly front end to iptables; if you're doing iptables entries yourselves for other reasons, feel free to skip ufw.
[00:21] <MannyLNJ> sarnold, I prefer not to do them myself because I think a 6 year old knows more than i do about this topic
[00:22] <sarnold> MannyLNJ: hehe, I know the feeling, iptables baffles me. that's why I like ufw. but if you're oging to run a vpn concentrator thingy yourself, you may need more than ufw is prepared to do for you.
[00:24] <patdk-lap> heh?
[00:24] <MannyLNJ> sarnold, I am just concerned about my system being compromised and used as a base to launch DDOS attacks. Or should I not be too concerned since I'm just on a home network
[00:25] <patdk-lap> iptables is great
[00:25] <patdk-lap> it's the whole ebtables and stuff that gets odd
[00:26] <sarnold> patdk-lap: I used ipf and pf for years, the change to iptables way of thinking hurts my head
[00:26] <sarnold> you're right thuogh, ebtables is Much More So :)
[00:26] <MannyLNJ> I know the only truly secure system is one in a locked room with no keyboard, no network connection and encased in concrete but that would be useless ;-)
[00:27] <patdk-lap> I never wrapped my head around pf
[00:28] <patdk-lap> did a crapload of ipchains
[00:28] <sarnold> I never did ipchains either; I did ipfwadm, that fit my head alright..
[00:33] <patdk-lap> I was huge into 2.0 and 2.2 kernels
[00:33] <patdk-lap> was kindof depressed when I was forced to upgrade to 2.4
[00:33] <patdk-lap> and the scheduler and memory stuff was totally rewritten and my custom scheduler wouldn't work without well, months of rewrites
[00:34] <sarnold> and then they threw away the scheduler and memory stuff again a few releases later, hehe
[00:37] <MannyLNJ> Another question-- I need to print from my Windows system to a PDF printer on my Ubuntu system. I *think* I have it installed correctly on the Ubuntu system see http://paste.ubuntu.com/12460867/ but can't get it to show as a shared printer in the network list
[00:41] <sarnold> MannyLNJ: it looks like you need to set the access controls via <location> and set "browsing on" https://wiki.archlinux.org/index.php/CUPS_printer_sharing#Manual_setup
[00:50] <MannyLNJ> sarnold, reading it....
[01:01] <MannyLNJ> sarnold, I followed it but must have done something wrong because it isn't being seen by the PC
[01:03] <sarnold> MannyLNJ: note one of the lower infoboxes that suggests windows is picky about the specific name
[01:03] <sarnold> it may not show up in a browser, you may need to type it out
[01:04] <sarnold> MannyLNJ: it may help to make the name as boring as possible -- lowercase a-z, no spaces, no punctuation, etc.
[01:23] <MannyLNJ> sarnold, I think the problem is my firewally actully
[01:23] <sarnold> could be :)
[01:24] <MannyLNJ> sarnold, Would you be willing to help me figure out where I fsked it up and fix it?
[01:26] <sarnold> sorry, gotta run MannyLNJ -- look for the zeroconf or whatever it's called services...
[01:26] <sarnold> and use samba only as  a last last last resort
[01:28] <MannyLNJ> sarnold, k
[02:12] <PrudentMav> when you set dir owner to www-data then upload/edit files as root, are they still owned by www-data or do you have to keep changing the owner?
[07:22] <lordievader> Good morning.
[07:30] <lo72> lsit
[07:30] <lo72> list
[09:34] <linocisco> hi all
[09:34] <linocisco> i have only internet from USB cable of Nokia E-5
[09:35] <linocisco> it is ok to use internet on ubuntu desktop but I dont know how to provide internet to ubuntu server
[12:45] <mripguru> hey guys - I've got a Dell 2950 III which I just freshly installed with 12.04 LTS — I can access it via the local network, etc., etc. — but, no ping or access from the outside world (though the box can access the outside world no issue).
[12:46] <mripguru> This was all working just fine on CentOS 6.
[13:28] <huttan> mripguru: Does your new ubuntu have the same IP that the centos had ?
[13:29] <huttan> mripguru: if all worked before, it might be as easy as changing IP, assuming that your router settings are the same too
[13:33] <Ub3rN00b> I'm trying to use Vagrant for the first time and am having a little trouble. I'm using Ubuntu and Apache, and when I try going to mysite.dev I get the error m"You don't have permission to access / on this server." I set all file and directory permissions to 755. Any ideas?
[13:39] <mripguru> huttan:  yes - all is the same
[13:41] <mripguru> huttan:  that's the strange thing though
[13:41] <mripguru> huttan:  it all works just fine on the local LAN
[14:03] <qman__> mripguru: the only parts of that which are on the Ubuntu side are the IP, mask, and gateway settings, the rest is up to the router
[14:04] <qman__> Firewall settings could be blocking it too, but it has no rules by default and would allow it
[14:06] <qman__> If you changed hardware, the router might be unhappy about the MAC address changing
[14:43] <mripguru> qman__:  MAC address didn't change though
[15:29] <saldot__> trying to get ubuntu server running on my intel nuc but all i get is a black screen with a text cursor in the left corner when i boot
[16:04] <sciiam> Hi !
[16:07] <sciiam> Does anyone knows why postfix would keep appending full hostname when I put in configs that: myorigin = <domain.com>  ?
[16:07] <sciiam> i mean appending to the email address of the sender
[16:07] <sciiam> keep sending mail as user@host.domain.com
[16:14] <sciiam> anyone?