[04:48] <jak2000> better place for start a program when server start: /etc/init  or /etc/init.d/rc.local ?
[04:49] <quantic> jak2000: best would be to create a start script for it, but otherwise, /etc/rc.local
[04:50] <quantic> jak2000: don't mess with /etc/init, and /etc/init.d/rc.local is just the init script that runs the contents of /etc/rc.local
[04:53] <jak2000> the command is: sudo /opt/glassfish4/bin/asadmin start-domain swManzana
[05:42] <trapirate> hello?
[05:42] <trapirate> I have a few questions...if anyone has a moment.
[05:43] <trapirate> SF design dork here...wondering what I need in order to set up a server (software that is)
[05:43] <trapirate> I know how to write html,php,java, and thats about it.  Also basic database know how....
[05:44] <trapirate> have the server ready
[05:44] <trapirate> but not sure if I should do centOS or ubuntu
[05:44] <trapirate> if anyone can help I'll give you free space.
[05:44] <trapirate> free webspace if you can help me set this thing up!
[06:00] <jelly> trapirate: just ask your questions, and if someone can and is willing to answer or comment, they will.  Mind the timezone gap.
[06:03] <trapirate> How do I set up a web server?
[06:03] <trapirate> centOS or should I ubuntu ?
[06:14] <quantic> trapirate: You can find a metric ton of tutorials on that by simply googling.
[06:18] <Guest51163> I know how to set the X11 server on different display's like ctrl+alt+fn
[06:19] <Guest51163> but is there away to set the X11 server and client on seperate computers completely?
[06:23] <quantic> Guest51163: See: X11 forwarding.
[06:24] <Guest51163> I guess it is just host:0,1,2...etc or ipaddr:0,1,2...etc but will this allow me to ssh into this machine and start a GUI enviorment for any of my clients ssh into the system?
[06:27] <Guest51163> Or if not what is the significants of haveing the X11 server side on a different machine then the client side?
[06:30] <Guest51163> quantic you know ?
[07:38] <lordievader> Good morning.
[10:36] <root_____> Hello?
[10:37] <root_____> Does anyone else have the really annoying issue that there Ubuntu server would just start refusing connections. I have been through ever log I could find and it says NOTHING thats helpful. Do any of you amazing people know whats up?
[10:38] <root_____> Anyone talking?
[10:39] <rbasak> !patience | root_____
[10:40] <root_____> What advantages does Ubuntu server have to Windows server?
[10:42] <lordievader> root_____: Refusing connections for what service? And do you run a firewall?
[10:42] <root_____> All servies, not firewall. I have it disabled??
[10:44] <root_____> Just to explain further - I would just be working on a website via FTP and suddenly the server would just start refusing connections via FTP and apache. LAN and WAN. I have to restart the server for it to work again.
[10:47] <lordievader> Ugh FTP. Lets focus on apache. Do you have physical access to a shell (or in some other way when this happens)?
[10:48] <root_____> yes, thats how i manage ro restart when this happens. SSH also stops
[10:50] <lordievader> root_____: At that point are the services still running?
[10:50] <root_____> Yes
[10:51] <lordievader> root_____: Do they still listen to their respective ports?
[10:53] <root_____> Yes, looking at netstat it seems that everything is still working how they should be but no connecting. Could this be something else on the network causing the probem?
[10:56] <lordievader> Unlikely.
[10:56] <lordievader> Do you still have network connectivity?
[10:56] <root_____> The server is still able to ping nodes inside and outside the network if thats what you mean
[10:57] <lordievader> Interesting. iptables -vnl shows empty tables?
[11:00] <root_____> iptables -vnl no command?
[11:00] <lordievader> Err that should have been 'iptables -vnL'
[11:00] <root_____> ahh
[11:03] <root_____> brb
[11:03] <root_____> i will be back
[11:43] <root_____> _
[11:45] <root_____> Did anyone suggest anything with the server that kept refusing connections?
[11:46] <lordievader> Not while you were gone, could you answer my last question?
[11:46] <root_____> About the Iptables?
[11:46] <root_____> The tables were empty
[11:47] <lordievader> Hmm, what does nmap say when you try to connect to localhost port 22 or 80?
[11:47] <root_____> Nmap dosent show anything open on my IP once it goes down
[11:48] <lordievader> root_____: Not even on localhost?
[11:49] <root_____> Nothing
[11:50] <lordievader> Wow. Does restarting sshd/httpd help?
[11:50] <root_____> Could it be something 'overloading' the server? Such as A Ddos flooding the server?
[11:50] <root_____> No, has to be restarted for it to start working again
[11:50] <lordievader> Anything in dmesg?
[11:50] <root_____> Nothing that shouldnt be there
[11:52] <TJ-> Is it a bare-metal or virtualised server? if virtualised, what is the hypervisor?
[11:52] <root_____> Its not virtualised, its hosted on my network
[11:54] <root_____> Ive been lost on this for quite a while too, I have no idea
[11:54] <lordievader> Perhaps resetting the network interface helps?
[11:55] <root_____> Ill try it, one second
[11:56] <TJ-> Can you pastebin /var/log/dmesg or, if using systemd-journald, "dmesg" capture
[12:05] <root_____> Restarting the network interface did nothing, and getting the dmesg from the server is rather dificult since I cannot get the file from the server to a computer that I can put it on pastebin
[12:06] <TJ-> root_____: No USB mass-storage to move the file with?
[12:07] <alexstar> dear all
[12:07] <alexstar> i want to ask for somthing
[12:08] <root_____> Go ahead alexstar
[12:08] <alexstar> can ubuntu make server in my company with client folder sync
[12:08] <root_____> Ill gete this file in a minute and put it on pastebin
[12:09] <alexstar> client folder sync , local network and website
[12:10] <alexstar> any answer ???
[12:10] <lordievader> alexstar: I am not entirely sure what you want.
[12:10] <alexstar> i explain to you
[12:11] <alexstar> i want server can make
[12:11] <alexstar> export files from other computer to it
[12:12] <alexstar> 2- website
[12:12] <alexstar> 3- local network connected with it
[12:12] <TJ-> alexstar: Does 'client folder sync'  mean 'roaming profiles' as done on Windows OS ?
[12:13] <lordievader> Does/could your server have ssh access to those machines?
[12:13] <root_____> So you want to copy a server and software to another computer?
[12:13] <alexstar> yes
[12:14] <alexstar> moment by moment
[12:14] <alexstar> from all computer to server
[12:14] <alexstar> backup server
[12:14] <root_____> A complete copy of everything?
[12:14] <alexstar> yes
[12:15] <alexstar> no no
[12:15] <alexstar> folder i choose it
[12:15] <lordievader> alexstar: Does it have ssh access?
[12:15] <alexstar> no
[12:15] <lordievader> Hmm, that is too bad.
[12:15] <root_____> How about FTP?
[12:15] <alexstar> i dont have ubuntu server
[12:16] <root_____> What server do you have?
[12:16] <alexstar> but i want to install it for this
[12:16] <lordievader> Don't do FTP, FTP is bad, rather use SFTP, FTPS or SCP.
[12:16] <alexstar> how???
[12:17] <alexstar> i dont understand anything about ubunto server but i use ubunto desktop
[12:17] <root_____> What server software do you have?
[12:18] <alexstar> i want to install ubuntu server 14.04.3 LTS
[12:18] <root_____> But you want to backup your files before you wipe the server?
[12:18] <lordievader> https://www.digitalocean.com/community/tutorials/how-to-configure-vsftpd-to-use-ssl-tls-on-an-ubuntu-vps
[12:18] <alexstar> no
[12:19] <alexstar> i want to install new server in my company
[12:19] <lordievader> Anyhow, having an FTP(S) server is one thing, then you need to install/write something that automates a backup to it...
[12:19] <alexstar> yes
[12:20] <alexstar> please let me to tell what i need
[12:24] <alexstar> i want to install server ( make back up from company computer to server in time - website with some information about company * joomla script * - odoo erb to human resource and projects - local network with all computer )
[12:24] <alexstar> this i need
[12:25] <alexstar> any answer ??
[12:25] <root_____> So first of all you want to install Ubuntu-server to a computer
[12:25] <lordievader> What OS do your company computers run?
[12:25] <alexstar> windows 7
[12:25] <alexstar> yes
[12:28] <alexstar> dear all
[12:28] <alexstar> ???????????
[12:28] <T3DDY> Do you have a computer ready for the server OS to be installed?
[12:29] <alexstar> yes
[12:29] <lordievader> alexstar: I know nothing of Windows backups...
[12:30] <T3DDY> lordievader: he wants to install Ubuntu-server to a computer and just move his website files over to it
[12:31] <ogra_> alexstar, well, start with installling it then
[12:32] <T3DDY> alexstar: Are you needing support to intall Ubuntu-server?
[12:32] <lordievader> T3DDY: As I understand it, he also wants his Windows workstations to backup to it.
[12:33] <ogra_> thats a subsequent step though :)
[12:33] <alexstar> i install it now us and i tell evry thing i need in this step
[12:34] <T3DDY> He can use SAMBA to backup his files too?
[12:35] <T3DDY> alexstar: Do you just want a network file to put the files you want backed up to in?
[12:36] <alexstar> yes
[12:36] <T3DDY> alexstar: are you installing the ubuntu-server now?
[12:38] <alexstar> wait my cd i downloaded from internet
[12:39] <T3DDY> Whats the problem?
[12:39] <sebastianlutter> I have problems with ubuntu server crashes each 2-4 month, and I cannot find a cause. Last log entry I am able to find was in auth.log: https://dpaste.de/njZK  What does the weird symbols mean ?(^@^@^@)  SSH hacking attempt? Fault memory? What do you think?
[12:40] <lordievader> sebastianlutter: That is usually an indication of a drive failing. Could you pastebin the output of smartctl on your disks?
[12:50] <sebastianlutter> lordievader, doing small test with smartctl and will paste results when finished
[12:50] <sebastianlutter> small=short
[13:09] <sebastianlutter> lordievader, does not show up any errors: https://dpaste.de/zeE1   sda:  https://dpaste.de/zZ2M  sdb: https://dpaste.de/06YQ
[13:10] <lordievader> Yeah that looks okay.
[13:10] <lordievader> !saucy
[13:10] <lordievader> sebastianlutter: Are you really running Saucy?
[13:11] <sebastianlutter> yes, some version things forced me to do so
[13:12] <lordievader> Ouch, you do know saucy is eol, I guess?
[13:13] <sebastianlutter> lordievader, you're right, and I should upgrade it. But I want to know the reason for the crash
[13:15] <lordievader> I understand. My explanation for these kind of log messages is that the kernel didn't have time to write the full log message to disk and is then interpreted as null bytes.
[13:19] <sebastianlutter> lordievader, I see. Then it seems likely to me that it crashed during SSH was used/exploited/whatever. Other logs do not have this. Do you agree?
[13:20] <lordievader> What makes you think ssh was exploited?
[13:21] <jamespage> coreycb, hey - you might want to have a run through http://docs.openstack.org/releases/releases/liberty.html now that final dep versions have been frozen
[13:21] <sebastianlutter> lordievader, The auth log was the last service that logged anything. As usual there are a lot of failed login attempt (wordlist attacks). And I have no better theory
[13:21] <TJ-> sebastianlutter: is the server protected by UPS?
[13:22] <coreycb> jamespage, ok will do
[13:22] <sebastianlutter> TJ-, It is a root server from hetzner, so yes (https://www.hetzner.de/ot/)
[13:22] <lordievader> Corellation doesn't mean causality.
[13:22] <sebastianlutter> lordievader, I know, but I want to believe ;)
[13:28] <sebastianlutter> Damn, no other hint what caused this. I hate this. Thanks a lot for your hints!
[13:47] <T3DDY> Does anyone know of some software that would make a server a firewall server? So everything would go into this server and it would then redirect to other servers? Like a router but would stop bad packets
[13:47] <dcosnet> learn iptables
[13:48] <T3DDY> Ok
[13:48] <ogra_> or ufw
[13:49] <T3DDY> Does Fail2ban stop bad packets?
[13:54] <ratrace> T3DDY: yes, implicitly through blocking an IP address as a result of an event in some log, eg. brute force detected against SSH from some IPv4
[13:54] <ratrace> as for firewalls, there's UFW, but also take a look into Shorewall
[13:55] <ratrace> or roll your own solution using iptables directly (as both ufw and shorewall are higher level wrappers around iptables)
[13:55] <sebastianlutter> start with UFW and then look into IPTABLES to learn what UFW is doing for you
[14:00] <T3DDY> Okay, thankyou
[14:30] <T3DDY> What, in your opinion, is the best point to point VPN service?
[14:30] <mripguru> T3DDY:  the one you run yourself?
[14:31] <T3DDY> like - openvpn, pptpd??
[14:32] <mripguru> oh :)
[14:32] <mripguru> I typically use OpenVPN where budget is an issue
[14:32] <T3DDY> Do you host it yourself?
[14:32] <mripguru> at least one end of it usually
[14:33] <mripguru> (if not both ends)
[14:33] <T3DDY> What does it mean when it asks for the management host?
[14:33] <T3DDY> (If you know)
[14:34] <mripguru> T3DDY:  where are you seeing this? I'm not familiar with that prompt (though that doesn't sound like OpenVPN - since it doesn't cluster by default.)
[14:35] <T3DDY> I was looking it up how to set it up and something was talking about a management interface. If I was going to setup a openvpn server, is this something that I would need to setup or is it not needed?
[14:41] <T3DDY> Can I get some help setting up my openvpn server? When I try to start it, it says its autostarting and then when I check its status it says its not running??
[14:48] <T3DDY> Anyone wanna just gimme the command to make a cert for my VPN??
[14:53] <mripguru> T3DDY:  I usually use OpenVPN AS
[14:53] <mripguru> which has a nice GUI
[14:53] <mripguru> for all that sort of stuff
[14:54] <mripguru> (dirt cheap too.)
[15:25] <beisner> coreycb, jamespage - icehouse sru staging-->proposed pushed  (http://paste.ubuntu.com/12514525/)
[15:26] <beisner> coreycb, jamespage - kilo sru staging-->proposed pushed (http://paste.ubuntu.com/12514783/)
[15:31] <coreycb> beisner, thanks
[15:56] <metalice> hi, im setting postfix+dovecot and while testing im getting this: ehlo: command not found
[16:04] <dwoods> Hey everyone, we’re having some problems installing Openstack through MAAS & Landscape.  Anyone here that can point me in a direction and get us going again?
[16:42] <gQuigs> did we actually have a policy change on OpenStack support length?   12.04's Cloud archive was supported until 3 months after 14.04 released.   Now J/K/L (for 14.04) will be supported for 18 months regardless? - https://wiki.ubuntu.com/ServerTeam/CloudArchive.
[16:42] <gQuigs> The text on the page doesn't actually mention the 18 month
[16:42] <teward> sarnold: WRT the CVE for nginx that you said 'ignored' on, because backporting isn't trivial, I also "Won't Fix"'d the corresponding releases on the LP bug.  Just for the record.
[16:43] <jamespage> gQuigs, yeah - that was made prior to 14.04 release; all 14.04 cloud-archive pockets get 18 months of support
[16:44] <gQuigs> jamespage: thanks for confirming :)
[16:44] <jamespage> gQuigs, apart from 'M' which will get until the end of 14.04 for support
[16:44] <jamespage> so 3 yrs
[16:45] <gQuigs> righ
[16:45] <shishi> nick rmc3
[16:45] <shishi> whoops.
[16:45] <teward> rmc3: important: the / is mandatory :)
[16:45] <teward> :P
[16:56] <baggar11> Anyone using openvswitch in here? Should I be bonding 2 physical nics or bridging them? Or both?
[16:56] <baggar11> Wondering what the best config would be for eth0 and eth1 without vlans.
[17:05] <jamespage> baggar11, if those are going to be your primary network access, i'd use straight linux bonding (no ovs)
[17:05] <jamespage> baggar11, you can do it with ovs, but its tricky to get right in terms of having it manage the primary network interface so early in boot
[17:06] <jamespage> not impossible but tricky
[17:06] <baggar11> jamespage: I'm trying to play around with openvswitch, nothing is set in stone right now. I'm just wondering if ovs will do its thing over a bridge and/or bond.
[17:06] <jamespage> baggar11, yes it will
[17:06] <baggar11> it will over both?
[17:06] <jamespage> yes
[17:07] <jamespage> I frequently use GRE/VXLAN overlay networks via a bridged network interface
[17:07] <jamespage> bonding is ok as well - loadbalancing is tricky, but active/passive is ok
[17:08] <baggar11> I've got a bridge up now with ovs for eth0/eth1
[17:08] <baggar11> I'll stick a guest on each and run some tests
[17:10] <baggar11> jamespage: thanks
[23:05] <PrudentMav> how can I create a system user and they only see and have access to /var/www/domain/public
[23:05] <PrudentMav> ?
[23:05] <PrudentMav> this is the first time I am bringing on a new dev for front end work and not sure how to do this as I've always done everything as root
[23:09] <AvatarA> there really are a lot of ways...
[23:09] <AvatarA> depends really on your specific case
[23:10] <AvatarA> personally I would just chmod that www and allow that user to make changes there
[23:10] <AvatarA> and just remove world permissions on whatever directories I don't want him to read
[23:10] <sarnold> sshd's chroot may help out a bit, but maintaining chroots are annoying. making an apparmor profile for that user's shell may help
[23:13] <AvatarA> you could also setup secure ftp for him just on that directory, if he doesn't need ssh login
[23:25] <Wicaeed> Has anyone seen an error when trying to mount a remote Windows file share (Windows Server 2012R2) from Ubuntu server, "CIFS.VFS: cifs_mount failed w/return code = -95"?
[23:27] <sarnold> EOPNOTSUPP 95 Operation not supported
[23:27] <sarnold> Wicaeed: I could imagine that if you don't have e.g. cifs or smbfs modules loaded into the kernel that you might get those errors; check lsmod ouput?
[23:28] <sarnold> Wicaeed: are there any more details in dmesg or other logs?
[23:28] <Wicaeed> nah, just the error message that is spat out after I run the command
[23:28] <Wicaeed> lsmod | grep cifs cifs     278756 0
[23:28] <Wicaeed> smb doesn't show anything though, hm
[23:28] <sarnold> dang, I liked that idea.
[23:28] <Wicaeed> hehe
[23:31] <Wicaeed> When I add it to my fstab I do get an additional message "CIFS VFS: server quires packet signing to be enabled in /proc/fs/cifs/SecurityFlags."
[23:32] <sarnold> Wicaeed: you don't happen to have a comma in the password, do you? https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/1069915
[23:32] <sarnold> (not EOPNOTSUPP, but .. that entire section of code looks insanely brittle.)
[23:33] <Wicaeed> No, I've also tested with multiple accounts
[23:40] <sarnold> Wicaeed: hmm, the kernel's cifs README just suggests to echo a 1 or 2 into that file
[23:40] <sarnold> Wicaeed: try echo 1 > /proc/fs/cifs/SecurityFlags and then re-try the mount
[23:40] <sarnold> Wicaeed: see https://www.kernel.org/doc/readme/Documentation-filesystems-cifs-README for full details, but this file is seriously underdocumented
[23:41] <Wicaeed> SOB, file share is on a Windows domain controller, which has a setting to force signing for network connections
[23:41] <Wicaeed>  running Windows 2000, server-side packet signing must also be enabled. To enab
[23:41] <Wicaeed> blah
[23:41] <Wicaeed> oh Windows
[23:42] <AvatarA> windows sharing, the great unknown :P
[23:43] <AvatarA> now it works, now it doesn't
[23:44] <sarnold> oh so true
[23:45] <AvatarA> probably very advanced, free will!
[23:46] <sarnold> and I don't think I ever got an anonymous read-only share to ever work with both win95 and winnt clients. maybe it's better now that the WFW codebase has been entirely retired, but configs that worked for one wouldn't work for the other..