[02:03] if i have ubuntu-server (14.04) set up to automatically install security updates; how come when i login sometimes i see "system restart required". will this never be done automatically as part of security updates? [02:04] arooni: Live patching of kernels is still in its infancy. [02:04] so i have to restart my servers every now and then as a workaround? [02:05] arooni: It should tell you. But in general, spontaneous reboots are a bug. [02:05] so theres no best practice, 'set up a cron job to restart server every now and then ' ? [02:06] The best practise would be, "schedule a downtime window and restart within it". [02:07] but this is done as a one off ? [02:07] Ah, there is a way: https://help.ubuntu.com/community/AutomaticSecurityUpdates [02:07] i already have security updates set up (at least i thought i did) [02:07] From that: "If you want the script to automatically reboot when needed, you not only need to set Unattended-Upgrade::Automatic-Reboot "true", but you also need to have the "update-notifier-common" package installed." [02:07] ahhh [02:07] Seems questionable, but there's the rope. :P [02:07] thanks for tracking that down ChibaPet ; looks like i need to jump into that [02:08] well once i have monitoring uptime set up after i will this evening; ill let that notify me if theres a problem [02:09] Good luck with it, whichever way you decide to do it. [02:11] thanks for your help ChibaPet [02:11] arooni: My pleasure. [02:42] now trying to fix a different problem on a different server; it looks like when i ssh i'm successful but i'm immediately logged out; exit status = 0. what should i check? [03:01] arooni: Look at /var/log/auth.log on the server. [03:12] fixed it thanks ChibaPet ! [03:12] apparently if login can't load your default shell; you're done; there's no failover [03:12] or login shell rather === lamont` is now known as lamont === dax is now known as daxcat [07:17] hi every one, i have a question, i have a linux server 12.04 ,my ping to 8.8.8.8 is ok ,but when i ping google.com ,reply is very slow, my dns is set to 8.8.8.8 in resolve.conf file, [07:17] why this happend? [07:22] anyone know about this? [07:27] 480 people and anyonee responce????? [07:32] FarhaadN: 1) When you say very slow, can you transate that into number? 2) Given anycast, it's expected that 8.8.8.8 will be closer than whatever result you get for google.com [07:42] andol: i ping yahoo.com and this is result , icmp_req and time for each request is ok .but see time for all packets > http://pastebin.com/spntXvUu [07:45] FarhaadN: so your issue is that the sum for all packets is so much more than summing up the individual times? [07:48] cpaelzer: i think my problem is for DNS ,i ping ubuntu.com and don't reply ,but ping ip ,is ok,check this > http://pastebin.com/ww6FJP0y [07:50] FarhaadN: ok, that looks much like mine http://paste.ubuntu.com/15333468/ [07:50] FarhaadN: let us trace it down a bit [07:50] * cpaelzer is crafting a commandline ... [07:52] cpaelzer: noo, for you sum time is 6000 ,but for mine is 60,000 [07:52] yes, but when you use IP and nos dns name your sum is similar [07:52] I agree that it might be dns related [07:52] but I want to see where time is lost, that is what I'm constructing atm [07:53] could you create something like this http://paste.ubuntu.com/15333479/ ? [07:53] Comparing that could give us a start where to look into [07:53] FarhaadN: ^^ [07:54] yes ,see this please, when ping google.com 2 start reply from and tooo slow ,then reply from dns and ok > http://pastebin.com/ve6JFt5J [07:55] cpaelzer: yes i create that thing [07:55] sry for my bad language [07:56] never mind, people are important not their language [08:03] cpaelzer: thx u [08:04] http://paste.ubuntu.com/15333503/ [08:04] hallyn, what exactly are you trying to get to...? [08:07] FarhaadN: yeah, that looks suspicious towards dns resolve "45.53 70.073280 10010468 7 gethostbyaddr" [08:07] it is called per ping (see count 7), so it scales and it no flat extra time [08:07] also your SYS_poll is huge [08:08] FarhaadN: with that in mind try something more simple - what does this give you "time dig yahoo.com > /dev/null" ? [08:09] hmm, even setting my dns to 8.8.8.8 as well doesn't make it as bad as yours ... [08:10] cpaelzer: yes my any server s dns is set to 8.8.8.8 [08:10] but only this one have a problem [08:10] real 0m15.033s [08:10] user 0m0.001s [08:10] sys 0m0.001s [08:11] uh that is actually great [08:11] that mans we can debug just with name resolition [08:11] FarhaadN: I have "real 0m0.017s" [08:11] oh [08:12] now what can i do ? [08:12] I'm creating another command to give us more insight, give me a sec [08:12] ok [08:20] ... still working ... [08:20] so far it doesn't give me what I want and I don't want to just dump you with a zillion of commands [08:23] FarhaadN: nut 100% sure, but a pastebinit of "dig +trace +recurse +all +qr -t yahoo.com" might be nice to see if the call for the NS or later on for the details is slow [08:25] ok i check [08:25] FarhaadN: you can also add "sudo ltrace -S -rT nslookup -debug -d2 yahoo.com" to that pastebin [08:26] http://paste.ubuntu.com/15333552/ [08:27] umm, timeout isn't good :-) [08:27] http://paste.ubuntu.com/15333555/ [08:28] cpaelzer: even when i was apt-get update ,i can't and error accourd [08:29] well both last pastebins run into a dns timeout, ... hmm [08:31] you said all the other servers from the same network are ok, and go for the same dns @ 8.8.8.8 ? [08:32] but before you had slow but at least working resoliton didn't you ... [08:36] noo my others servers is not in this network,but dns is 8.8.8.8 and ok [08:38] FarhaadN: hmm - my expectation is routing out/back-to of your current network might be your issue then [08:38] FarhaadN: you surely could try other free DNS servers, but that would only be a workaround not a solution [08:39] like: for DNS in 209.244.0.3 209.244.0.4 64.6.64.6 64.6.65.6 8.8.8.8 8.8.4.4 84.200.69.80 84.200.70.40 8.26.56.26 8.20.247.20 208.67.222.222 208.67.220.220 156.154.70.1 156.154.71.1 199.85.126.10 199.85.127.10 81.218.119.11 209.88.198.133 195.46.39.39 195.46.39.40 50.116.23.211 192.99.240.129 208.76.50.50 208.76.51.51 216.146.35.35 216.146.36.36 37.235.1.174 37.235.1.177 198.101.242.72 23.253.163.53 77.88.8.8 77.88.8.1 89.233.43.71 91.239. [08:39] 100.100 74.82.42.42 109.69.8.51; do nslookup yahoo.com ${DNS}; done [08:39] if they all are slow or timeout you surely have to look at you network / routing setup [08:39] I had hoped to find a more local issue to your system to debug with you [08:39] but I think that means you have to debug your network setup [08:40] think or wireshark and such, but that leaves my comfort zone [08:40] sorry, I at least hope to brought you one step further in debuggin this [08:40] FarhaadN: ^^ [08:41] cpaelzer: very thx for reply and help mee [09:02] Hi, I'm wondering: I bought a domain and connected it to my ip. When i now enter my domain name adress, i get to the interface of my router(log in promt), is this normal? [09:03] Does your domain resolve to your router? [09:04] well, yes i think so. [09:06] Check it, I'd say. [09:06] It resolves to my IP, which is my ISP's router... [09:07] sceiron: There is your problem, I suppose. [09:08] Ok, i just in the process of setting up a ubuntu server behind this router, but have not gotten that far yet. I was just questioning that entering my IP in any external browser would bring me to my routers log-in promt [09:09] sceiron: If your router is setup to show a login page to remote on port 80/443, then yes. Though I would advice you to disable remote login. [09:10] ok, thanks, that answers my question for now i guess. Is it default practice for ISPs to set up a router with "Remote login"? [09:11] No. [09:11] Not to my knowledge at least. [09:11] All ISP provided routers I've had have had ISP backdoors at least [09:11] Which is a good reason to ditch them [09:12] Or at least ask them to set it in bridged mode and use your own router [09:12] Havent checked this before, but i can log in with the default username/password, in other words it seems kinda open to me, oups [09:18] True, but that is usually seperate from a remote login. [09:19] Well, yes [10:42] hi all - i have one ubuntu 14.04 server which has an ethernet alias set in /etc/network/interfaces - it’s set to auto but it NEVER comes up at reboot? i have about 10 other trusty hosts with the same config, and they all work flawlessly? any ideas. === lordieva1er is now known as lordievader === lordievader is now known as Guest45991 === Guest45991 is now known as lordievader === devil is now known as Guest30973 === matsubara_ is now known as matsubara === Guest30973 is now known as devil_ === _ruben_ is now known as _ruben [12:55] <[1]Az> hello [12:55] <[1]Az> i am getting this error: [12:55] <[1]Az> https://gist.github.com/benjfield/09763033aa97c04caa74 [12:56] <[1]Az> on 4 of my servers [13:00] looks ot me like an issue with the elasticsearch.org repo [13:00] have you tried removing it from your sources and trying again? [13:01] <[1]Az> yes [13:01] <[1]Az> its not [13:01] <[1]Az> its an issue with apt [13:01] <[1]Az> hang on [13:03] <[1]Az> https://gist.github.com/benjfield/09763033aa97c04caa74 [13:18] hmm [13:51] <[1]Az> weird right? [13:52] have you tried blowing away apt's cache folder? [13:52] it's odd that 4 servers broke at once though [13:52] and I can't find any google search results [13:52] <[1]Az> this is my issue [13:52] <[1]Az> i actually rebuild the servers [13:52] <[1]Az> and then it started happening again [13:52] <[1]Az> all 4 servers have the same config [13:52] is the server setup exotic at all? nfs root or anything silly? [13:53] <[1]Az> nope [13:55] <[1]Az> pretty standard [13:57] <[1]Az> i dont know what else i can do to debug it === mohammad is now known as Guest20550 === Guest20550 is now known as linuxlove === linuxlove is now known as sysadmin [13:59] hello [14:00] hello [14:00] how can i get a log files from people that i have logged in my server and commands that they have ran [14:00] [1]Az: you don't have anything locking the apt directory do you? anything in lsof ? [14:00] and their ips [14:00] <[1]Az> root@dev-php-app01:/home/concrete# lsof | grep apt [14:00] <[1]Az> munin-nod 19644 root mem REG 202,1 10336 1231 /usr/lib/perl/5.18.2/auto/Tie/Hash/NamedCapture/NamedCapture.so [14:01] <[1]Az> doesnt look like it [14:01] hmm [14:01] nope [14:01] sysadmin: logged in from console? [14:01] pmatulis, yes [14:01] sysadmin: hmm, IPs. so wouldn't that be logged in via SSH? [14:01] [1]Az: has the server been up a really long time? when is the last time you ran fsck on the filesystem apt lives on [14:02] pmatulis, yes i mean log in from ssh [14:02] <[1]Az> 40 days [14:02] <[1]Az> i can reboot it [14:02] sysadmin: that should be logged in /var/log/auth.log [14:03] [1]Az: try running fsck [14:03] <[1]Az> i cant run fsck on / [14:03] pmatulis, i used that but i cant see their commands [14:03] [1]Az: touch /forcefsck [14:04] [1]Az: then reboot, I think [14:04] sysadmin: as for commands run, it is only recorded, also in auth.log, if they use sudo [14:04] pmatulis, and commands without sudo [14:05] sysadmin: you will need a special tool to track all commands issued by users [14:05] https://goo.gl/qJ7NW6 [14:06] pmatulis, and about their ips? [14:07] sysadmin: i'm pretty sure that is in auth.log for SSH connections [14:08] and if just upload to one directory with rsync can i see their ip? [14:09] <[1]Az> mybaltzitch: fsck ran but the problem continues [14:10] [1]Az: grrr. [14:10] pmatulis, if one user just upload file to one directory can i see his ip ? [14:13] sysadmin: i don't think so but i'm not 100%. if you somehow enforce rsync-over-ssh you probably can get it. just try it [14:13] pmatulis, i need to use sudo ufw allow ip port 22 [14:13] pmatulis, what do you mean exactly ? [14:14] sysadmin: what's your full question? [14:15] pmatulis, my friend last night connected to my server to upload file to my directory with rsync he doesnt know his ip i need to access just to him for port 22 i need to find his ip [14:15] <[1]Az> mybalzitch: quite [14:16] <[1]Az> sysadmin: just get him to lookup his ip [14:17] okay [14:18] i ask him to find it [14:18] [1]Az: I'd take it to the forums [14:19] sysadmin: you can allow SSH connections based on username. disallow all connections except for certain users. in 'man sshd_config' see 'Match AllowUsers' [14:19] sysadmin: not sure if you absolutely need to do the firewall stuff but it might help [14:19] [1]Az: http://ubuntuforums.org/showthread.php?t=1827960&p=11164176#post11164176 [14:21] pmatulis, i have another question i have ran netbeans when i browse localhost:8383 i see my index.html file but when i browse mydomain:8383 i dont see any thing i have activated sudo ufw allow what is problem? 8383 when i [14:22] pmatulis, i have another question i have ran netbeans when i browse localhost:8383 i see my index.html file but when i browse mydomain:8383 i dont see any thing i have activated sudo ufw allow 8383 what is problem? [14:23] sysadmin: i'm sorry i have a meeting now. make sure DNS is working properly and that your application is configured to respond on "mydomain" [14:24] pmatulis, first time it answered but for second time when i ran mydomain:8383 i didnt see anything my domain is activated i can see when i browse it but in port 8383 i cant see anything [14:25] while it answers in localhost:8383 [14:26] http://localhost:8383/w3schools/index.html [14:30] oh [14:30] problem was from router === utlemmin` is now known as utlemming === daxcat is now known as ezri [17:07] hello! [17:07] https://launchpad.net/~deepika-chauhan is this person on the server team in some way? [17:07] They requested access to the wiki/etherpad, and I believe they may actually be a spammer, and not a real person wanting to do legitimate work. [17:15] that's gotta be a fake e-mail, right? [17:28] hello [17:29] How do you use CORS in a LAMP environment? Particular allow all access [17:29] trying to write a mobile app and keep getting javascript errors due to CORS and cross-site [17:39] popey: I don't recognise that name. [17:39] https://launchpad.net/~deepika-chauhan/+archive/ubuntu/ppa is spam. [17:41] good spot! [17:44] rbasak, nah, its canoni printer support obviously :P [17:44] *canon [18:48] hi, i have just set up a irc server on my ubuntu server, can someone help me verify that is works from www, it works from local machines... [18:50] sceiron: sure, which ip/port? [19:01] tnx :) === IdleOne- is now known as IdleOne === ezri is now known as daxcat [22:13] nacc, https://code.launchpad.net/~ubuntu-server-dev/ubuntu/+source/checksecurity/+git/checksecurity [22:15] smoser: thanks! [22:15] smoser: and you can not do sg3-utils :) [22:15] if you didnt' see the chatter in #ubuntu-devel [22:16] i didnt [22:16] id idt see it [22:16] is it because there is no changelog entry for 1.40-0 [22:16] ? [22:16] smoser: sort of, we're just going to sync with 1.41-2 when it comes out [22:17] as of right now, we're basically in sync iwth debian due to the backports, just at an unreleased version [22:20] nacc, ok. [22:20] nacc, http://paste.ubuntu.com/15337649/ [22:20] that is 'go-import.py'' which just prints out ordered commands to run [22:20] and assumes you have the right debian and ubuntu versions [22:21] see http://paste.ubuntu.com/15337646/ for example output [22:21] Hello. Would someone who has installed Postfix, MySql and Dovecot server share what the relationship between the three in simple terms as I do my homework on knowing what to install. I have found Ubuntu website installation procedures, however, I would like to hear from someone's personal experience. I know it is involved, but a fireside chat would help me to prepare my mind. [22:22] I have downloaded example config files as examples. [22:24] zulu, that is a huge intertaking [22:24] setting up a mailserver is by far no simple task [22:24] I realize that. [22:24] but dunno what you mean by relationship between them [22:24] mysql is a database [22:24] Yes. [22:24] dovecot is an auth/imap server [22:24] postfix is an mta [22:24] there is no relationships [22:24] So these three just work together then? [22:25] they all do their own tasks [22:25] I see. [22:25] and produce a final result of imap + smtp server, though the mysql part is not needed at all [22:25] Thanks for that mysql point. [22:25] you don't have to have imap and smtp on the same server [22:26] personally I run an 2 imap servers, and 16 smtp servers, and then 4 mysql servers for them [22:26] It is a headless wireless server. It is experimental right now. [22:26] Apache2 [22:27] and then as soon as you get that all setup, you will learn, you will want to add clamav, amavisd-new, spamassassin, .... to the mix [22:27] i386 machine.. [22:27] making it more complex [22:27] then add on webmail [22:27] setup postscreen [22:27] smoser: thanks! [22:28] I did a little bit of homework on that. That seems like the fun part. However difficult. [22:30] mysql can be used as an authorative source of infomation for dovecot/postfix [22:30] but you could use system accounts, ldap, or any number of other things if you want [22:31] I appreciate your input Patdk-lap. Thanks. I am not sure how complex I should get with this but you opened up a few thought in my mind on this. [22:33] I am getting more to appreciate using ssh terminal to the ubuntu box and it has been quite the learning curve here. I have been using Windows for years and know how to navigate with it but it is a totally different story not using a GUI with me. [22:34] It really makes me appreciate the hard work you folks do here. [22:36] I normally have 2 screens full of ssh connections [22:39] Sounds like you are a busy person with 2 screens full of ssh connections. My ssh connection is always running with WinSCP from my Windows box. I have run in the past VPN to my linux box. [22:40] I use puTTY as well. Nice piece of work. [22:43] The real challenge is using the console commands. That is where the rubber meets the road. === King is now known as King` === King` is now known as King`_^ === King`_^ is now known as ^`_King`_^ === ^`_King`_^ is now known as ^_`King`_^ [22:48] Does Spamassassin have to be updated like SuperAntiSpyWare? [22:50] Zulu_Too: SA rules are updated daily by /etc/cron.daily/spamassassin [22:50] Zulu_Too: you might need to set CRON=1 in /etc/default/spamassassin as I don't remember what's the default value for it [22:51] Thanks Sdeziel. :) [22:51] Zulu_Too: I also second the recommendation regarding postscreen [22:52] I will certainly do my homework on that Sdeziel. Thanks. [22:53] I was looking at a pastebin called Stikked. Have you used it? === ^_`King`_^ is now known as King [22:55] It uses XMPP. Another interesting thing is called: Jabbered. [22:55] Also ejabbered. [22:56] Zulu_Too: if you are looking for a XMPP server, prosody has always served me well [22:57] i like prosody personally [22:57] I will check that out. Thanks. [22:58] Is this the website you were referring to? https://prosody.im/ [22:59] Zulu_Too: yes [22:59] !info prosody [22:59] prosody (source: prosody): Lightweight Jabber/XMPP server. In component universe, is extra. Version 0.9.8-1ubuntu0.1 (wily), package size 199 kB, installed size 1059 kB [23:01] I was searching for an IRC like web based interface and have realtime tech conversations with my clients. There are lots of them out there. I am looking for one with the best latency issues. [23:01] Zulu_Too: i've heard good things about slack. it seems to be the thing all the cool kids use. nothing on irc but us old farts. [23:02] (those of us who have been on irc for 20-years may question the wisdom of letting any old idiot include images directly into the window.) === genpaku_ is now known as genpaku [23:03] sarnold: bah! [23:03] Sarnold, that is funny. I have been using IRC for many years. I will say that you meet a lot of intelligent people who like to share their knowledge. [23:03] and their flickr feeds [23:03] not really [23:04] My first IRC experience was with Netscape Navigator. It had an IRC client built in. That is old. [23:05] Years ago you would telnet to IRC. [23:05] telnet -> stunnel -> irc [23:06] yeah, obvoiusly i'm trying out the interwebz thing; as i predicted, ctrl-u and ctrl-w are sorta blockers for me [23:06] (with irc in a web page) [23:08] shoutme: try pentadactyl, it fixes ^W and ^U :) [23:08] Years ago, I used to park on the #Linux channel on Dalnet. That was fun. Lots of nice folks there. [23:09] Zulu_Too: oh indeed, there's lots of great people here. but the scale goes waaaaay down :) [23:10] I usually gravitate towards those who are humane and are considerate. Not all are. [23:10] sarnold: trying to make me cry? pentadactyl is broken with new ff [23:10] shoutme: oh no :( thanks for the warning.. [23:10] now with signed extensions you can't even build your own [23:11] i'm actually trying out some other, supported vim-like extension, but it's not good enough [23:11] vimfx, that's it [23:12] cna't even do ";y" [23:12] sarnold: which release are you on? pentacactly is working for you? [23:13] shoutme: i'm on firefox 44.0.2+build1-0ubuntu0.14.04.1 [23:13] shoutme: the :help hasn't worked in months but it's otherwise mostly working [23:14] yeah i'm o n45.0+build2-0ubuntu1 [23:14] maybe i'll start running it in a trusty vm [23:14] shoutme: I understand the developer builds of firefox allow unsigned extensions [23:14] hm [23:15] that'd be worth it [23:15] Has anyone here used a Windows program called: Qedit? Is there a similar program like gvim for the command prompt? [23:15] shoutme: it'll kinda suck to not get the updates the day they're released, and probably not compiled with the full range of compiler hardening that we get in the ubuntu packages.. but firefox without pentadactyl is baffling. [23:15] Zulu_Too: I may have used qedit on dos 5.0? try vim [23:15] yeah i mostly use vimprobable with with a strict apparmor profile and no js now... keeps me more productive anyway :) [23:15] Zulu_Too: vim's baffling for the first month or so but then .. well, you turn into shoutme and me and try to turn your web browser into vim :) [23:16] speaking of which [23:16] I have tried vim. Amd vi [23:16] Zulu_Too "gvim for the command prompt" - gvim is vim for the gui, so.... [23:17] Zulu_Too: loads of folks love emacs. I never gave it more than about ten minutes.. [23:17] :) [23:18] I have also used Nano. [23:19] I never gave nano more than about ten seconds [23:19] loll [23:19] that's normally the first thing I take care of when I install a new ubuntu system is apt-get purge nano. it's easier than trying to figure out how to use alternatives again :) [23:20] Sarnold that is immensly funny. apt-get purge nano :) [23:22] boy do i hate nano as the default [23:24] I cannot stop laughing. Purge nano. hehe [23:24] we're here for your amusement :) [23:25] Does that make me a member? :) [23:26] lxc launch ubuntu:xenial lv1 <- new simplestreams goodness [23:31] Hey guys, you've been great here. Thanks for the insight about Postfix and other stuff. I will take to heart the counsel and info about it. I bid all here a great day. Thanks so much. God bless. Take care. :) [23:32] have fun Zulu_Too ;) [23:32] Sarnold I am an old fart too. Welcome to the club. hehe [23:32] :) [23:32] :) [23:33] That's it. My goal for the day is to pursuade everyone i'm a millenial. I am *not* an old fart. [23:33] no sir [23:35] tych0: hey bro, did you see that new cycling app? rad man. <- look i'm a millenial [23:36] hm, nfs-common doesn't want to install in a container. that's ungood [23:36] shoutme: i can tell when you're faking [23:36] shoutme: your nick isn't even right and i can tell :) [23:36] shoutme: hello hallyn :) [23:37] curses! [23:37] shoutme: hey if makes you feel any better you had me fooled "who is this super-cool dude who I don't recall seeing before?" :) [23:38] [23:38] shoutme: you did call me bro, though. you'll definitely get some millenial points for that. bro. [23:38] i was gonna say brah but couldn't make my fingers do it [23:38] also I'm scared to find out if you were trying to mount or export an nfs filesystem, and wondering which one to be more scared about.. [23:39] just apt-get build-dep libvirt [23:39] oh :/ [23:45] works fine in trusty - must be a systemd thing === thumper is now known as thumper-dogwalk