/srv/irclogs.ubuntu.com/2016/07/28/#ubuntu-server.txt

sarnoldubuntu_: that sounds a bit like LTSP00:00
ubuntu_whats LTSP00:00
sarnoldlinux terminal server project http://www.ltsp.org/00:01
ubuntu_O is that going to support vnc or rdp or both00:01
ubuntu_because thats kind of cool00:02
sarnolda quick skim of http://wiki.ltsp.org/wiki/Concepts gives me the impression that it's native X1100:03
cncr04sIs there any comprenehsive guide on using kvm/qemu/libvirt on ubuntu. I specifically use virsh to start stop and edit all my virtual machines, I suppose that is all that is really needed but just wondering if there are any additional commands that do other usefull stuff, like adding a new disk while the vm is running, etc.00:08
ubuntu_Also curious for GPT partitioning what is the prefered file system for a linux partition is it  ext4 or is it like LVM  or some virtual level file system that one can cuse00:16
ubuntu_I guess what i am getting at is the best filesystem for large data centers with expandable racks or Loading more HDD drives / expansions00:17
sarnoldI'm a fan of ext4 for OS storage and openzfs for your data00:18
ubuntu_GPT covers pretty much infinity size partitions but for a file system on  that partition kind of wondering what linux file system00:18
sarnoldsome people do like to pu their ext4 filesystems on top of lvm but i'm too lazy to figure that out00:18
ubuntu_zfs and ufs is more for *bsd  file systems00:18
ubuntu_but ya i guess you could uses the zfs for linux00:19
cncr04si just format them as ext400:19
cncr04sand mount them00:19
ubuntu_I am wondering what linux file system is good for expansion of data like a server in the data center that one can add HDD00:19
sarnoldzfs00:19
ubuntu_zfs on top of ext4 or just zfs on the bare partition00:20
sarnoldzfs on bare drives00:20
sarnolddon't partition the drives, the zpool tool takes care of everything00:20
ubuntu_gotcha for windows ntfs supports zfs type expansion?00:20
ubuntu_or is windows using a different file system00:21
sarnoldI haven't used ntfs in 16 years, I suspect it's changed a bit :)00:21
cncr04syou can extend a partition across drives in windows00:21
cncr04sotherwise, raid00:21
ubuntu_for data centers i know ntfs is enough for any small business or  most HDD drive but more interesting in the data center00:21
cncr04sin my datacenter, I put in a drive, format it as ext4, mount it in whatever folder I want00:22
cncr04sdepends on what your doing00:22
ubuntu_Yes but can you extend the file system accrosss drives or do you have to reformat the ntfs after you expand the drive00:22
ubuntu_when your spreading it over more then one drive00:23
cncr04sin windows: just initilze the drive, and extend the partition onto it00:23
ubuntu_It would have to have some LVM virtual software on top of the bare file system i would imagine00:23
cncr04swindows has its own stuff, not compatible with linux00:23
cncr04sotherthan just a ntfs partition00:24
ubuntu_O ok ya never tried it only expanded and shrink HDD partitions on the same HDD drive00:24
ubuntu_curious is there any  drive that can go do both zfs and ntfs00:24
cncr04szfs is a filesystem00:25
sarnolddrives just hold bits, you can put whatever filesystem you want on them00:25
ubuntu_I guess would be nice to know that a driver is out there for windows and mac to support zfs00:25
sarnoldI understand the OS X openzfs port has been revived. I haven't heard of anyone working on a windows openzfs port.00:25
cncr04sI don't know and I doubt it. so count windows out. if the drive goes into a linux server is stays in a linux server00:25
ubuntu_Because how else if you uses zfs and now not have linux anymore are you going to beable to get the data off the zfs you would have to have a means to install a zfs driver .sys .dll onto the windows machine00:26
cncr04sboot into a linux live cd00:26
sarnoldyou can also run one of the illumos-derived distributions, such as smartos or omnios00:27
ubuntu_though linux has ntfs don't you think windows should have zfs driver made?00:27
sarnolddunno. I worry about linux and let microsoft worry about windows.00:28
sarnoldif they think their users would like zfs they're free to try to port it00:28
ubuntu_But you think since file on a file system is really what people life for when it comes to computers you think you want portablity between major filesystems00:29
ubuntu_without storage or files/filesystem you just got computer memory which is nice but then you don't have persistant storage or any kind of information systems other then at an instance in memory00:30
JanCseems like there used to be a read-only ZFS for Windows, but it can't even read recent versions00:37
sarnoldthere was a fuse-based zfs a while ago but I think it's .. quite stale00:38
sarnoldI certainly wouldn't trust any data I cared about to fuse00:39
JanCdokan-based00:39
sarnoldso the idea of zfs-fuse strikes me as funny :)00:39
JanCthe one I saw00:39
JanCfuse is useful to rescue data off a disk if there is no other driver though00:40
sarnoldyeah00:40
sarnoldor a convience vs sftp or scp all the time :)00:40
sarnoldconvenience00:40
JanCI rescued data from disks that came out of a ReadyNAS NV+ with it some time ago (apparently they use or used a patched ext3 in some of their NAS systems, which can be read with one of the fuse-based implementations of ext2/3/4)00:43
sarnoldthat's ... odd :)00:44
sarnoldhooray for the patched versions being available though00:44
sarnoldthat'd be a frustrating way to lose data if it were stuck in their silo00:44
CodeMouse92How do I find my LDAP URL and port (preferably via phpLDAPadmin?)00:48
JanCsarnold: you can mount those filesystems in Ubuntu with the implementation in 'fuseext2' (there is info about how to do it on the internet)00:49
sarnoldJanC: neat00:50
CodeMouse92Nevermind, I think I have it figured out.00:51
CodeMouse92How do I configure phpldapadmin to ONLY be available over localhost>01:20
CodeMouse92(Solved that too. Sorry!)01:24
AlphaHi01:55
MASMThere are some expert in firewall(ufw) ubuntu??03:06
MASMhow i create a note? to share here¿?03:06
sarnoldMASM: the pastebinit package has a pastebinit tool that makes it easy to create and share links to pastebin contents03:07
MASMthanks, and how to put before name and then tex¿? it is automatic?03:08
MASMsarnold:  <-----?03:08
sarnoldMASM: most irc clients let you type a few characters of the nickname and then hit tab to complete the rest of it03:09
sarnoldI just type m<tab> and get MASM: automatically :)03:09
MASMthanks, i'm new in this...03:09
sarnoldwelcome aboard :)03:10
MASMsarnold: if i want to write in pastebin, code like terminal, what option from "Syntax Highlighting" i need to choose ?03:11
sarnoldMASM: probably you can keep it 'plain text' or something similar; the syntax highlighting is if you're pasting part of a program03:12
sarnoldMASM: but shell interactions don't usually improve with syntax highlighting :)03:13
MASMsarnold: thanks a lot03:20
MASMThere are a limit for connection to a socket in ubuntu server ????03:21
sarnoldthere are many limits03:23
sarnoldyou have to have the right privileges to bind to a tcp or udp port <1024 ; there are a maximum number of file descriptors available to a process ; uhhh, I'm sure there's more, but that's all I could think of quickly :)03:24
MASMi have ubuntu server, i config ufw to allow some range of ports, but in syslog, appear the tag "[UFW BLOCK]" ipsource, ipserver, portsource, portdestiny, and i allow that port, i think, maybe it would be the limit of socket connection with tcp03:40
sarnoldMASM: if it has a tag like that, then it was probably blocked by ufw03:44
MASMyou know about ufw?,03:44
sarnolda little03:45
sarnoldI'm sadly vastly uneducated about linux firewalling .. twenty years ago I was awesome at it but then everything changed :)03:45
MASMsarnold: Everything Changed When The Fire Nation Attacked03:46
=== _degorenko|afk is now known as degorenko
=== iberezovskiy|off is now known as iberezovskiy
bindican anyone shed light on why my iptables rules werent loaded after a reboot? i had been running my ass wide open for a few days.. had to do iptables-restore and it loaded the rules from /etc/network/iptables.up.rules10:18
=== Shoe16|Phone is now known as Shoe16
=== tinwood is now known as tinwood-lunch
=== tinwood-lunch is now known as tinwood
MASMi need help with ubuntu server with ufw and iptables e.e16:01
tsimonq2!help | MASM16:03
ubottuMASM: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience16:03
MASMubottu: Thanks for the tips, i am new in this chat16:05
ubottuMASM: I am only a bot, please don't think I'm intelligent :)16:05
lordievaderMASM: What is your actual problem?16:07
MASMbeffore all: ubuntu-server, with services apache,ssh, and it receive information from gps trackers, that reports every time, and are constantly,16:09
MASMI have a problem with ufw, and connections tcp incoming, I allowed port 80, 22, 12300:12400/tcp and udp,    the problem is when i see tail -f /var/log/syslogs | grep "UFW BLOCK", i saw a ips blocked that ips are destiny to port 80 and 12363 <- this is in range that i allow, and i see in iptables, that are a limit of 3/min, i changed this to 1/s , i think i solved this, but not, in this morning i saw some ips blocked in port 80 16:10
MASMhttp://paste.ubuntu.com/21287991/16:11
lordievaderMASM: What does nmap say?16:14
lordievaderAnd jeez what a mess does ufw make of iptable rules.16:14
MASMnmap from local or from external machine?16:15
lordievaderExternal16:15
MASMok wait a minut16:15
jdstrandMASM: those drops might have been from something else. eg, when an existing or new connection is coming in at the time you do 'sudo ufw reload'16:21
jdstrandMASM: your policy looks fine. I suggest tailing the log while trying to make a new connection. it should be fine. I might also point out 'sudo ufw show raw' which gives a full dump of everything16:23
jdstrandalso, not sure how this is a 'mess'. it is actually quite organized so it won't stomp on other applications that add rules16:24
MASMnmap from linux mint : http://paste.ubuntu.com/21289724/16:27
MASMJul 28 10:31:05 u2139 kernel: [73766.1808] [UFW BLOCK] IN=eth0 OUT= MAC=08:00 SRC=187.210.150.xx DST=74.208.x.x LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=45020 DF PROTO=TCP SPT=46420 DPT=80 WINDOW=1414 RES=0x00 ACK FIN URGP=016:31
MASMi still get some messages from syslog, with this rules16:32
MASMif i undertend this, all are right, and i only need to wait for the gps reconnect again?,16:35
jdstrandMASM: nmap is sending an invalid packet. See: 'ACK FIN' is not valid. 'SYN ACK' or 'FIN' are16:40
jdstrandMASM: and ufw blocks invalid packets by default:16:41
jdstrand# drop INVALID packets (logs these in loglevel medium and higher)16:41
jdstrand-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny16:41
jdstrand-A ufw-before-input -m conntrack --ctstate INVALID -j DROP16:41
jdstrandMASM: use your browser to reach the destination on port 80 and you shouldn't see a denial16:42
MASMyes the web site show perfectly16:43
MASMjdstrand: you say that that packets that ufw block are invalids?16:44
jdstrandMASM: tools like nmap are super flexible and send weird stuff to see if they can illicit information out of the firewall, sometimes for OS fingerprinting and the like. the denial is expected and fine. your rules are fine16:44
jdstrandMASM: that log entry you gave shows 'ACK FIN' for the tcp flags. that is an invalid combination, yes16:45
jdstrands/illicit/elicit/ (not sure why I typoed that :)16:48
MASMjdstrand: and this logs are normal, this have "ACK" only16:50
MASMhttp://paste.ubuntu.com/21292299/16:50
* jdstrand notes ACK and FIN can be legitimate under certain circumstances as part of connection tracking, but my point was an nmap-generated packet the sends an ACK/FIN is snot16:52
jdstrandis not16:52
jdstrandMASM: how are you generating those? with nmap?16:53
jdstrandthis seems like possibly a problem with connection tracking if not16:53
MASMthat are reals gps tracking16:55
jdstrandMASM: what is the output of: sudo /usr/share/ufw/check-requirements (feel free to paste it to paste.ubuntu.com)16:56
MASMjdstrand: this is the output - http://paste.ubuntu.com/21293215/16:58
jdstrandMASM: no, you need to run: sudo /usr/share/ufw/check-requirements16:59
MASMha sorry jejjeej16:59
jdstrandMASM: on the system that has the firewall16:59
MASMjdstrand: http://paste.ubuntu.com/21293437/17:00
jdstrandok, that's good. your kernel has everything it needs17:01
jdstrandMASM: can you paste the output of 'sudo ufw show raw'?17:02
MASMok17:03
MASMjdstrand: http://paste.ubuntu.com/21293970/17:04
jdstrandMASM: ok, I don't see any rules that would interfere with ufw. your firewall looks fine. this seems like a problem with connection tracking. I suggest googling: netfilter connection tracking dropped packets (the first entry is good)17:07
jdstrandMASM: that said, depending on how you are reloading the firewall, you can get invalid packets since they aren't part of an established connection. those should start to die down very soon after the firewall/machine restart though17:08
rbasaksmoser: do you have a reference to ivoks' ntpdate bug please? I can't find any that he reported.17:09
jdstrandMASM: if they don't, look at the connection tracking stuff17:10
jdstrandMASM: one final question: did you modify /etc/ufw/*rules by hand? I'm seeing very few packets counted in ufw-user-input chain17:11
smoserrbasak, will look.17:11
jdstrandMASM: ie, an excerpt from your last paste: http://paste.ubuntu.com/21294738/17:11
MASMi only add directly iptables rules and ufw, and not in files,17:11
jdstrandMASM: what do you mean by 'i only add directly iptables rules'?17:12
jdstrandMASM: you are adding rules outside of ufw?17:12
MASMbut i reset all, and put rules via ufw like allow 200, 80 and range ports 12300:1240017:12
jdstrandMASM: what version of Ubuntu is this on?17:13
MASMi did but i reset iptables and ufw, and begin again only with allow that ports that i mentioned17:13
smoserrbasak, its a private bug.17:13
MASM14.04 stable17:13
MASMand ufw 0.34~rc-0ubuntu217:14
jdstrandMASM: can you paste the output of: sudo sha256sum /etc/ufw/*17:14
MASMjdstrand: i reset ufw a lot, jejejej http://paste.ubuntu.com/21295261/17:15
jdstrandMASM: can you paste /etc/ufw/ufw.conf ?17:17
MASMjdstrand: http://paste.ubuntu.com/21295548/17:17
devster31is there any way to give ssh process the maximum priority over the available bandwidth?17:20
jdstrandok, all your files look fine. please run this series of commands:17:20
jdstrandsudo ufw disable17:20
jdstrandsudo /lib/ufw/ufw-init flush-all17:20
jdstrandsudo ufw enable17:20
jdstrandMASM: if there are errors with the above ^, please paste them17:21
MASMi didn't get any errors, it was ok17:21
jdstrandok, then everything should be fine17:21
jdstrandtail the log and you'll hopefully not see any more logged denials after now (check the timestamps! :)17:22
jdstrandMASM: ^ if you do, check the connection tracking stuff I mentioned17:23
MASMI'm cheking my syslog, and i get some block ports, http://paste.ubuntu.com/21297086/17:30
jdstrandMASM: many of those aren't in the range you specified (it would be easiest if you pasted only the new ones). look into the search on the connection tracking and see if that is affecting you. another thing to investigate is whatever is running on 12363 if it is perhaps sending weird packets. tcpdump/wireshark/etc would help there17:42
MASMjdstrand:  I have a nodejs runned with "forever start myscript.js" this open a specific ports that gps tracker, connect to port via tcp or udp and they (gps) give to server the information about imei,status,position,etc,17:52
jdstrandif it isn't connection tracking related, then I think you need to look more deeply at the packets. alternatively, you could add rules to /etc/ufw/before[6].rules that don't care about connection tracking17:57
=== iberezovskiy is now known as iberezovskiy|off
=== degorenko is now known as _degorenko|afk
=== ashleyd is now known as ashd
=== madsa_ is now known as madsa
=== JanC is now known as Guest85214
=== JanC_ is now known as JanC
ShamblesI'm trying to remove ACL's that I accidently placed on a folder from a Windows machine.  I'm trying to use setfacl by typing 'setfacl -x /folder/path' but it responds with "setfacl: Option -x: Invalid argument near character 1"21:13
ShamblesI don't see what other arguments I would need besides the folder path21:14
=== octavius is now known as octavius_
=== octavius_ is now known as octavius
tewardShambles: it's expecting an ACL spec for -x21:59
tewardfrom the man page:21:59
teward       Removing a named group entry from a file's ACL21:59
teward              setfacl -x g:staff file21:59
tewardyou're not giving it an ACL to 'clean' and it expects one21:59
tewards/an ACL/an ACL pattern or spec/21:59
ShamblesAh ok thanks teward.  Was just expecting it to purge all ACLs and leave basic permissions22:01
tewardShambles: yeah, apparently not (if you look at the man page you'll see a little more about the -x argument flag, and see what it expects.22:02
tewardShambles: -x without anything doesn't appear to be the equivalent of 'flushing out the acl' :P22:03
sarnoldwould -b do what you want?22:03
tewardi was about to say that22:03
tewardstop reading my brain22:03
sarnoldor maybe -k22:03
tewardShambles: you can try -b22:03
sarnoldtough to tell :)22:03
tewardsarnold: erm22:04
tewardShambles: do you want to leave the basic UNIX style permissions in place (owner, group, other)?22:04
teward'cause -k removes the default, and not the extended.  -b removes the extended, and not the defaults22:04
tewardcombine, and ACL is nuked, maybe22:04
tewardsarnold: I think -b is what they need...22:04
tewardor want...22:04
teward       -b, --remove-all22:05
teward           Remove all extended ACL entries. The base ACL entries of the owner,22:05
teward           group and others are retained.22:05
tewardi should *really* stop pasting here22:05
teward*goes to disable paste*22:05
CodeMouse92I have a bit of a puzzle. On a leased server, my "root" domain name points to /public_html, as it should. However, I want to put all of the *pages* that appear on that site in a separate folder. I've already got a rather complex .htaccess...22:29
CodeMouse92...actually, I just answered my own question.22:30
CodeMouse92Is it possible to configure an .htaccess to treat contents of a subfolder as if they were in the root folder?23:22

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!