Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«740 »
  • Post
  • Reply
kujeger
Feb 19, 2004

OH YES HA HA

Fun Shoe

fletcher posted:

Config test looks like it's ok, so maybe not that.

That is the entirety of the nginx.service file, there's nothing under [Install]. I don't know much about systemd yet, this was generated by the chef_nginx cookbook.

[...]
All my other systemd services that run on startup like postgresql, postfix, etc have:
code:
[Install]
WantedBy=multi-user.target
Reading the docs it seems like that's what is missing here. Seems odd the chef cookbook would omit that part though.

Yeah, you need that WantedBy bit.

In order for a systemd service to run at boot, it needs to be enabled. In order to enable it, it must have that WantedBy bit, or systemd does not know when/where to enable it.
If you add the same "WantedBy=multi-user.target" bit you see in your other services, then do a "systemctl daemon-reload" to reread the unit file, and finally do "systemctl enable nginx" you should be good to go.

Why the chef cookbook does not include it I do not know, however, it probably should not be touching /usr/lib/systemd/system/nginx.service at all. That file is reserved for the nginx service file included with the nginx package, and should be correct by default:
code:
/etc/systemd/system - Local configuration
/run/systemd/system - Runtime units 
/usr/lib/systemd/system - Units of installed packages
(what distro are you doing all this on?)

kujeger fucked around with this message at Nov 15, 2016 around 14:55

Adbot
ADBOT LOVES YOU

ToxicFrog
Apr 26, 2008



kujeger posted:

If you add the same "WantedBy=multi-user.target" bit you see in your other services, then do a "systemd daemon-reload" to reread the unit file, and finally to "systemd enable nginx" you should be good to go.

s/systemd/systemctl/

kujeger
Feb 19, 2004

OH YES HA HA

Fun Shoe

ToxicFrog posted:

s/systemd/systemctl/

whoops, yes, brainfart there. I'll edit that up..

fletcher
Jun 27, 2003

ken park is my favorite movie

Cybernetic Crumb

kujeger posted:

Why the chef cookbook does not include it I do not know, however, it probably should not be touching /usr/lib/systemd/system/nginx.service at all. That file is reserved for the nginx service file included with the nginx package, and should be correct by default:
code:
/etc/systemd/system - Local configuration
/run/systemd/system - Runtime units 
/usr/lib/systemd/system - Units of installed packages
(what distro are you doing all this on?)

This was on RHEL7. I'm not using a package based install though, I'm installing nginx from source.

Thanks for all the helpful info!

RFC2324
Jun 7, 2012

Http 418


fletcher posted:

This was on RHEL7. I'm not using a package based install though, I'm installing nginx from source.

Thanks for all the helpful info!

That sounds like a fun way to make your life miserable.

fletcher
Jun 27, 2003

ken park is my favorite movie

Cybernetic Crumb

RFC2324 posted:

That sounds like a fun way to make your life miserable.

Yea it's a bit of a pain, changing that aspect is on the to do list!

gourdcaptain
Nov 16, 2012



Just to follow up on an earlier post of mine, with the Mesa 13.0.1 bugfix release Dolphin is now successfully running on my AMD Radeon RX 460 with Vulkan using the open source Vulkan driver and it takes a card that was marginal with Dolphin on OpenGL and gets me up to 60fps stable with every game I try other than the Rogue Squadron games (expected, and I think those are CPU bound anyway) and the Sand Ocean level of F-Zero GX if too many other cars are on-screen. (Which lags worse on every other system I've tried it on.) Impressive.

Although somehow running Dolphin for long periods of time causes the USB audio on my monitor to drop out (according to kernel logs it disconnects itself from the system) or crash, necessitating unplugging and replugging it. I don't even. Onboard audio is stable, and I'd be using HDMI audio if my GPU drivers supported it, so I'm just finally getting a better pair of speakers since the audio on there monitor has always been flakey on any OS over USB and I have even less of an idea on how to report this bug.

DrankSinatra
Aug 25, 2011


Thanks for the advice on distributions last week! I installed OpenSUSE Tumbleweed. It's nice!

mike12345
Jul 14, 2008

"Whether the Earth was created in 7 days, or 7 actual eras, I'm not sure we'll ever be able to answer that. It's one of the great mysteries."





I've set up tiny tiny rss, and everything seems to be working, except the updater is one hour off from system time. Do I have to set the timezone in php or apache, or maybe that's a tiny tiny rss config option I missed?

nem
Jan 4, 2003

Managed + self-hosted hosting platforms since 2002.


mike12345 posted:

I've set up tiny tiny rss, and everything seems to be working, except the updater is one hour off from system time. Do I have to set the timezone in php or apache, or maybe that's a tiny tiny rss config option I missed?

Via /etc/php.ini set date.timezone or date_default_timezone_set() at the beginning of your application.

mike12345
Jul 14, 2008

"Whether the Earth was created in 7 days, or 7 actual eras, I'm not sure we'll ever be able to answer that. It's one of the great mysteries."





nem posted:

Via /etc/php.ini set date.timezone or date_default_timezone_set() at the beginning of your application.

got it, thank you

e: eh, ok, apparently tiny tiny rss doesn't care and uses UTC internally no matter what. at least the frontend has it right

mike12345 fucked around with this message at Nov 17, 2016 around 19:26

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

That's actually what you want, store dates in as neutral a format as is possible and save all the horrible conversions for the code that's displaying it to a user. It saves massive headaches down the road when you change time zones or are trying to merge two sets of data.

mike12345
Jul 14, 2008

"Whether the Earth was created in 7 days, or 7 actual eras, I'm not sure we'll ever be able to answer that. It's one of the great mysteries."





yeah, that makes sense. interesting

Double Punctuation
Dec 30, 2009

Ships were made for sinking;
Whiskey made for drinking;
If we were made of cellophane
We'd all get stinking drunk much faster!


Looks like Mutter will be getting support for NVIDIA proprietary drivers on Wayland soon. Some patches just went through for Gnome 3.24, which is due March 20-22. Fedora 25 might backport the patches, which I think would make it the first distro to support Wayland on NVIDIA.

peepsalot
Apr 24, 2007

        PEEP THIS...
           BITCH!



I got one of these tiny 128GB usb flash drives and I want to turn it into a permanent linux bootable recovery/utility drive.
The thing that's throwing me off is I want to have persistence for the live Linux, but I also would like a partition that I can use on a windows(or any OS) host just as regular USB flash storage to transfer files.

I don't really understand how I should confiure the partitions for this.

As I understand, the persistence partition is supposed to be named "casper-rw" and the live distro will look for a partition with that name, and it doesn't matter what fs type it is? And this casper-rw partition is separate from the partition that the iso is written to?

And then, assuming I get the partitions set up right, is there anything particular that these bootable USB creator apps do besides dd an iso onto a partition?

kujeger
Feb 19, 2004

OH YES HA HA

Fun Shoe

peepsalot posted:

I got one of these tiny 128GB usb flash drives and I want to turn it into a permanent linux bootable recovery/utility drive.
The thing that's throwing me off is I want to have persistence for the live Linux, but I also would like a partition that I can use on a windows(or any OS) host just as regular USB flash storage to transfer files.

I don't really understand how I should confiure the partitions for this.

As I understand, the persistence partition is supposed to be named "casper-rw" and the live distro will look for a partition with that name, and it doesn't matter what fs type it is? And this casper-rw partition is separate from the partition that the iso is written to?

And then, assuming I get the partitions set up right, is there anything particular that these bootable USB creator apps do besides dd an iso onto a partition?

IIRC windows has problems with multi-partition USB drives (maybe fixed with win10 ?)

ToxicFrog
Apr 26, 2008



kujeger posted:

IIRC windows has problems with multi-partition USB drives (maybe fixed with win10 ?)

IIRC, the casper persistence stuff will also work with a file named "casper-rw" in the root of the drive as long as it's an ext4 filesystem image, or something to that effect.

There are also distros that have explicit support for storing persistence as a single file rather than a partition, like Puppy Linux and TinyCore Linux.

In either of these cases, you can just format the entire drive as FAT, make it bootable using syslinux (BIOS) or systemd-boot (EFI), put the kernel and initrd in there somewhere, and then your persistence is just a big ol' data file on there that windows doesn't need to care about. This is the approach I generally take.

Powered Descent
Jul 13, 2008

We haven't had that spirit here since 1969.

Yam Slacker

peepsalot posted:

I got one of these tiny 128GB usb flash drives and I want to turn it into a permanent linux bootable recovery/utility drive.
The thing that's throwing me off is I want to have persistence for the live Linux, but I also would like a partition that I can use on a windows(or any OS) host just as regular USB flash storage to transfer files.

I don't really understand how I should confiure the partitions for this.

As I understand, the persistence partition is supposed to be named "casper-rw" and the live distro will look for a partition with that name, and it doesn't matter what fs type it is? And this casper-rw partition is separate from the partition that the iso is written to?

And then, assuming I get the partitions set up right, is there anything particular that these bootable USB creator apps do besides dd an iso onto a partition?

Rather than mess around with all the casper stuff, I've always preferred to just do this on any convenient computer: boot the installer of your favorite distro from one USB drive, and then do a normal installation to the target USB instead of to a local hard drive. You'll probably have to do the partitioning yourself, but you can keep it simple: a big ext4 mounted at /, and a couple of gigs for swap. No reason you couldn't also have a fat32 partition in there too (probably mounted somewhere under your home directory) that a Windows machine should also be able to read and write. At the end of it, you get a perfectly ordinary, completely persistent Linux install on the USB, that you can boot on just about any machine.

e: Just make sure you pick the USB drive to install the bootloader to!

If you're at all worried about messing things up on the machine you do this on, just unplug the hard drive completely before doing anything. That way, the worst you can possibly do is need to wipe the USB and start over.

Powered Descent fucked around with this message at Nov 18, 2016 around 20:11

Saukkis
May 16, 2003

Unless I'm on the inside curve pointing straight at oncoming traffic the high beams stay on and I laugh at your puny protest flashes.
I am Most Important Man. Most Important Man in the World.

kujeger posted:

IIRC windows has problems with multi-partition USB drives (maybe fixed with win10 ?)

That depends on the firmware on the USB stick. If the firmware says that the stick is USB flash/removable drive, then Windows will only see one partition on it. If the stick claims to be a USB hard drive, then Windows can use any of the partitions on it. This discussion talks about the issue more.

Boris Galerkin
Dec 17, 2011



I was always under the impression that if a software is available on the package manager for your distribution then you shouldn't download the source and compile it yourself. No reasons other than just "hearing" that it's a bad idea to do this. But someone in the general programming thread recommended that I just download OpenBLAS and compile it myself because something about the versions from apt get er al to have "iffy performance."

So that got me thinking. Are there any actual reasons other than effort against just installing whatever stable LTS flavor of Linux is good these days and just compiling my own gcc/make/etc toolkit and throwing it all in e.g. $HOME/local/ (for a single user machine) or even just creating a non root "opt" user and making $HOME/opt accessible to groups?

The only thing I see is if I want a package foo from the manager and it requires package bar, then it'll want me to install bar from the package manager even though I've got it compiled and installed elsewhere, so I might end up having multiple bars installed. But that might not be a bad idea to just let all the package manager packages depend on things from the official repositories.

Keito
Jul 21, 2005

WHAT DO I CHOOSE ?


You're removing the whole point of package managers which is managing packages for you.

If you think manually building and keeping up-to-date all the software you use along with all dependencies sounds like good use of your time, then go ahead.

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

The main reason to deviate from the packages in the distribution is for new features. LTS releases can provide some really outdated software and if you want to use their new gizmos you got a tough decision to make.

I generally draw the line at libraries though. Like on a red hat system I will just live with the python it ships with because replacing it is a colossal pain in the rear end. GCC is the same.. if a user wants a newer compiler they install it in their home area or find a newer os release. Gnome and KDE are right out too.

But different versions of libraries can easily coexist so I'll install whatever.

RFC2324
Jun 7, 2012

Http 418


Boris Galerkin posted:

I was always under the impression that if a software is available on the package manager for your distribution then you shouldn't download the source and compile it yourself. No reasons other than just "hearing" that it's a bad idea to do this. But someone in the general programming thread recommended that I just download OpenBLAS and compile it myself because something about the versions from apt get er al to have "iffy performance."

So that got me thinking. Are there any actual reasons other than effort against just installing whatever stable LTS flavor of Linux is good these days and just compiling my own gcc/make/etc toolkit and throwing it all in e.g. $HOME/local/ (for a single user machine) or even just creating a non root "opt" user and making $HOME/opt accessible to groups?

The only thing I see is if I want a package foo from the manager and it requires package bar, then it'll want me to install bar from the package manager even though I've got it compiled and installed elsewhere, so I might end up having multiple bars installed. But that might not be a bad idea to just let all the package manager packages depend on things from the official repositories.

With a package manager it is MUCH easier to deal with bugfixes. Every time you have to upgrade to close a security hole, you are going to have to recompile, and if it turns out you have a new security fix every month or so, that will get old pretty drat fast compared to just typing a single command and being done with it.

ExcessBLarg!
Aug 31, 2001


Boris Galerkin posted:

I was always under the impression that if a software is available on the package manager for your distribution then you shouldn't download the source and compile it yourself. No reasons other than just "hearing" that it's a bad idea to do this.
The main point of a long-term release distribution is to provide a stable platform on which you can build a product/application/whatever that will functionally remain the same for multiple years but still track security updates. This contrasts with rolling-release where bug fix/security updates may also deprecate features or APIs that break your application. OS distributions tend to also be general purpose, and so while they'll ship many popular libraries they tend to be configured (to the extent it's possible) to be flexible and general in use, but may lack certain features or optimizations specific to your application.

If you can build your application on an OS with no changes to the shipped packages, that's the ideal situation. However it's pretty common that for a specific application you may need to compile certain libraries (or other dependencies) from scratch in order to obtain/enable the necessary set of features, or improve performance, or whatever. That's totally fine, but the more dependencies included here then the greater baggage there is in maintaining your application and the greater the attack surface if those dependencies are security sensitive.

So, yes, depending what your application needs are compiling your own version of OpenBLAS may be beneficial or even necessary. But, while your application may also depend on something like Bash, it probably doesn't need the latest version of Bash and compiling/maintaining your own version of Bash is almost certainly an unwanted liability.

gourdcaptain
Nov 16, 2012



Being able to pull in package versions newer than what your distro ships tends to be better done if you can manage it with a supplemental package source like a PPA on Ubuntu. That way it's still being tracked by the package manager, if nothing else.

Saukkis
May 16, 2003

Unless I'm on the inside curve pointing straight at oncoming traffic the high beams stay on and I laugh at your puny protest flashes.
I am Most Important Man. Most Important Man in the World.

RFC2324 posted:

With a package manager it is MUCH easier to deal with bugfixes. Every time you have to upgrade to close a security hole, you are going to have to recompile, and if it turns out you have a new security fix every month or so, that will get old pretty drat fast compared to just typing a single command and being done with it.

And that's the real killer. I had a Fedora 24 desktop that I hadn't installed updates for 28 days and it had 402 packages needing to be updated. The idea of recombiling all of that software every month is just as insane as it sounds. And then there's the effort to check if any of your software has received security updates at least once a week. The big advantage Red Hat Enterprise Linux are the constant emails about security updates for different software with list of your servers that need to be updated.

But I admit the problem is real and distributions with outdated software can be an annoyance. I remember a decade ago when I was writing a backup script for tar and I couldn't get some feature to, until I realised the version in debian was too old. And here I thought tar had become feature complete in the last millennia. At the same time the solution to this problem is not combiling everything, or anything at all. The first option is to choose a dsitribution that has the software and versions you need. If that isn't possible or practical you might try something like debian/Ubuntu backports or software manufacturer repository. Then is the option of 3rd party repository, like RPM Fusion, or binary packages from manufacturer if they have correct variety available. If none of those are possible you should probably build your own binary package you can install on the system and directly compiling would be the last resort.

apropos man
Sep 5, 2016

You get a hundred and forty one thousand years and you're out in eight!

Can anyone have a stab at why tty7 is being used right after a reboot on this ubuntu box?

I've got luks/dm-crypt enabled, and I use a YubiKey to inject the passphrase on startup so that I don't need a monitor on it.
I have got a desktop environment enabled on boot (LXDE), purely because the command line version of SpiderOak is a pain.
A search reveals that tty7 on ubuntu is comminly used by the X server, so is it that?
I'm not concerned about tty7 logging in right after boot because it's undoubtedly something being done in the OS. Just curious.

code:
ufoo     pts/0        Sun Nov 20 09:25   still logged in    192.168.1.147
ufoo     pts/0        Sun Nov 20 09:11 - 09:25  (00:13)     192.168.1.147
ufoo     pts/0        Sun Nov 20 08:54 - 09:11  (00:17)     192.168.1.147
ufoo     pts/0        Sat Nov 19 08:29 - 08:40  (00:11)     192.168.1.147
ufoo     tty7         Fri Nov 18 22:28    gone - no logout  0.0.0.0
reboot   system boot  Fri Nov 18 22:28   still running      0.0.0.0
ufoo     pts/0        Fri Nov 18 21:48 - 21:54  (00:05)     192.168.1.147
ufoo     pts/0        Fri Nov 18 11:20 - 11:22  (00:01)     192.168.1.107
ufoo     pts/0        Fri Nov 18 06:22 - 11:20  (04:58)     192.168.1.147
ufoo     pts/0        Thu Nov 17 20:11 - 20:12  (00:00)     192.168.1.147
ufoo     pts/0        Thu Nov 17 06:27 - 06:28  (00:00)     192.168.1.147
ufoo     pts/0        Thu Nov 17 06:22 - 06:24  (00:01)     192.168.1.147
ufoo     pts/0        Wed Nov 16 23:04 - 23:05  (00:00)     192.168.1.200
ufoo     pts/0        Wed Nov 16 18:53 - 18:54  (00:00)     192.168.1.147
ufoo     pts/1        Wed Nov 16 18:40 - 18:42  (00:01)     192.168.1.147
ufoo     pts/1        Wed Nov 16 18:37 - 18:37  (00:00)     192.168.1.147
ufoo     pts/0        Wed Nov 16 18:16 - 18:42  (00:26)     192.168.1.147
ufoo     pts/3        Wed Nov 16 17:56 - 18:15  (00:19)     192.168.1.147
ufoo     pts/2        Wed Nov 16 17:56 - 18:54  (00:58)     192.168.1.147
ufoo     pts/0        Wed Nov 16 17:47 - 18:02  (00:15)     192.168.1.147
ufoo     tty7         Wed Nov 16 17:40 - down  (2+04:14)    0.0.0.0
reboot   system boot  Wed Nov 16 17:40 - 21:55 (2+04:15)    0.0.0.0
ufoo     pts/0        Wed Nov 16 17:27 - 17:39  (00:11)     192.168.1.147
ufoo     pts/0        Wed Nov 16 09:08 - 09:12  (00:03)     192.168.1.107
ufoo     pts/0        Wed Nov 16 08:59 - 09:02  (00:03)     192.168.1.107
ufoo     pts/0        Wed Nov 16 08:06 - 08:10  (00:04)     192.168.1.107
ufoo     pts/0        Wed Nov 16 08:02 - 08:04  (00:02)     192.168.1.107
ufoo     pts/0        Wed Nov 16 07:42 - 07:48  (00:06)     192.168.1.107
ufoo     pts/0        Wed Nov 16 05:45 - 05:45  (00:00)     192.168.1.137
ufoo     pts/0        Wed Nov 16 05:44 - 05:44  (00:00)     192.168.1.137
ufoo     pts/0        Wed Nov 16 05:39 - 05:41  (00:01)     192.168.1.137
ufoo     pts/0        Tue Nov 15 17:16 - 18:09  (00:52)     192.168.1.147
ufoo     pts/0        Tue Nov 15 17:14 - 17:15  (00:01)     192.168.1.147
ufoo     pts/0        Mon Nov 14 17:17 - 17:18  (00:00)     192.168.1.107
ufoo     pts/0        Mon Nov 14 17:14 - 17:14  (00:00)     192.168.1.107
ufoo     pts/0        Mon Nov 14 10:14 - 10:16  (00:01)     192.168.1.107
ufoo     pts/0        Sun Nov 13 18:14 - 18:15  (00:00)     192.168.1.147
ufoo     pts/0        Sun Nov 13 09:42 - 09:45  (00:03)     192.168.1.147
ufoo     pts/0        Sun Nov 13 09:38 - 09:42  (00:03)     192.168.1.147
ufoo     pts/0        Sat Nov 12 19:04 - 19:04  (00:00)     192.168.1.147
ufoo     pts/0        Sat Nov 12 18:28 - 18:40  (00:12)     192.168.1.147
ufoo     pts/0        Sat Nov 12 16:38 - 16:40  (00:01)     192.168.1.147
ufoo     pts/0        Sat Nov 12 12:26 - 12:26  (00:00)     192.168.1.147
ufoo     pts/0        Sat Nov 12 11:01 - 11:01  (00:00)     192.168.1.137
ufoo     tty7         Sat Nov 12 10:12 - 17:39 (4+07:27)    0.0.0.0
reboot   system boot  Sat Nov 12 10:11 - 17:39 (4+07:27)    0.0.0.0
ufoo     pts/0        Sat Nov 12 10:10 - 10:10  (00:00)     192.168.1.137
ufoo     pts/0        Sat Nov 12 10:10 - 10:10  (00:00)     192.168.1.137
ufoo     pts/0        Sat Nov 12 09:41 - 09:41  (00:00)     192.168.1.137
ufoo     pts/0        Sat Nov 12 09:41 - 09:41  (00:00)     192.168.1.137
ufoo     pts/0        Sat Nov 12 09:38 - 09:38  (00:00)     192.168.1.147
ufoo     pts/0        Sat Nov 12 08:34 - 08:35  (00:01)     192.168.1.147
ufoo     pts/0        Sat Nov 12 08:00 - 08:01  (00:00)     192.168.1.147
ufoo     pts/0        Fri Nov 11 21:18 - 21:21  (00:03)     192.168.1.147
ufoo     pts/0        Fri Nov 11 05:33 - 06:46  (01:13)     192.168.1.147
ufoo     pts/0        Thu Nov 10 20:06 - 20:08  (00:02)     192.168.1.147
ufoo     pts/0        Thu Nov 10 20:04 - 20:05  (00:01)     192.168.1.147
ufoo     pts/0        Thu Nov 10 19:59 - 20:02  (00:02)     192.168.1.147
ufoo     pts/2        Wed Nov  9 22:53 - 22:53  (00:00)     192.168.1.147
ufoo     pts/0        Wed Nov  9 22:53 - 22:54  (00:01)     192.168.1.147
ufoo     tty7         Wed Nov  9 22:51 - 10:10 (2+11:19)    0.0.0.0
reboot   system boot  Wed Nov  9 22:51 - 17:39 (6+18:48)    0.0.0.0
ufoo     pts/0        Wed Nov  9 22:45 - 22:48  (00:03)     192.168.1.147
ufoo     pts/0        Wed Nov  9 22:45 - 22:45  (00:00)     192.168.1.147
ufoo     pts/0        Wed Nov  9 22:42 - 22:43  (00:00)     192.168.1.147
ufoo     pts/0        Wed Nov  9 22:24 - 22:29  (00:04)     192.168.1.147
ufoo     pts/0        Wed Nov  9 21:50 - 21:55  (00:04)     192.168.1.147
ufoo     pts/0        Wed Nov  9 21:46 - 21:49  (00:03)     192.168.1.147
ufoo     pts/1        Wed Nov  9 05:35 - 05:35  (00:00)     192.168.1.200
ufoo     pts/0        Wed Nov  9 05:33 - 06:21  (00:47)     192.168.1.147
ufoo     pts/0        Tue Nov  8 23:41 - 23:41  (00:00)     192.168.1.200
ufoo     pts/0        Tue Nov  8 23:39 - 23:40  (00:00)     192.168.1.200
ufoo     pts/0        Tue Nov  8 19:57 - 20:52  (00:55)     192.168.1.147
ufoo     pts/0        Tue Nov  8 19:56 - 19:57  (00:00)     192.168.1.147
ufoo     pts/0        Tue Nov  8 19:05 - 19:05  (00:00)     192.168.1.200
ufoo     pts/0        Tue Nov  8 18:21 - 18:26  (00:04)     192.168.1.147
ufoo     pts/0        Tue Nov  8 06:47 - 06:48  (00:00)     192.168.1.200
ufoo     pts/0        Mon Nov  7 06:27 - 06:33  (00:05)     192.168.1.200
ufoo     pts/0        Sun Nov  6 16:09 - 16:09  (00:00)     192.168.1.147
ufoo     pts/0        Sun Nov  6 07:34 - 08:44  (01:09)     192.168.1.147
ufoo     pts/0        Sun Nov  6 06:48 - 07:34  (00:45)     192.168.1.147
ufoo     pts/0        Sat Nov  5 20:14 - 20:31  (00:16)     192.168.1.147
ufoo     pts/0        Sat Nov  5 20:01 - 20:14  (00:12)     192.168.1.147
ufoo     pts/0        Sat Nov  5 19:59 - 20:01  (00:02)     192.168.1.147
ufoo     pts/0        Sat Nov  5 19:34 - 19:37  (00:02)     192.168.1.107
ufoo     pts/0        Sat Nov  5 19:11 - 19:17  (00:06)     192.168.1.147
ufoo     pts/0        Sat Nov  5 18:43 - 18:44  (00:00)     192.168.1.147
ufoo     pts/0        Sat Nov  5 18:37 - 18:43  (00:05)     192.168.1.147
ufoo     pts/0        Sat Nov  5 18:31 - 18:35  (00:03)     192.168.1.147
ufoo     pts/0        Sat Nov  5 18:03 - 18:04  (00:00)     192.168.1.107
ufoo     pts/0        Sat Nov  5 17:45 - 17:49  (00:03)     192.168.1.147
ufoo     pts/0        Sat Nov  5 17:22 - 17:23  (00:01)     192.168.1.147
ufoo     pts/0        Sat Nov  5 17:03 - 17:03  (00:00)     192.168.1.147
ufoo     pts/0        Sat Nov  5 16:56 - 16:56  (00:00)     192.168.1.147
ufoo     pts/0        Sat Nov  5 10:46 - 10:46  (00:00)     192.168.1.147
ufoo     pts/0        Sat Nov  5 09:47 - 09:47  (00:00)     192.168.1.147
ufoo     pts/0        Sat Nov  5 08:17 - 09:47  (01:29)     192.168.1.147
ufoo     pts/0        Sat Nov  5 07:52 - 07:52  (00:00)     192.168.1.147
ufoo     pts/0        Fri Nov  4 20:08 - 20:14  (00:05)     192.168.1.147
ufoo     pts/0        Fri Nov  4 10:00 - 10:06  (00:06)     82-132-217-226.dab.02.net
ufoo     pts/0        Fri Nov  4 06:25 - 06:26  (00:01)     192.168.1.147
ufoo     tty7         Fri Nov  4 06:09 - down  (5+16:39)    0.0.0.0
reboot   system boot  Fri Nov  4 06:08 - 22:49 (5+16:40)    0.0.0.0
ufoo     pts/0        Fri Nov  4 06:04 - 06:04  (00:00)     192.168.1.147
ufoo     pts/0        Thu Nov  3 13:16 - 13:18  (00:01)     82-132-233-12.dab.02.net
ufoo     pts/0        Thu Nov  3 10:10 - 10:11  (00:01)     82-132-233-12.dab.02.net
ufoo     pts/0        Thu Nov  3 07:25 - 07:27  (00:01)     82-132-239-226.dab.02.net
ufoo     pts/0        Thu Nov  3 06:53 - 06:54  (00:00)     192.168.1.147
ufoo     pts/0        Thu Nov  3 06:03 - 06:04  (00:00)     192.168.1.147
ufoo     tty7         Thu Nov  3 05:59 - down  (1+00:05)    0.0.0.0
reboot   system boot  Thu Nov  3 05:59 - 06:05 (1+00:06)    0.0.0.0
ufoo     pts/0        Thu Nov  3 05:56 - 05:57  (00:00)     192.168.1.147
ufoo     pts/0        Thu Nov  3 05:21 - 05:56  (00:35)     192.168.1.147
ufoo     pts/0        Wed Nov  2 22:36 - 22:37  (00:00)     192.168.1.147
ufoo     pts/1        Wed Nov  2 22:04 - 22:04  (00:00)     192.168.1.147
ufoo     pts/2        Wed Nov  2 20:22 - 20:24  (00:01)     82-132-236-234.dab.02.net
ufoo     pts/0        Wed Nov  2 19:05 - 22:34  (03:29)     192.168.1.137
ufoo     pts/0        Wed Nov  2 18:54 - 18:54  (00:00)     192.168.1.147
ufoo     pts/0        Wed Nov  2 17:41 - 18:44  (01:02)     192.168.1.147
ufoo     pts/0        Wed Nov  2 17:31 - 17:32  (00:00)     192.168.1.137
ufoo     pts/0        Wed Nov  2 14:52 - 14:55  (00:03)     82.132.186.4
ufoo     pts/0        Wed Nov  2 14:23 - 14:24  (00:00)     82.132.186.4
ufoo     pts/0        Wed Nov  2 14:05 - 14:11  (00:06)     82.132.186.4
ufoo     pts/0        Wed Nov  2 10:08 - 10:09  (00:00)     82.132.184.69
ufoo     pts/0        Tue Nov  1 22:18 - 22:20  (00:01)     192.168.1.147
ufoo     pts/0        Tue Nov  1 22:10 - 22:16  (00:05)     192.168.1.147
ufoo     pts/2        Tue Nov  1 21:49 - 22:00  (00:10)     192.168.1.147
ufoo     pts/0        Tue Nov  1 20:43 - 22:09  (01:25)     192.168.1.147
ufoo     pts/0        Tue Nov  1 20:17 - 20:43  (00:26)     192.168.1.147
ufoo     pts/0        Tue Nov  1 19:17 - 19:32  (00:15)     192.168.1.137
ufoo     pts/0        Tue Nov  1 19:08 - 19:08  (00:00)     192.168.1.137
ufoo     pts/0        Tue Nov  1 19:05 - 19:08  (00:02)     192.168.1.137
ufoo     pts/0        Tue Nov  1 15:09 - 15:12  (00:03)     82-132-233-105.dab.02.net

wtmp begins Tue Nov  1 15:09:05 2016

Keito
Jul 21, 2005

WHAT DO I CHOOSE ?


apropos man posted:

Can anyone have a stab at why tty7 is being used right after a reboot on this ubuntu box?

I have got a desktop environment enabled on boot (LXDE), purely because the command line version of SpiderOak is a pain.
A search reveals that tty7 on ubuntu is comminly used by the X server, so is it that?

Yes.

apropos man
Sep 5, 2016

You get a hundred and forty one thousand years and you're out in eight!


So, on X server enabled systems (particularly Ubuntu), tty7 is run at boot and killed on shutdown. Thanks.

RFC2324
Jun 7, 2012

Http 418


Does Ubuntu still use tty7 for X? I know Fedora appears to use tty1 nowadays.

ToxicFrog
Apr 26, 2008



apropos man posted:

So, on X server enabled systems (particularly Ubuntu), tty7 is run at boot and killed on shutdown. Thanks.

If you have physical access to the machine, pressing ctrl-alt-F7 will switch to tty7 and you'll probably see a graphical login screen waiting for you. You can also 'pgrep -laf bin/X' and you'll probably see the X server running with command line args pointing it at tty7:
pre:
$ pgrep -laf /X
2228 /usr/bin/X -nolisten tcp -auth /run/sddm/{e36100ad-cc89-4af2-b0be-e41fe5ff815b} -background none -noreset -displayfd 18 vt7
You can also change whether it starts X on boot at all; if you're running a recent (systemd-based) ubuntu this is a matter of changing /etc/systemd/system/default.target to point to /usr/lib/systemd/system/multi-user.target rather than graphical.target (the systemd equivalents of runlevels 3 and 5, respectively).

RFC2324 posted:

Does Ubuntu still use tty7 for X? I know Fedora appears to use tty1 nowadays.

Ubuntu, SUSE, and Nix all use tty7 for X11. Fedora is the only one I know of that switched to tty1.

apropos man
Sep 5, 2016

You get a hundred and forty one thousand years and you're out in eight!

My laptop (Fedora 24) says this in response to 'pgrep -laf bin/X':
code:
1348 /usr/bin/Xwayland :1024 -rootless -noreset -listen 4 -listen 5 -displayfd 6
I had to log in and log back out again to check that I wasn't running Wayland. I wasn't. When I cycle through tty's with CTL+ALT+Fn I get the display manager login on tty1, X on tty2 and various terminals on tty3 to tty6. tty7 is a no go on Fedora.

Logging into my Ubuntu box and running 'pgrep -laf bin/X' gives no output.

My workstation currently has Ubuntu running Cinnamon DE and that gives no output, either, but I'm able to cycle through tty1 to tty8, with tty7 being the exception as that switches to X. I've currently got a radio stream running on the workstation and the music cut out when I switched tty but it corrected itself and carried on playing no problem. So it would seem that alsa and X are both directly connected to tty7 on Ubuntu.

ToxicFrog posted:


You can also change whether it starts X on boot at all; if you're running a recent (systemd-based) ubuntu this is a matter of changing /etc/systemd/system/default.target to point to /usr/lib/systemd/system/multi-user.target rather than graphical.target (the systemd equivalents of runlevels 3 and 5, respectively).


Yep. This is handy on the Raspberry Pi too. I have a couple of scripts to change into either graphical or commandline boot in my home directory in Raspbian, via running one of these two:
code:
sudo systemctl set-default graphical.target

sudo systemctl set-default multi-user.target

Ur Getting Fatter
Jun 9, 2007

Fast Food Fight



Grimey Drawer

I have fail2ban running on my CentOS server. sshd jail is running and I've switched CentOS to use iptables instead of FirewallD

When I purposely input the wrong password a few times fail2ban adds the following rule to iptables:

code:
-A f2b-sshd -s 10.10.10.10/32 -j REJECT --reject-with icmp-port-unreachable
That rule does not work at all, seeing as I can SSH in just fine.

Adding the following rule manually, however does work:

code:
 -I INPUT -s 10.10.10.10 -j DROP
Any ideas on what's going on and how to fix it?

Edit: for what it's worth, the same thing happened with FirewallD.

anthonypants
May 6, 2007

by Nyc_Tattoo


Dinosaur Gum

Ur Getting Fatter posted:

I have fail2ban running on my CentOS server. sshd jail is running and I've switched CentOS to use iptables instead of FirewallD

When I purposely input the wrong password a few times fail2ban adds the following rule to iptables:

code:
-A f2b-sshd -s 10.10.10.10/32 -j REJECT --reject-with icmp-port-unreachable
That rule does not work at all, seeing as I can SSH in just fine.

Adding the following rule manually, however does work:

code:
 -I INPUT -s 10.10.10.10 -j DROP
Any ideas on what's going on and how to fix it?

Edit: for what it's worth, the same thing happened with FirewallD.
Your INPUT table isn't reading from the f2b-sshd table?

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

Is the f2b-sshd chain actually being processed?

The two rules you posted are not identical.

thebigcow
Jan 3, 2001

Bully!

efb

nem
Jan 4, 2003

Managed + self-hosted hosting platforms since 2002.


Also do you have a "10.10.10.10/32 -j ACCEPT" rule before the fail2ban chain processing in your INPUT chain? -I places the rule at the front of your INPUT chain, so the DROP will supersede any whitelisting.

HPL
Aug 28, 2002

Worst case scenario.

Kind of a dumb question, but is there a Linux equivalent to Microsoft's RDWeb?

Ur Getting Fatter
Jun 9, 2007

Fast Food Fight



Grimey Drawer

nem posted:

Also do you have a "10.10.10.10/32 -j ACCEPT" rule before the fail2ban chain processing in your INPUT chain? -I places the rule at the front of your INPUT chain, so the DROP will supersede any whitelisting.

No, it's the only rule for that IP (plus it happens with any IP).

I think it's most likely that like someone else mentioned, iptables is not processing fail2ban chains.

Any ideas on how to trouble shoot that?

Adbot
ADBOT LOVES YOU

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

You need add or check for a rule to the input chain telling it to jump to the f2b-sshd chain. So there needs to be a rule somewhere with '-A INPUT -j f2b-sshd' in it.. probably one that has a dport of 25, so that any incoming ssh connections get fed through the chain.

I'm garbage at writing iptables rules without testing them several times so I won't even try.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«740 »