***: amdprophet|sleep has quit IRC (Quit: amdprophet|sleep)
schmir has joined #arpnetworks
schmir has quit IRC (Remote host closed the connection)
fink has joined #arpnetworks
fink has quit IRC (Ping timeout: 252 seconds)
schmir has joined #arpnetworks
nerdd_ has joined #arpnetworks
nerdd has quit IRC (Ping timeout: 264 seconds)
ziyourenxiang has joined #arpnetworks
LT has joined #arpnetworks
infrared has quit IRC (Ping timeout: 276 seconds)
infrared has joined #arpnetworks
cedwards: up_the_irons: ping re: second vps serial console access.
***: heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
vtoms has joined #arpnetworks
nesta- has joined #arpnetworks
heavysixer has quit IRC (Quit: heavysixer)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
fink has joined #arpnetworks
mick_laptop has quit IRC (*.net *.split)
coil has quit IRC (*.net *.split)
cedwards has quit IRC (*.net *.split)
mick_laptop has joined #arpnetworks
coil has joined #arpnetworks
cedwards has joined #arpnetworks
fink has quit IRC (Quit: fink)
infrared has quit IRC (Read error: Operation timed out)
infrared has joined #arpnetworks
schmir has quit IRC (Remote host closed the connection)
cedwards: good morning everybody.
nesta-: heya cedwards :)
***: nesta- is now known as aem
fink has joined #arpnetworks
LT has quit IRC (Quit: Leaving)
ziyourenxiang has quit IRC (Quit: ziyourenxiang)
cedwards: question for the BSD folk. how large do you normally make / when you partition?
RandalSchwartz: cedwards - using zfs, so it doesn't matter. :)
cedwards: I've yet to dabble in the magic that is zfs :(
aem: cedwards: about a 1gb but it does not even need that
cedwards: perhaps now is a good time to learn
aem: I just reinstalled my second VPS and did 512M, which is my normal default, but it hit 100% on / when I tried rebuilding world.
I have /tmp, /var, /usr, and / (1G, 2G, remaining and 512M respectively)
aem: yes I had this same issue cedwards
cedwards: aem: figure out why?
aem: trying to recall heh
but I do remember I reformatted and made my root 1gb
and was fine :)
cedwards: hmm. hate to lose a morning of work, but I guess that might be worth it.
fink: cedwards: i agree with randall, use zfs
less hassle
cedwards: I suppose I need to break out the handbook and do some reading them.
s/them/then/
RandalSchwartz: many here have gone on the path ahead of you, and set up signposts. :)
fink: cedwards: randall gave me this link: http://wiki.freebsd.org/RootOnZFS/GPTZFSBoot
i'm using it on the 768 slice
i mean vps ;)
cedwards: old slicehost customer? :)
fink: yup
cedwards: I was, once upon a time as well. Went to Linode, and then here.
-: fink likes it here
cedwards: ok, following those zfs instructions, which option should I select at fixit?
cdrom, usb, floppy, shell
RandalSchwartz: cdrom I think
whatever gets you to a shell :)
but not the holoshell
I think it's "6" then '1"
been a whiel
... http://wiki.freebsd.org/RootOnZFS/GPTZFSBoot
and know that the network interface is "em0", not "re0"
and you can't use DHCP, so you have to put your real info there
when you get down to step 2.5
I think the rest was just as written
cedwards: I'm still stuck on the first gpart command(s)
file exists on create. file busy on destroy.
RandalSchwartz: you might have booted wrongly then
ad0 should be free
cedwards: i boot from CD. Select fixit, and cdrom..
RandalSchwartz: try df or mount. see what's mounted
make sure ad0 isn't mounted
cedwards: just md0 and acd0
RandalSchwartz: ahh. might need to destroy the existing label
cedwards: how do i do that?
RandalSchwartz: dd if=/dev/random of=/dev/ad0 bs=1m count=1
cedwards: good 'ol dd
RandalSchwartz: then you should be able to do the create
gpart was trying to prevent you from hurting yourself
cedwards: yup
RandalSchwartz: but you... uh... know better. :)
cedwards: riggght.
***: j3m has joined #arpnetworks
cedwards: what can I prune from 2.2 if I normall just install minimal?
just use base?
trying base + lib32
ok. machine is finally back up and ready to use.
going to have to get used to having so many entries in 'mount' and 'df' using zfs
fink: cedwards: gpart destroy ad0
sorry, late to the party
gpart delete -i 1 ad0
cedwards: lol, yeah. we got a little destructive with dd instead :)
fink: i had that same problem following that guide
dxtr: Hrm, are there any security measures one can take for local users?
fink: did you do `zfs unmount -a` yet?
dxtr: I mean, so they don't get to root or get any sensitive information
fink: dxtr: no sudo
dxtr: And, yes, except for jailing them :P
cedwards: dxtr: plenty.
dxtr: fink: I'm only allowing sudo to myself
cedwards: make sure you have a good passwd
dxtr: I've actually disabled user passwords too (Except for myself so I can sudo)
Are there any directories and/or files I can change permissions on to make sure they don't get any sensitive information?
cedwards: remind me what you're running? BSD?
dxtr: FBSD :)
cedwards: check out login.conf for additional restrictions.
do you pan on having a lot of (untrusted) users on the machine?
dxtr: Not alot, no :P
cedwards: I'd say consider what these users do/don't need. if its a simple chroot shell consider ssh chroot config or jails.
definitely check out login.conf, set a more private umask perhaps.. don't allow sudo, etc.
dxtr: I'll look into it :)
cedwards: does anyone know why bind9 comes as part of base FreeBSD?
mike-burns: As opposed to what?
cedwards: unless you're going to run / need a name server, why include it?
wouldn't it be enough to make sure resolution works via /etc/resolv.conf, and then install bind from ports as needed for name servers
mike-burns: Ah, I see. Nope, no idea.
cedwards: just comes to mind because I'm updating /usr/src and the only updates are for src/contrib/bind9/
aem: hm, anyone here use their arp ipv6 with afraid.org for DNS ?
toddf: I use my arp IPv6 to serve dns, why use someone else? ;-)
aem: please tell me how
lol, I have been reading google links for 2 days
I have an _idea_
but DNS is a slippery fish
right now I have a seperate dns server on a Debian machine, I am going to try to hget my ipv6 reversed with it
:)
-: aem prays
***: vtoms has quit IRC (Quit: Leaving.)
dxtr: aem: Piece of cake :)
aem: hehe
I am still struggling here
dxtr: I'm running nsd o/
Thanks to up_the_irons
aem: gave up on the Debian, I was completely off track there
nsd is name server daemon yeh?
cedwards: I've not done IPV6 with bind, but I can't imagine it would be that much different than IPV4.
AAAA vs A is all as far as I know..
dxtr: cedwards: We're talking reverse here. But yeah, there's no huge difference there either
cedwards: of course I am assuming experience maintaining DNS, which not everyone has.
aem: yeah heh
i have precisely 0
gettign there though :P
***: fink has quit IRC (Quit: fink)
fink has joined #arpnetworks
fink has quit IRC (Quit: fink)
dbgi has quit IRC (Ping timeout: 240 seconds)
dbgi has joined #arpnetworks
dbgi has quit IRC (Changing host)
dbgi has joined #arpnetworks
cedwards: anyone have any suggestions on how to auto-start/re-connect to a screen session on login?
infrared: screen -r
:P
aem: edyou mean like when you login ?
DaCa: -xRR
aem: cedwards: ^
cedwards: I've seen some examples of: if [ $TERM != "screen" ]; then screen -dr; fi
aem: yeah
cedwards: I'm not getting it to work consistently though. thought ya'll might have some suggestions.
just for documentation sake, I added 'screen -dRR' to .bash_profile and it seems to work as expected.
is it appropriate to run ntpd on these? I recall with xen that the time was only updated via the host. is that the same for kvm/qemu?
aem: cedwards: fwiw, I run ntpd
cedwards: do you have a preference between ntpd and openntpd?
aem: I don't know enough about either to have one really
I juse used ntpd because it was in the Handbook I think
***: heavysixer has quit IRC (Quit: heavysixer)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
dbgi has quit IRC (Ping timeout: 276 seconds)
anders has joined #arpnetworks
dbgi has joined #arpnetworks
dbgi has quit IRC (Changing host)
dbgi has joined #arpnetworks
heavysixer has quit IRC (Quit: heavysixer)
mike-burns: cedwards: I use this to shell into my box: ssh -t uesr@server screen -rd
(I've a shell alias locally, obv.)
cedwards: mike-burns: I do similar. i run jails at home for local services, one of which is an ssh bastion.
mike-burns: that requires 'ssh -t user@host1 ssh -t user@host2 "screen -dr"'
but, that alias will fail if no screen is present on the other end.
mike-burns: Ah, I see.
In unrelated news, I just found this on the OpenBSD Journal blog thingie: http://devio.us/
cedwards: yeah. I have an account with them.
mike-burns: What do you use it for?
cedwards: can't have too many random shell accounts when it comes to external testing and bypassing firewalls ;)
mike-burns: Ha true.
cedwards: I use distributed shell accounts to test dns propagation and firewall verification.
infrared: uh huh
where were you when dalnet was ddos'd?
:P
cedwards: uhh, i don't know what you're talking about :)
infrared: hah
cedwards: infrared: I'm afraid to ask, but how's the dvorak coming?
infrared: :(
cedwards: anyone done zfs based jails?
CESSMASTER: cedwards: you sloppy bastard it survived
***: schmir has joined #arpnetworks
dbgi has quit IRC (Read error: Connection reset by peer)
anders has left