[00:27] *** islandfox has quit IRC (*.net *.split)
[00:27] *** woremacx has quit IRC (*.net *.split)
[00:33] *** islandfox has joined #arpnetworks
[00:33] *** woremacx has joined #arpnetworks
[02:08] *** LT has joined #arpnetworks
[03:04] *** schmir has joined #arpnetworks
[03:23] *** [FBI] starts logging #arpnetworks at Wed Apr 28 03:23:01 2010
[03:23] *** [FBI] has joined #arpnetworks
[04:17] *** schmir has quit IRC (Quit: rcirc on GNU Emacs 24.0.50.1)
[04:39] *** ziyourenxiang has joined #arpnetworks
[04:42] <cedwards> they're watching!
[04:50] * infrared undresses
[04:52] <cedwards> uhh
[04:52] <infrared> scared?
[04:52] <infrared> don't be shy
[04:52] <infrared> haha
[04:53] <infrared> ugh.. time for work
[04:55] <cedwards> sounds more like chatroulette in here than irc
[05:20] <bob^^> :/
[05:28] <cedwards> can anyone tell me how to use zfs for each jail?
[05:42] *** Ehtyar has quit IRC (Ping timeout: 252 seconds)
[06:06] *** vtoms has joined #arpnetworks
[06:17] *** schmir has joined #arpnetworks
[06:32] <cedwards> found this I thought I'd share: http://tuxtraining.com/2009/04/26/how-to-harden-freebsd
[06:32] <cedwards> few things in there I hadn't considered before
[06:34] <mike-burns> I don't understand that first one, about symlinking /tmp with /var/tmp.
[06:35] <cedwards> yeah, that seemed odd. I didn't bother with that oen.
[06:36] <mike-burns> Also not sure why he turned off X11 forwarding if X isn't even installed.
[06:37] <RandalSchwartz> cargo culting :)
[06:37] <mike-burns> I'm wary of an admin who uses nano ...
[06:37] <cedwards> mike-burns: +1
[06:37] <ziyourenxiang> "blowfish is much better suited for passwords" than md5, sez he
[06:38] <cedwards> or "open gedit and..."
[06:38] <mike-burns> Ha.
[06:38] <cedwards> ziyourenxiang: I do prefer blf over md5; i've been making that change long before I read that post.
[06:39] <ziyourenxiang> well, i'm not really disagreeing, just pointing out that the author of that docu made that assertion without explanation... telling how without why is poor teaching
[06:39] <mike-burns> Surprised /etc/mtree wasn't mentioned in here, what with all the chmod'ing.
[06:39] <ziyourenxiang> , ok, actually i didn't point out anything in my earlier statement :-)
[06:40] <RandalSchwartz> "I prefer capital letters to lowercase, since capital letters are more secure"
[06:40] <DaCa> I wouldn't really trust security considerations from someone who runs 4.x and 5.x in 2009 :p
[06:40] <mike-burns> Or whose domain name is tuxtraining.org.
[06:40] <cedwards> now ya'll are making me feel bad for sharing the link :(
[06:40] <mike-burns> com
[06:40] <RandalSchwartz> "second half of the alphabet, even better!"
[06:41] <bob^^> hah, tux training... for freebsd :/
[06:41] * RandalSchwartz trains his tux
[06:42] <bob^^> lol, not entirely sure how adding a login banner improves security :/
[06:43] <RandalSchwartz> if it says "thank you for logging in to the FBI..."
[06:43] <cedwards> yeah. i never bother with login banners anywhere but work, and that's because they told me to.
[06:43] <cedwards> RandalSchwartz: way back when I was teaching Linux I had a student add a banner similar to that on his machine.
[06:43] <cedwards> RandalSchwartz: made me double-take and re-check the IP I had connected to
[06:43] <RandalSchwartz> heh
[06:44] <bob^^> :)
[06:44] <RandalSchwartz> first thing I do on getting a new login is "touch .hushlogin" :)
[06:44] <cedwards> ++1
[06:44] <cedwards> although that kills /etc/motd but not banners. i wish it did banners.
[06:45] <RandalSchwartz> banner?
[06:45] <RandalSchwartz> where's that?
[06:45] <bob^^> i quite like the motd sometimes - we use it in work to keep notes about recent config changes on boxes etc
[06:45] <mike-burns> The banner tends to say which version of FreeBSD it is, which is more information than no banner.
[06:46] <cedwards> Banner directive in sshd_config is prior to login, which .hushlogin doesn't--cant--avoid.
[06:46] <bob^^> indeed, it doesn't know what username you're going to enter until after the banner is sent :)
[06:47] <RandalSchwartz> ahh
[06:47] <cedwards> what is really annoying in when I bounce: ssh -t host1 ssh -t host2 ssh -t host3 and have to see three effing banners along the way.
[06:48] <DaCa> you always pass a username when making a ssh-connection, I think you can disable it selectively with Match in sshd_config
[06:49] <cedwards> DaCa: ohh that would be nice. /me tries.
[06:51] <mike-burns> I just realized that this guide is running everything from a root shell instead of using sudo.
[06:51] <bob^^> lol, i didn't even notice that :(
[06:53] <DaCa> cedwards: just tested, works indeed
[06:54] <cedwards> DaCa: what syntax did you use? I'm getting an error on Match
[06:55] <DaCa> Match User blah
[06:55] <DaCa> Banner none
[06:55] <DaCa> to disable the banner only for user blah
[06:55] <DaCa> you can also work with groups
[06:56] <cedwards> Starting sshd: /etc/ssh/sshd_config: line 120: Bad configuration option: Match
[06:56] <cedwards> /etc/ssh/sshd_config: terminating, 1 bad configuration options
[06:56] <DaCa> too old sshd?
[06:57] <cedwards> OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 (CentOS 5)
[06:57] <DaCa> yeah, probably too old
[06:58] <cedwards> lame
[07:00] <cedwards> now that everyone is awake I'll try this question again: how do I create sized-pools for use with ezjail?
[07:01] * DaCa leaves for siesta :)
[07:04] <cedwards> I know how to create: 'zfs create zroot/usr/jails/jailname', but I don't know how to make it a set size.
[07:04] <RandalSchwartz> set a quota
[07:05] <RandalSchwartz> or do you want to ensure that it already allocates from its parent
[07:05] <RandalSchwartz> if so, there's something like "reservation size"
[07:05] <cedwards> I just want to make sure it can't become larger than X
[07:05] <RandalSchwartz> that's quota
[07:05] <cedwards> zfs set quota=50G zroot/usr/jails/jailname ?
[07:06] <RandalSchwartz> something like that yeah
[07:06] <cedwards> do I need to do anything fancy with ezjail?
[07:08] <cedwards> it says this in ezjail-admin(1):
[07:08] <cedwards> Starting with ZFS version 13 in FreeBSD, the -c option allows to create a ZFS-backed jail with an optional ZFS filesystem-quota passed via  the -s option. The filesystem is named after the jailname.
[07:09] <cedwards> I must be getting the syntax wrong though. I'm not getting the results I exect.
[07:16] <cedwards> ezjail-admin create -i -f example -s 2G -c zfs bodie 10.0.0.10
[07:16] <cedwards> I _think_ that worked.
[08:42] *** lll_ has quit IRC (Quit: leaving)
[08:43] *** lll has joined #arpnetworks
[09:05] *** LT has quit IRC (Quit: Leaving)
[09:25] <cedwards> would anyone know why I'd get this error when trying to launch screen:
[09:25] <cedwards> fork: Resource temporarily unavailable
[09:25] <cedwards> mkfifo /tmp/screens/S-dlord/22809.pts-3.bodie failed
[09:26] <cedwards> (inside a jail)
[09:48] *** nbari|away has quit IRC (Remote host closed the connection)
[09:55] *** nbari|away has joined #arpnetworks
[09:57] *** ziyourenxiang has quit IRC (Quit: ziyourenxiang)
[10:30] *** nbari|away has quit IRC (Read error: Connection reset by peer)
[10:32] *** nbari|away has joined #arpnetworks
[10:32] *** residual has quit IRC (Ping timeout: 258 seconds)
[10:37] <cedwards> figured that one out (because you care)
[10:37] <cedwards> now I get:
[10:37] <cedwards> Apr 28 10:25:08 bodie bitlbee[1900]: Unable to create UNIX socket: Protocol not supported
[10:37] <cedwards> Apr 28 10:25:08 bodie bitlbee[1900]: Warning: Couldn't write PID to `/var/run/bitlbee.pid'
[11:30] *** nbari|away has quit IRC (Read error: Connection reset by peer)
[11:32] *** nbari|away has joined #arpnetworks
[11:41] *** nbari|away has quit IRC (Write error: Connection reset by peer)
[11:42] *** nbari|away has joined #arpnetworks
[11:44] *** nbari|away has quit IRC (Read error: Connection reset by peer)
[11:44] *** nbari|away has joined #arpnetworks
[11:45] *** nbari|away has quit IRC (Read error: Connection reset by peer)
[11:47] *** nbari|away has joined #arpnetworks
[11:53] *** nbari|away has quit IRC (Read error: Connection reset by peer)
[11:53] *** nbari|away has joined #arpnetworks
[11:54] *** nbari|away has quit IRC (Read error: Connection reset by peer)
[11:55] *** nbari|away has joined #arpnetworks
[12:02] *** aem has joined #arpnetworks
[12:06] *** nbari|away has quit IRC (Read error: Connection reset by peer)
[12:07] *** nbari|away has joined #arpnetworks
[12:09] *** nbari|away has quit IRC (Read error: Connection reset by peer)
[12:10] *** nbari|away has joined #arpnetworks
[12:11] *** nbari|away has quit IRC (Read error: Connection reset by peer)
[12:13] *** nbari|away has joined #arpnetworks
[12:15] <aem> yo yo
[12:16] <dxtr> http://pastebin.com/ZS8J4Lqw <- Got that in the mail. Sounds legit.
[12:16] <aem> yeah nice email
[12:17] *** nbari|away has quit IRC (Remote host closed the connection)
[12:19] <dxtr> aem: I think I'll give it a go
[12:19] <dxtr> Who doesn't have 1,850,000 USD laying around?
[12:20] <aem> heheh
[12:20] <aem> might as well, what you go to lose!?
[12:20] <aem> money? psh, that grows on trees!
[12:24] <dxtr> :D
[12:25] <dxtr> Btw, aem. How did the DNS work out?
[12:25] *** nbari|away has joined #arpnetworks
[12:25] *** aem_ has joined #arpnetworks
[12:26] *** aem has quit IRC (Ping timeout: 245 seconds)
[12:40] <cedwards> I guess FreeBSD doesn't use /etc/skel for adduser, but /usr/share/skel?
[12:40] <dxtr> good question :D
[12:40] <dxtr> Never thought about it
[12:40] <dxtr> I added maildirs to /etc/skel though
[12:41] <dxtr> but don't ask me if it actually worked
[12:42] <mike-burns> `man pw' says that -k and -m changes it, but I can't see where it's set.
[12:43] <cedwards> I'm trying to add a few files to my new user /home but it's not quite working
[12:43] <cedwards> ./etc/skel seems to be ignored, and /usr/share/skel is ro in jails
[12:46] <aem_> yeah it uses /usr/share/skel/ cedwards
[13:04] <cedwards> aem_: I created an adduser.conf and changed it to /etc/skel.
[13:05] <cedwards> aem_: see if that'll allow me to customize it's contents on a per-jail setting.
[13:06] <aem_> cedwards: wth some fiddling with /etc/profile and that you can probably get something work I'm sure
[13:06] <aem_> good luck :)
[13:06] <aem_> lemme know what you do if it works
[13:08] <cedwards> adduser -C, follow prompts. this generates an adduser.conf.
[13:08] <cedwards> edit adduser.conf to point to /etc/skel. cp -a /usr/share/skel/* /etc/skel/
[13:08] <cedwards> done
[13:08] <cedwards> ...at least it seems to have worked :)
[13:16] <dxtr> Uhm, guys
[13:16] <dxtr> I don't remember... How do I get xterm to work with irssi (or vice/versa)? :)
[13:16] <dxtr> Can't use alt-numbers :(
[13:16] <cedwards> esc-number is what I use
[13:16] <cedwards> always used, actually.
[13:18] <dxtr> cedwards: True. Might have to learn that then ;)
[13:18] <cedwards> muscle memory is a fickle mistress
[13:20] <dxtr> I'm lucky alt-arrows still work though
[13:20] <dxtr> Could ofcourse set XTerm*metaSendsEscape: true
[13:20] <mike-burns> Or try weechat.
[13:20] <dxtr> Using xterm now \o
[13:21] <cedwards> I prefer uxrvt over xterm, but I'm currently using Konsole
[13:22] <dxtr> I'm using (X)ubuntu with full disk encryption :)
[13:22] <dxtr> And yes, I do prefer xterm over urxvt
[13:22] <cedwards> full disk encryption is nice. tell me, do you encrypt your disk & your home folder?
[13:22] <cedwards> dxtr: I ask because I think it is funny how home-folder encryption can be handled separately, so even when you encrypt all you still get prompted.
[13:31] <dxtr> No I'm not
[13:32] *** Ehtyar has joined #arpnetworks
[13:34] *** schmir has quit IRC (Remote host closed the connection)
[13:36] *** fink has joined #arpnetworks
[14:05] *** amdprophet has quit IRC (Ping timeout: 276 seconds)
[14:06] *** vtoms has quit IRC (Quit: Leaving.)
[14:56] *** aem has joined #arpnetworks
[14:57] *** aem_ has quit IRC (Ping timeout: 245 seconds)
[15:03] *** aem has quit IRC (Ping timeout: 240 seconds)
[15:05] *** aem has joined #arpnetworks
[15:33] *** aem_ has joined #arpnetworks
[15:35] *** aem has quit IRC (Ping timeout: 240 seconds)
[15:39] *** aem_ has quit IRC (Remote host closed the connection)
[15:52] *** schmir has joined #arpnetworks
[15:52] *** trapdoor has joined #arpnetworks
[16:26] *** schmir has quit IRC (Ping timeout: 258 seconds)
[16:37] *** jjpickle has joined #arpnetworks
[16:38] *** jjpickle has quit IRC (Quit: leaving)
[16:38] *** jjpickle has joined #arpnetworks
[16:38] <jjpickle> is there a garry here
[16:39] <DaCa> jjpickle: his nick is up_the_irons
[16:39] <jjpickle> thanks
[16:43] *** jjpickle has left 
[17:09] *** homosaur has joined #arpnetworks
[17:28] *** schmir has joined #arpnetworks
[17:53] *** schmir has quit IRC (Ping timeout: 265 seconds)
[18:17] *** j3m has quit IRC (Read error: Operation timed out)
[18:17] <homosaur> can anyone recommend a lightweight forum software? not happy with the built in drupal forus
[18:18] <infrared> yeah...
[18:18] <CESSMASTER> vanilla seems to work ok
[18:26] <mhoran[jUaReZ]> Thumbs down to Drupal.
[18:28] *** DaCa has quit IRC (Ping timeout: 260 seconds)
[18:28] *** DaCa has joined #arpnetworks
[18:29] *** j3m has joined #arpnetworks
[18:38] <cedwards> I used MyBB and bbpress
[18:38] <cedwards> don't _love_ either, but they get the job done
[19:14] *** homosaur has quit IRC (Quit: pocketful of goat cheese, ready to party)
[19:25] *** hsbt has quit IRC (Ping timeout: 252 seconds)
[19:32] *** Shazaum has joined #arpnetworks
[19:38] *** trapdoor has quit IRC (Quit: Leaving)
[19:43] *** hsbt has joined #arpnetworks
[20:00] *** aem has joined #arpnetworks
[20:01] <aem> hello
[20:01] <fink> hi aem
[20:01] *** Shazaum has quit IRC (Quit: Saindo)
[20:02] <cedwards> g'nite all
[20:02] <aem> g'night cedwards sleep well
[20:02] <aem> sup fink how are you
[20:03] <fink> aem: ok
[20:30] *** lll_ has joined #arpnetworks
[20:32] *** lll has quit IRC (Remote host closed the connection)
[20:32] *** lll_ is now known as lll
[20:34] *** lll has left 
[20:39] *** lll has joined #arpnetworks
[20:39] *** fink has quit IRC (Ping timeout: 245 seconds)
[20:48] *** fink has joined #arpnetworks
[22:56] *** fink has quit IRC (Quit: fink)