[00:42] loger joined #vserver. [00:54] Nick change: Bertl -> Bertl_zZ [01:01] iceberg (~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) joined #vserver. [01:21] netrose (~john877@CC3-24.171.21.47.charter-stl.com) left irc: Ping timeout: 480 seconds [01:31] click_ (click@gonnamakeyou.com) joined #vserver. [01:33] click (click@gonnamakeyou.com) left irc: Ping timeout: 500 seconds [01:43] say (~say@212.86.243.154) got netsplit. [01:43] _Medivh (ck@62.93.217.199) got netsplit. [01:43] BobR_oO (~georg@149.148.78.13) got netsplit. [01:43] mcp (~hightower@wolk-project.de) got netsplit. [01:43] apw (~apw@212.104.150.41) got netsplit. [01:44] apw (~apw@212.104.150.41) returned to #vserver. [01:44] BobR_oO (~georg@149.148.78.13) returned to #vserver. [01:44] _Medivh (ck@62.93.217.199) returned to #vserver. [01:44] say (~say@212.86.243.154) returned to #vserver. [01:44] mcp (~hightower@wolk-project.de) returned to #vserver. [01:46] iceberg (~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) got netsplit. [01:46] maharaja (maharaja@ipax.tk) got netsplit. [01:46] grepmaster-afk (~chatzilla@66-101-59-73.oplnk.net) got netsplit. [01:46] Bertl_zZ (~herbert@MAIL.13thfloor.at) got netsplit. [01:46] ccooke (~ccooke@80.1.164.238) got netsplit. [01:46] lp (~lpressl@interner.SerNet.DE) got netsplit. [01:46] kestrelw (~athomas@o2rosock0a.optus.net.au) got netsplit. [01:46] serving (~serving@213.186.190.226) got netsplit. [01:47] iceberg (~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) returned to #vserver. [01:47] serving (~serving@213.186.190.226) returned to #vserver. [01:47] kestrelw (~athomas@o2rosock0a.optus.net.au) returned to #vserver. [01:47] maharaja (maharaja@ipax.tk) returned to #vserver. [01:47] lp (~lpressl@interner.SerNet.DE) returned to #vserver. [01:47] grepmaster-afk (~chatzilla@66-101-59-73.oplnk.net) returned to #vserver. [01:47] Bertl_zZ (~herbert@MAIL.13thfloor.at) returned to #vserver. [01:47] ccooke (~ccooke@80.1.164.238) returned to #vserver. [02:14] ccooke (~ccooke@80.1.164.238) got netsplit. [02:14] Bertl_zZ (~herbert@MAIL.13thfloor.at) got netsplit. [02:14] grepmaster-afk (~chatzilla@66-101-59-73.oplnk.net) got netsplit. [02:14] lp (~lpressl@interner.SerNet.DE) got netsplit. [02:14] maharaja (maharaja@ipax.tk) got netsplit. [02:14] iceberg (~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) got netsplit. [02:15] iceberg (~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) returned to #vserver. [02:15] ccooke (~ccooke@80.1.164.238) returned to #vserver. [02:15] Bertl_zZ (~herbert@MAIL.13thfloor.at) returned to #vserver. [02:15] grepmaster-afk (~chatzilla@66-101-59-73.oplnk.net) returned to #vserver. [02:15] lp (~lpressl@interner.SerNet.DE) returned to #vserver. [02:15] maharaja (maharaja@ipax.tk) returned to #vserver. [02:23] lp (~lpressl@interner.SerNet.DE) left irc: Ping timeout: 500 seconds [02:23] lp (~lpressl@interner.SerNet.DE) joined #vserver. [02:34] CosmicRay (~jgoerzen@glockenspiel.complete.org) got netsplit. [02:35] CosmicRay (~jgoerzen@glockenspiel.complete.org) returned to #vserver. [03:12] netrose (~john877@CC3-24.171.21.47.charter-stl.com) joined #vserver. [03:25] Zoiah (Zoiah@matryoshka.zoiah.net) got netsplit. [03:25] MedivhWrk (ck@netops.multimedia-centrum.de) got netsplit. [03:25] MrBawb (abob@swordfish.drown.org) got netsplit. [03:26] MrBawb (abob@swordfish.drown.org) returned to #vserver. [03:26] MedivhWrk (ck@netops.multimedia-centrum.de) returned to #vserver. [03:26] Zoiah (Zoiah@matryoshka.zoiah.net) returned to #vserver. [03:57] serving (~serving@213.186.190.226) got netsplit. [03:57] kestrelw (~athomas@o2rosock0a.optus.net.au) got netsplit. [03:58] kestrelw (~athomas@o2rosock0a.optus.net.au) returned to #vserver. [03:58] serving (~serving@213.186.190.226) returned to #vserver. [04:28] James (~James@ip68-96-180-27.lv.lv.cox.net) joined #vserver. [04:45] allo all [05:03] Nick change: Bertl_zZ -> Bertl [05:04] hi all! [05:22] all says hi' [05:22] well, all, how are you then? [05:23] I am doing well, geting ready to recompile kernel here [05:24] im tired [05:24] so i go to bed [05:24] ;) [05:24] hmm, make it so ... [05:25] second star on the right, and straight on till morning [05:53] and, is the kernel compiled, and ready to run? [05:54] not yet, ran into errors, im doing the 2.4.23 with quotas, and vserver [05:54] and you got errors? [05:55] yuppers, so im starting all over [05:55] hmm, strange ... how do you patch/compile? [05:55] and what compiler are you using? [05:56] gcc [05:56] which version? [05:56] gcc version 2.96 20000731 (Red Hat Linux 7.3 2.96-113) [05:56] that sounds good ... [05:56] how do you patch? [05:57] cat ../patch-2.4.23-vs1.20-q0.12.diff | patch -p1 [05:57] from the linux-2.4.23 dir [05:57] looks good too, but you patched patch-2.4.23-vs1.20.diff before, right? [05:57] yes [05:57] then go into make menuconfig [05:58] and you have a .config from your old kernel? [05:58] enable Persistent Context ID for files [05:58] yupp, its 2.4.18 though [05:58] I would suggest using make oldconfig in this case ... [05:58] you can just copy the .config into the kernel dir, then make oldconfig ... [05:58] correction, i dled the 2.4.22 from soulcorp [05:59] hmm, that is a little overloaded, but if you don't have an old one, it should work ... [05:59] them make dep [05:59] that worked before (running again now) [06:01] make oldconfig had no errors [06:01] the idea behind make oldconfig is, that when you copied an old .config into the kernel dir, it will ask you all the things that changed ... [06:02] it asked nothing [06:02] make bzImage modules (running now) [06:02] did you first copy the 'old' .config in the kernel dir? [06:02] the one that i dled yes [06:02] as .config [06:03] and then did make oldconfig (not make menuconfig before)? [06:03] not sure, starting over again, [06:03] okay listen do the following: [06:04] untaring the file now [06:04] you don't have to scratch everything when you change your config/mind ... [06:05] for example 'make mrproper' will tidy up your kernel tree in any situation ... [06:05] so you don't have to 'repatch' for example ... [06:09] ok, here is my plan, anything wrong with the procedure that you can see? [06:09] tar -xvzf linux-2.4.23.tar.gz [06:09] cd linux-2.4.23 [06:09] cat ../patch-2.4.23-vs1.20.diff | patch -p1 [06:09] cat ../patch-2.4.23-vs1.20-q0.12.diff | patch -p1 [06:09] wget ftp://ftp.solucorp.qc.ca/pub/vserver/config-2.4.22 [06:09] cp config-2.4.22 .config [06:09] make oldconfig [06:10] make menuconfig [06:10] make dep [06:10] make bzImage modules [06:10] make install modules_install [06:11] the make menuconfig isn't required, unless you change your mind after oldconfig, or want to add something, rest looks fine ... [06:11] thought i had to make sure that Persistent Context ID for files was enabled [06:12] the make oldconfig will ask you that, as it is a new option ... [06:12] ok, running now [06:12] but the make menuconfig won't hurt ... [06:13] BIOS Enhanced Disk Drive calls determine boot disk (EXPERIMENTAL) (CONFIG_EDD) [ [06:13] N/y/m/?] (NEW) [06:13] select Y, correct? [06:14] the default is N, I would take it if unsure [06:14] Virtual Root device support (CONFIG_BLK_DEV_VROOT) [N/y/m/?] (NEW) [06:14] i want that one, dont i? [06:14] you probably want that ... so yes [06:15] virtual server support (EXPERIMENTAL) (CONFIG_IP_VS) [N/y/m/?] (NEW) [06:15] same thing, I want that I think [06:15] depends this is not Linux-Vserver this is virtual server ... [06:15] allows you to build a server from many boxes ... [06:16] ah yes, ill want that later, I plan on converting all my servers to a cluster, with failover [06:16] well, it isn't exactly a cluster feature, but it might be handy ... [06:17] AMI MegaRAID2 support (CONFIG_SCSI_MEGARAID2) [N/y/m/?] (NEW) ?? [06:17] never heard of it [06:17] so take the default (N ;) [06:18] appriciate the assist BTW [06:18] you are welcome ... [06:18] Persistent Context ID for files (Disabled, UID32/GID16, UID24/GID24, UID32/GID32) [Disabled] (NEW) [06:18] which one? [06:19] depends on what you prefer .. [06:19] usually UID24/GID24 is the sanest ... [06:19] this uses 24 bit for uid/gid and the upper 8 bit of each for the context ... [06:19] thats what i thought (not that i know any better) :) [06:20] *** End of Linux kernel configuration. [06:20] *** Check the top-level Makefile for additional configuration. [06:20] *** Next, you must run 'make dep'. [06:20] ok, moving on? [06:21] maybe you want to enable quota or something different to the solucorp config ... [06:21] yes, i need quota, howto? [06:21] so yes, you can proceed, but maybe your make menuconfig step is apropriate ... [06:22] just have a look at filesystems .. there should be the quota stuff ... [06:22] make sure to enable the v0 quota format ... [06:22] got iy [06:22] got it [06:22] m * ? shich would be better? [06:23] depends, m = module, * = in kernel ... so now you could remove unused/unwanted stuff too ... [06:23] * it is [06:24] basically something you always need, and never changes, is better selected in the kernel ... [06:24] save it? [06:24] yup! [06:24] don't forget the make dep now ... [06:24] saved, make dep [06:25] make dep running [06:25] you can pipe output to /dev/null or some logfile ... [06:25] if it errors, i will [06:25] like this: make dep >/dev/null ... [06:25] the errors will be written out via stderr ... [06:25] I use the > alot [06:25] and < [06:26] still running [06:27] no errors [06:27] make bzImage modules [06:29] when i get all this to work, im going to post my work as a newbie step by step [06:29] perfect ... [06:29] thats why im docing everything that works. [06:29] Action: MrBawb claps his hands for documentation [06:30] you know, there are several how-to compile the kernel pages on the web, but nothing vserver specific yet ... [06:30] righto, [06:30] while its compiling, is ther a page that explains the options for ULIMIT="-HS -u 1000"? [06:31] basically yes, the 'bash' man page ... [06:31] or help ulimit [06:31] really? thats shy i cant find it, ulimit is a bash func? [06:31] it's a bash internal ... the kernel interface is called get/setrlimit ... [06:31] sorry, i have a cast on my W finger, it keeps hitting the s instead [06:32] don't sorry ;) [06:34] ok, how about S_CAPS=" ? is ther e list of the other options, besides "CAP_NET_RAW" [06:34] yup, you can find them with man capabilities (if your distro has this man page) [06:35] or in the include file /usr/include/linux/capability.h [06:35] man capabilities [06:35] No manual entry for capabilities [06:35] foung the /usr/include/linux/capability.h [06:35] found [06:36] still compiling, this is longer than before [06:39] hmm, man reducecap seems to show the caps too ... [06:39] (this is a vserver tool, by the way ;) [06:40] that worked [06:40] CAP_SYS_NICE looks interesting [06:42] still going [06:42] you know what the capability system is? [06:42] not well enough to define it. [06:43] serving (~serving@213.186.190.226) left irc: Ping timeout: 500 seconds [06:43] allo? [06:44] ah, i misread the msg, i though server quit, its says serving quit [06:45] http://www.linuxsecurity.com/feature_stories/kernel-24-security.html [06:46] is this to be worried about? [06:46] make[1]: Entering directory `/root/james/vserver/1.2/linux-2.4.23/arch/i386/lib' [06:46] make[1]: Nothing to be done for `modules'. [06:46] make[1]: Leaving directory `/root/james/vserver/1.2/linux-2.4.23/arch/i386/lib' [06:46] nope, you seem not to have selected any modules ... [06:47] ok [06:47] make install ? [06:47] or just copy the kernel in the right place ... [06:47] what bootloader are you using? [06:47] lilo, i know that part [06:48] okay, basically you need to copy the kernel (which is in arch/i386/boot/bzImage) to /boot/vmlinuz-2.4.23-vs1.20 (for example) [06:48] vmlinuz-2.4.23-vs1.20 [06:49] and the System.map (which is in the kernel dir) to the same location with System.map-2.4.23-vs1.20 [06:49] then configure lilo and rerun ... [06:49] got it, now mkinitrd? [06:49] do you need one? [06:50] there is not one [06:50] well, as you do not seem to have modules, do you use lvm? [06:50] not that i know of [06:51] hehe, okay lvm is a logical volume manager, which would require an initial rd ... [06:51] so basically I would suggest not to specify any initrd in the lilo config at all .. [06:51] ah [06:52] unless you have any specific reason to do so ... (like booting from a partition which cannot be reached without activating some tools first) [06:53] default=vserver-1.20 [06:53] image=/boot/vmlinuz-2.4.23-vs1.20 [06:53] label=vserver-1.20 [06:53] read-only [06:53] root=/dev/sda1 [06:53] looks ok to you? [06:54] ( i run devel servers under vmwre on my laptop) sda is correct [06:54] I hope you kept the old config/kernel too .. otherwise ... [06:54] natch [06:54] rebooting [06:54] (ran lilo) [06:56] shoot, kernel panic [06:56] okay, what message? [06:56] cannot open root device [06:57] so /dev/sda1 could not be found ... [06:57] rebooting to old [06:57] probably your 'scsi' driver isn't compiled in ... [06:58] most likely. [07:00] this is inside vmware? [07:00] yuppers [07:00] what scsi hardware do they emulate? [07:00] dont know, have to look it up [07:01] hmm, probably cat /proc/scsi/scsi will give you some hints ... [07:01] be there in a min, rebooting again [07:02] you ever use vmware? [07:02] nope .. don't like that proprietary crap ;) [07:03] for devel it works good (course my work paid for it, so i dont mind) [07:03] I use QEMU for development ... makes it very easy ... [07:04] QEMU? [07:04] http://fabrice.bellard.free.fr/qemu/ [07:05] cute, i bookmarked it [07:05] cat /proc/scsi/scsi [07:05] Attached devices: [07:05] Host: scsi0 Channel: 00 Id: 00 Lun: 00 [07:05] Vendor: VMware, Model: VMware Virtual S Rev: 1.0 [07:05] Type: Direct-Access ANSI SCSI revision: 02 [07:05] Host: scsi0 Channel: 00 Id: 01 Lun: 00 [07:05] Vendor: VMware, Model: VMware Virtual S Rev: 1.0 [07:05] Type: Direct-Access ANSI SCSI revision: 02 [07:05] [root@localhost boot]# [07:06] hmm, maybe you need a special vmware driver for that? [07:07] you think enabling SCSI generic support will do it? [07:07] probably not ... [07:07] can't you just emulate an ide disk? [07:09] only if i rebuild it on a new partition [07:10] hmm ... okay what kernel is currently running on that emulation? [07:10] booting [07:10] 2.4.33 [07:10] 22 [07:10] modules? (lsmod) [07:11] Module Size Used by Not tainted [07:11] autofs 12244 0 (autoclean) (unused) [07:11] apm 12008 1 [07:11] pcnet32 16544 1 [07:11] mii 3720 0 [pcnet32] [07:11] crc32 3680 0 [pcnet32] [07:11] serial 51780 0 (autoclean) [07:11] ide-cd 33376 0 (autoclean) [07:11] cdrom 31040 0 (autoclean) [ide-cd] [07:11] rtc 7996 0 (autoclean) [07:11] BusLogic 93724 2 [07:12] the BusLogic seems to be the scsi driver emultaed ... [07:12] check dmesg for that ... [07:13] scsi0: *** BusLogic BT-958 Initialized Successfully *** [07:13] scsi0 : BusLogic BT-958 [07:13] Vendor: VMware, Model: VMware Virtual S Rev: 1.0 [07:13] Type: Direct-Access ANSI SCSI revision: 02 [07:13] Vendor: VMware, Model: VMware Virtual S Rev: 1.0 [07:13] Type: Direct-Access ANSI SCSI revision: 02 [07:13] you got it [07:13] I mean the driver for the emaulted scsi hardware ... yup ... [07:13] recompile? [07:14] make menuconfig .. [07:14] add the scsi stuff/driver for bus logic ... [07:14] (in kernel support for driver and scsi disk) [07:14] then make bzImage ... [07:15] ok, what cat is it in? [07:16] found it [07:19] copied it over, rebooting [07:20] found the scsi, still booting [07:20] (your teaching me alot, thanks, im mostly self taught so far) [07:21] as I said, no problem ... I expect you to write the promised howto though ... [07:21] ok, now i need to get the nic card into it :) [07:21] same procedure than every year, james (sorry ;) [07:22] definatly will do [07:22] booting to old kernel... [07:22] probably it's a ne2000 which is emulated ;) [07:23] nope, its a pcnet32 (as listed above) [07:26] found it, make bzImage again [07:27] i wont have to do this on the real devel server, but its nice to learn anyway [07:27] rebooting [07:29] well, you'll play around a little, I'll go to bed now ... [07:29] have a nice whatever, everyone ... [07:30] have a good, and thanks [07:30] Nick change: Bertl -> Bertl_zZ [08:10] iceberg (~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) left #vserver. [08:37] serving (~serving@213.186.190.226) joined #vserver. [08:55] mcp (~hightower@wolk-project.de) left irc: Ping timeout: 499 seconds [09:30] Zoiah (Zoiah@matryoshka.zoiah.net) got netsplit. [09:30] MedivhWrk (ck@netops.multimedia-centrum.de) got netsplit. [09:30] MrBawb (abob@swordfish.drown.org) got netsplit. [09:31] MrBawb (abob@swordfish.drown.org) returned to #vserver. [09:31] MedivhWrk (ck@netops.multimedia-centrum.de) returned to #vserver. [09:31] Zoiah (Zoiah@matryoshka.zoiah.net) returned to #vserver. [09:56] iceberg_ (~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) joined #vserver. [09:56] iceberg_ (~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) left #vserver. [11:55] hello? [12:58] mcp (~hightower@wolk-project.de) joined #vserver. [12:58] iceberg_ (~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) joined #vserver. [12:59] iceberg_ (~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) left #vserver. [13:33] serving (~serving@213.186.190.226) left irc: Ping timeout: 483 seconds [14:26] minus273 (~minus273@minus273.mnet.bg) joined #vserver. [14:26] hello, guyz [14:37] JonB (~jon@129.142.112.33) joined #vserver. [14:54] minus273 (~minus273@minus273.mnet.bg) left irc: Quit: Leaving [14:55] kestrel (~athomas@dialup51.optus.net.au) joined #vserver. [15:03] hello [15:03] hey [15:03] hi jon, how are you? [15:04] tired, i was at my works xmas party last night [15:04] ah [15:04] seems to be a bit of that going around [15:05] well, it is december [15:06] yes, yes it is [15:07] which also means that this semesters projects are soon due [15:07] iceberg_ (~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) joined #vserver. [15:08] iceberg_ (~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) left irc: Read error: Connection reset by peer [15:22] James (~James@ip68-96-180-27.lv.lv.cox.net) left irc: Ping timeout: 485 seconds [15:25] serving (~serving@213.186.189.246) joined #vserver. [15:43] maharaja (maharaja@ipax.tk) got netsplit. [15:43] grepmaster-afk (~chatzilla@66-101-59-73.oplnk.net) got netsplit. [15:43] Bertl_zZ (~herbert@MAIL.13thfloor.at) got netsplit. [15:43] ccooke (~ccooke@80.1.164.238) got netsplit. [15:44] ccooke (~ccooke@80.1.164.238) returned to #vserver. [15:44] Bertl_zZ (~herbert@MAIL.13thfloor.at) returned to #vserver. [15:44] grepmaster-afk (~chatzilla@66-101-59-73.oplnk.net) returned to #vserver. [15:44] maharaja (maharaja@ipax.tk) returned to #vserver. [16:29] cw (~cw@pD958DDD1.dip.t-dialin.net) joined #vserver. [16:29] Nick change: Bertl_zZ -> Bertl [16:30] hi all! [16:30] hello [16:32] does anyone know if there are debian-packages of util-vserver (0.26) or the vserver tools (0.28) anywhere? [16:32] the debian maintainer for vserver is Ola Lundquist ... IIRC ... [16:33] i know, but i can't find anything on his site [16:33] a search via google for debian and vserver or in the docu on linux-vserver.org doesn't reveal anything? [16:34] nope, the latest version in sid/unstable is 0.26-2 of the vserver tools [16:34] but that version won't work with vs1.20 i think [16:34] if it is vserver,no, if it is util-vserver yes ... [16:35] its the original vserver tools, afaik [16:35] i did not see a debian-ized version of util-vserver anywhere yet [16:35] cw: create a util-vserver package ? [16:36] i guess it's quite a lot of work, i never created a package myself, just done a few backports [16:36] checkinstall [16:36] download the source [16:36] ./configure [16:36] make [16:36] checkinstall [16:36] and you have your .deb package [16:36] did you check apt-get.org for such a package? [16:37] Package search results: [16:37] 0 sites and 0 packages matched. [16:37] make your own [16:37] well if its that easy, it's no problem [16:37] apt-get install checkinstall [16:38] download the source [16:38] ./configure [16:38] make [16:38] checkinstall [16:38] but aren't there any more differences? my vservers live in /var/lib/vservers for example [16:40] ./configure --help [16:41] ok, last time i checked it wasn't possible to set the vserver root... if it's possible now, fine :) [16:41] Zoiah (Zoiah@matryoshka.zoiah.net) got netsplit. [16:41] MedivhWrk (ck@netops.multimedia-centrum.de) got netsplit. [16:41] MrBawb (abob@swordfish.drown.org) got netsplit. [16:42] i dont know if it is [16:42] MrBawb (abob@swordfish.drown.org) returned to #vserver. [16:42] MedivhWrk (ck@netops.multimedia-centrum.de) returned to #vserver. [16:42] Zoiah (Zoiah@matryoshka.zoiah.net) returned to #vserver. [16:42] well, util-vserver always had this feature ... [16:43] (changing the vserver root) [16:51] JonB (~jon@129.142.112.33) left irc: Ping timeout: 485 seconds [16:55] JonB (~jon@129.142.112.33) joined #vserver. [16:59] well, util-vserver always had this feature ... was the last i could see [16:59] hmm one line followed ... [17:00] 14:44 < Bertl> (changing the vserver root) [17:00] okay [17:11] PowerMage (~fleshcraw@port-212-202-15-243.reverse.qsc.de) joined #vserver. [17:11] hi fleshcrawler! [17:12] howdy [17:12] Nick change: PowerMage -> fleshcrawler [17:12] how is the music? [17:12] great! [17:12] we had another gig 3 weeks ago and people were crazy! [17:13] cool, so what brings you here? [17:14] Do you know a good place to go and ask some questions and get information if you got a compromised system? [17:14] what sort of compromised system [17:14] It was a dedicated debian server. [17:14] running inside a vserver ? [17:15] nono... [17:15] has nothing to do with vserver [17:15] well, why not run it inside a vserver ? [17:16] it's not my server. a friend just let me take a look on it... I gave him lots of advices ;-) [17:16] okay [17:16] the poor guy ;) [17:16] first of all he needs to figure out how they came in [17:16] then he needs to reinstall [17:16] var/log was completely deleted [17:16] bash_history was linked to /dev/null [17:17] I found a kernel hack in /tmp and a tuxkit in / [17:17] what about entries in xinetd/inetd ... [17:18] Hmmm... those files were not modifyed by the time of the compromise but I take a look. [17:18] HA [17:18] you wouldnt know [17:18] touch [17:18] or a kernel module [17:19] that can set the time of files [17:19] yes. but all other files that were modified had a timestamp of 1st dec [17:19] maybe it was a worm. I had one a year ago, too. [17:20] i wouldnt trust it [17:21] If it was a person I wonder why he didn't remove the rootkit sources and the kernel hack. [17:21] there were a couple of new users added. [17:21] hmm, script kiddies ... [17:22] Bertl: or to make you think that [17:22] ther kernel exploit is hatorihanzo.c with a do_brk vma overflow. [17:22] also I found some libs linked by the new users. [17:22] yeah yeah thats, fine, so they gained root access [17:22] but how did they come in ? [17:23] couldn't figuer out. He ran lots of services... rpc, etc... no firewall. and shoutcast. [17:23] hmm, http://www.web-hack.ru/exploit/exploit.php?go=108 [17:24] that's it [17:24] fleshcrawler: well, it [17:25] it's not of much usage if he doesnt close the hole that let them in in the first place [17:25] yeah. i know. a reinstall won't help much. [17:27] if he does [17:27] do it in a vserver [17:27] on a kernel with no root exploits [17:28] and find out how they got in [17:30] looks like shoutcast [17:30] atleast I found some reports on bufferoverflows on that version. [17:34] okay [17:40] maybe I got something. The logs of shoutcast are not removed and if there was truly a compromise I might find some evidence. [17:40] maybe [17:41] this is all so exciting! [17:41] remember to wear gloves when dealing with infected hosts [17:41] I know. [18:24] iceberg_ (~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) joined #vserver. [18:24] iceberg_ (~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) left #vserver. [19:07] Nick change: BobR_oO -> BobR [19:07] hi BobR! [19:08] Hi! [19:09] HERZOGLEER? [19:09] yup ... [19:16] is there a util-vserver that supports vkill yet? [19:16] I don't think so ... enrico was willing, but savannah down ... [19:17] yeah [19:17] but you can compile this tool yourself ... [19:17] yeah [19:17] i'm just gonna do that [19:17] no ml updates for 1.2? :) [19:17] how are you, by the way ... havent heard from you for a while ... [19:17] just busy, holiday season and lots of support to be done with work... [19:17] not yet ... there will be, but I have to change some things ... [19:18] next devel release has the codename 'Revolutions' ... ;) [19:18] oh yeah? [19:18] whats going to be new? :) [19:18] hmm, basically the vserver core ... [19:18] how so? [19:19] separate process space? [19:19] I'm adapting the stuff for 2.4/2.6 usage ... [19:20] regarding the lockups you reported, do you have some kind of list, where the versions (kernel/patches) and the system configurations are given? [19:20] it's all random [19:20] i tried with 2.4.22-vs1.00 [19:20] and just vr/dl added in... [19:20] and it stil locked [19:21] i'm just going to 1.2 now [19:21] and see how it goes [19:21] i really don't have much time to tinker lately [19:21] i was on un-employment before, but now this has to be my bread :) [19:21] this will be interesting ... I would like you to add a script to the cron tab ... if you test it ... to capture some information ... [19:21] i could do that [19:22] I had a similar lockup, but after 14 days ... so it's not really reproducible ... [19:22] hrm [19:22] do you have a non-split 1.2 file and qh/dl [19:23] i have an error trying to do the first patch [19:23] The text leading up to this was: [19:23] -------------------------- [19:23] |diff -NurpP --minimal linux-2.4.23/arch/i386/kernel/ptrace.c linux-2.4.23-vs1.20-base/arch/i386/kernel/ptrace.c [19:23] |--- linux-2.4.23/arch/i386/kernel/ptrace.c Sat Aug 3 02:39:42 2002 [19:23] |+++ linux-2.4.23-vs1.20-base/arch/i386/kernel/ptrace.c Thu Dec 4 19:36:23 2003 [19:23] -------------------------- [19:23] File to patch: [19:23] [root@vps3 linux-2.4.23-vs1.2]# ls -al arch/i386/kernel/ptrace.c [19:23] ls: arch/i386/kernel/ptrace.c: No such file or directory [19:23] i guess that explains it [19:24] # ls -la arch/i386/kernel/ptrace.c [19:24] -rw-r--r-- 1 573 573 10845 Aug 3 2002 arch/i386/kernel/ptrace.c [19:24] original vanilla kernel source ... [19:25] right [19:25] hrm.. same here [19:25] from kernel.org as of a few mins ago.. [19:25] mmh, maybe I misinterpreted you, but ...? [19:26] [root@vps3 src]# md5sum linux-2.4.23.tar.bz2 [19:26] 642af5ab5e1fc63685fde85e9ae601e4 linux-2.4.23.tar.bz2 [19:26] i just downloaded linux-2.4.23.tar.bz2 from kernel.org a few minutes ago [19:26] 642af5ab5e1fc63685fde85e9ae601e4 ../../linux-2.4.23.tar.bz2 [19:27] and I asked if you have a non-split patch of 1.20 :) [19:27] yes, it is on the release page ... [19:27] http://www.13thfloor.at/vserver/s_release/v1.20/patch-2.4.23-vs1.20.diff.bz2 for example ... [19:28] but it will patch the same files, as the split-outs ... [19:29] ah, found it [19:29] got confused [19:29] well, you got me confused too ... [19:45] [19:52] BobR (~georg@149.148.78.13) left irc: Quit: leaving [19:57] BobR (~georg@MAIL.13thfloor.at) joined #vserver. [19:58] BobR (~georg@MAIL.13thfloor.at) left irc: Client Quit [19:58] BobR (~georg@MAIL.13thfloor.at) joined #vserver. [20:02] fleshcrawler (~fleshcraw@port-212-202-15-243.reverse.qsc.de) left irc: [20:06] does anyone read Czech ? [20:52] netrose (~john877@CC3-24.171.21.47.charter-stl.com) left irc: Ping timeout: 480 seconds [21:15] shuri (~ipv6@cpu183.adsl.qc.bellglobal.com) joined #vserver. [21:16] hi shuri! [21:18] wasn't 1.2 supposed to have per-vserver uptime ? [21:21] hi hwew [21:21] hi Bertl [21:22] yup it was, but I had a few reports stating that something didn't work ... [21:42] iceberg_ (~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) joined #vserver. [21:42] iceberg_ (~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) left #vserver. [21:45] and as nobody was able to test the 'tools' which reproted strange Hz values .. I decided to remove it from the stable ... [22:44] netrose (~john877@CC3-24.171.21.47.charter-stl.com) joined #vserver. [23:19] shuri (~ipv6@cpu183.adsl.qc.bellglobal.com) left irc: Ping timeout: 485 seconds [23:20] shuri (~ipv6@cpu183.adsl.qc.bellglobal.com) joined #vserver. [23:46] CJDeCKeR (Dreams@216.113.62.211) joined #vserver. [23:46] hey hi :) [23:46] Nick change: CJDeCKeR -> Cmaj [23:50] BobR (~georg@MAIL.13thfloor.at) left #vserver. [00:00] --- Mon Dec 8 2003