spoon daddy posted:

Started as a question but gently caress it. Unity is the biggest piece of poo poo that hides basic functionality and should be aborted.

effika posted:

Alrighty. Give Cinnamon a try?

Winkle-Daddy posted:

Ugh, hopefully this is the right thread, but I've got an iptables issue that I'm having one hell of a time getting to work right. The scenario is this: I have a bunch of computers on a LAN, and I want these computers to only be able to talk on the LAN except when I ping a specific port (e.g. port knocking).
[...]
I can still ping hosts on the LAN, but I can't ping google:

code:

# ping -c 2 google.com
PING google.com (74.125.227.162) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
^C
--- google.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 5987ms

So far so good. To verify things are working how I want:
[...]
Everything is now flowing over the WAN chain. However...

code:

# ping google.com -c 1
PING google.com (173.194.46.9) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
^C
--- google.com ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 1470ms

telcoM posted:

In your configuration, iptables will not stop your ping command from trying to send the pings; it will just silently eat the outgoing ping messages. The "ping: sendmsg: Operation not permitted" makes me think something else is stopping the ping command from running properly. Perhaps you have SELinux enabled?

If you have SELinux enabled, you should monitor the audit logs (normally at /var/log/audit) when running your ping command. If you can see AVC deny messages regarding "sendmsg" appearing while you're trying to ping, then that's the cause.

Elias_Maluco posted:

For some reason, all of a sudden, my Mint 15 (with KDE) date/time setting went nuts.

I start it and the clock is 3 hours ahead. I correct it and then next time I restart, it is 3 hours ahead again.

What can be happening here?

Elias_Maluco posted:

For some reason, all of a sudden, my Mint 15 (with KDE) date/time setting went nuts.

I start it and the clock is 3 hours ahead. I correct it and then next time I restart, it is 3 hours ahead again.

What can be happening here?

Winkle-Daddy posted:

Experto Crede posted:

Is your BIOS clock set correctly?

Winkle-Daddy posted:

Is ntpd crashing? I had this happen on Fedora 20 for a work computer a while ago, I never did figure it out, so I just added a cron to restart it every hour.

evol262 posted:

You're checking whether the source address (which is almost certainly not 173.194.46.9) is in your list of recents. It isn't. And it's not related or established or in the subnet, and you haven't allowed icmp echo-request or echo-reply, so you're getting blocked when you try to open an icmp socket.

If you want to port knock on output to unspecified, previously unseen hosts (your rules would work fine if you wanted to say "this host from a subnet that's not on 192.168.0.0/24 hit me on UDP 1111, so allow outbound connections to that host", which you can verify by adding a host on another subnet, like 192.168.1.0/24, adding routes, and hpinging 1111), you need knockd. I know this isn't built in and you have to install a package, but it's the appropriate solution.

Or if you can't, you can trivially use the LOG target and --log-prefix='whatever' and watch syslog (or dump iptable logs to their own log) with a long-running (systemd/upstart ideally) script which inserts iptables rules to allow outbound. You could probably do this in 30 lines or less of any language you want.

Elias_Maluco posted:

"Set date and time automatically" is currently off and if I try to turn it on I get this error: "Unable to authenticate/execute the action: 6,"

Elias_Maluco posted:

I think it is (cant reboot now to be sure, but since I didnt touched BIOS settings for many months, I guess it should be?).


"Set date and time automatically" is currently off and if I try to turn it on I get this error: "Unable to authenticate/execute the action: 6,"

Winkle-Daddy posted:

Try running:

code:

service ntpd status

If it's not running, try (as root):

code:

service ntpd start

If your clock is automagically fixed, then try adding a cron to restart ntpd every so often.

evol262 posted:

You may also want to try "ntpdate your.ntp.server" (or 0.fedora.pool.ntp.org or another valid public server). ntpd will refuse to sync in most configurations if the time is really far off.

Elias_Maluco posted:

For some reason, all of a sudden, my Mint 15 (with KDE) date/time setting went nuts.

I start it and the clock is 3 hours ahead. I correct it and then next time I restart, it is 3 hours ahead again.

What can be happening here?

Elias_Maluco posted:

I got "ntpd: unrecognized service".

quote:

I get a "ntpdate[9755]: bind() fails: Permission denied", no matter what server I use.

Longinus00 posted:

Do you dual boot into windows on this machine?

Winkle-Daddy posted:

I think on Ubuntu/Debian (which Mint is based on) it might just be ntp, not ntpd. My bad. You can also see if there's an init script for it (ls -al /etc/init.d/ | grep ntp). If there is one, just do sudo /etc/init.d/<script> restart

Winkle-Daddy posted:

You have to do this as root, ntp runs on a privileged port.

Elias_Maluco posted:

Now it worked, it gave me "timestamp too far in the future: Jun 19 15:59:28 2014" (its 13:00 right now)

Winkle-Daddy posted:

Is ntp running?

code:

ps aux | grep ntp | grep -v grep

If it is, you could try restarting it by sending a SIGHUP to the process ID

code:

ps aux | grep ntp | grep -v grep | awk '{print $2}' | sudo xargs kill -1

If this doesn't help, I won't be of any further help without getting hands on and doing things like rebooting Maybe some smarter goon can do better.

Elias_Maluco posted:

Now it worked, it gave me "timestamp too far in the future: Jun 19 15:59:28 2014" (its 13:00 right now)

evol262 posted:

code:

ps aux | grep [n]tp

prevents grep from showing up in its own list.

Suspicious Dish posted:

I tried looking for you in the Compiz source and got stuck in a maze of twisty plugins, all alike. Sorry.

General_Failure posted:

So you're saying I might have to manually set a virtual desktop?
I'm using lubuntu, and more specifically LXDE. It's a personal choice, not a necessity.

madpanda posted:

This is something stupid and i know it. Main linux pc is running mint 16, chromebook is on chrbuntu who knows what. I can't connect from the chrome book to the mint box via RDP/VNC (using remmina as a client), FTP, or see its exported nfs shares. But i can ping both ways fine. Firewall is not installed in the mint box, hosts.allow and deny are default (no entries).

fletcher posted:

Why can't I run mtr from the network I'm currently on?

code:

fletch@fletch-linuxmint16 ~ $ mtr --report fletchowns.net
Start: Wed Jun 25 18:39:09 2014
HOST: fletch-linuxmint16            Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 10.0.2.2                   0.0%    10    0.2   0.5   0.2   0.7   0.0
  2.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0

Snorri posted:

Stupid question for Ubuntu 12.04 3.5.0-51-generic

So my iptables were all happy campers up until 2 weeks ago when DHCP suddenly kicked the bucket when I let the disk fill up (or at least this is what I assume triggered it). After cleaning up the disk and rebooting DHCP was still dead and my changes to iptables were not taking hold. If I apply iptables changes I lose all networking on this box. A swift reboot will take me back to old firewall rules and a working network. What is my first step in figuring out what is going on here? I get no errors whether or not I apply iptable changes via webmin or via command line iptables-restore.

ZippySLC posted:

Alright, this is definitely a Puppet 101 question, and I am sure that the Puppet docs have an answer for this and I am just dense and can't find it. Also, I hope this is the right thread for this question.

I'm trying to teach myself Puppet, with the goal of managing the VPS I run with it. Additionally, when I get a better grasp on things, I want to deploy it at work. So while my home deployment will be small, I want to learn how to "do it right."

I have a vanilla Puppet server and an agent. Both are managed through Puppet.

Right now, on my agent node, I'm configuring Apache.

I've got code like this in my nodes.pp:

code:

node 'hostname' {
  include 'ntp'
  include 'sudo'
  class { 'vim':
    opt_misc => ['nu','fo=tcq','nocompatible','modeline','tabstop=2','expandtab','softtabstop=2','shiftwidth=2','backspace=indent,eol,start'],
  }
  class { 'apache':
    serveradmin => 'whatever',
  }
  apache::vhost{ 'www.example.com':
    default_vhost   => true,
    docroot         => '/var/www/html/www.example.com',
    logroot         => '/var/log/httpd/www.example.com',
    access_log_file => 'access_log',
    error_log_file  => 'error_log',
    override        => 'all',
  }

  some more vhosts
  ...
}

It seems like best practice is to put all of these configs in some separate directory so I could end up with something like:

code:

node 'hostname' {
  include 'ntp'
  include 'sudo'
  class { 'vim':
    opt_misc => $std_vim_ops
  }
  include 'vhost1'
  include 'vhost2'
}

Now I guess I can make modules for each vhost, but that doesn't seem right. How would I go about doing this? (Bear in mind that my second block of code is just a rough approximation and I don't really know the right way to write out what I want to do.)

Thanks for your patience. I've been searching for answers and not really understanding what I come up with.

Cidrick posted:

Is anyone aware of a way to view the utilization of a remote NFS mount without actually mounting it? showmount only appears to show you what exported volumes are available to be mounted, and things like nfsstat and nfsiostat give all sorts of interesting metrics that don't really help me. A good old "df" will show it, but it requires mounting, which requires root.

Context: I'm trying to find a way for our monitoring environment to query a big NFS appliance that Doesn't Play Nicely With Others so we don't have the normal way of monitoring this stuff (SNMP, ssh, etc) that I would typically use.

jaegerx posted:

Can you install anything on the NFS box at all?

evol262 posted:

Yes, best practice is to break out your configuration into small pieces. And to use classes for your vhosts (potentially with templates). But if you're only managing one how, I wouldn't worry about it too much.

Cidrick posted:

Is anyone aware of a way to view the utilization of a remote NFS mount without actually mounting it? showmount only appears to show you what exported volumes are available to be mounted, and things like nfsstat and nfsiostat give all sorts of interesting metrics that don't really help me. A good old "df" will show it, but it requires mounting, which requires root.

Context: I'm trying to find a way for our monitoring environment to query a big NFS appliance that Doesn't Play Nicely With Others so we don't have the normal way of monitoring this stuff (SNMP, ssh, etc) that I would typically use.

Misogynist posted:

Can you screen-scrape the GUI? It's ghetto as hell, but probably your best bet if you don't have access to run things on the box.