=== thumper-gym is now known as thumper
ankraftI am unfamiliar with the process, how is Canonical able to provide timely security patches to all the packages in the system (tens of thousands)?00:33
sarnoldankraft: canonical provides security updates for packages that are located in the 'main' pocket of the archive; we rely upon community members to prepare and test patches for packages in the 'universe' pocket: https://wiki.ubuntu.com/SecurityTeam/FAQ00:37
sarnoldankraft: every weekly security team meeting we highlight several packages in universe that need attention, e.g. https://wiki.ubuntu.com/MeetingLogs/Security/2014030300:39
sarnoldankraft: sometimes we can simply roll forward an update from debian, those show up as 'sync match' on this chart: http://people.canonical.com/~ubuntu-security/d2u/00:40
ankraftthanks! I can't seem to find the list of packages in a release's main (my google skills appear to be broken atm). Where is the list located?00:42
sarnoldhrm, good question.00:43
sarnold(in general if it is on a disc it should be in main. i'll go hunting around to see if I can find a full list.. we use a tool that's not packaged and not really convenient for users when determining if a package is in main or universe)00:43
sarnoldankraft: aha! found it. try: apt-cache madison apt00:52
sarnoldankraft: compare against apt-cache madison rxvt-unicode00:52
sarnoldit's not exactly a list, but it is convenient enough, and can be scripted around dpkg -l or apt-cache pkgnames00:53
ankraftthere appears to be quite a few packages in main. Still seems like a massive effort to keep them in check. How large is Canonical's team to maintain all the packages?00:57
axisystftp Transfer timeout .. tcpdump does not show any reply on udp port 69 .. tftpd-hpa server not seeing any log.. no firewall on01:00
axisysnc -u -l 69 and from client tftp; get foo shows logs.. so networ is OK01:00
axisystcpdump on the server only pkts coming in.. nothing going out01:01
sarnoldankraft: there are seven of us on the security team; one handles web browser things nearly full time, three handle apparmor things nearly full time, the rest handle updates, auditing, other platform security improvements, etc01:03
ankraftsarnold: interesting. Do you know if Debian has a full time security team or do they strictly rely on community support?01:06
sarnoldankraft: good question, I've never asked. those guys are productive enough I suspect that at least one or two of them must do some of their duties at an employer01:07
ankraftsarnold: so it is pretty silo'd then between debian and ubuntu teams for security patches (other than the sync match you pointed out earlier). Or is there a lot of overlap and working together on issues?01:10
sarnoldankraft: if debian has prepared a patch before we have, we can often use their work for our packages; likewise, if we prepare a patch before they do, they can often use our patches. And we double-check each other's triaging efforts, which is very convenient because the archives are -huge- and sometimes a package that contains duplicated code is overlooked in one or the other place01:12
jjohansensarnold, ankraft: that is selling short the kernel side. We have three members of the kernel team dedicated to doing stable kernel updates, and since most stable kernel updates involve security fixes we get a lot of work from them01:35
sarnoldjjohansen: oh! yes, indeed I had overloooked the kernel more or less completely.01:36
densinI would like to ask . I add secound interface eth1  which not same network and gateway with eth0.03:26
densinadd in /etc/network/interfaces .03:27
densininterface up .  ping gateway2 is ok ... but route not show03:27
densinanyway to check ?03:29
PryMar56densin, port_forwarding enabled?03:29
PryMar56sysctl -p03:30
densinno ,I not mean to do fw or proxy ..   I have separate service bind diffrent  interface03:31
densindo I need to route add gw manualy with diffent metric  ?03:32
densinamm not work03:43
=== Ser|Away is now known as Sereil
=== Sereil is now known as Ser|Away
=== soren_ is now known as soren
=== a1berto_ is now known as a1berto
=== ogra_` is now known as ogra
=== hachre_ is now known as hachre
=== dcmorton_ is now known as dcmorton
=== jrgifford_ is now known as jrgifford
=== Sprockt is now known as Sprocks
=== Seveaz is now known as Seveas
=== fhd_ is now known as fhd
=== ValicekB_ is now known as ValicekB
moparisthebesthi, I'm trying to implement pam_google_authenticator into my server, but i'm not sure the *correct* pam configuration file to place it in12:49
moparisthebestI think it'd be either common-auth or common-account, though both seem included everywhere one is included12:49
moparisthebestso maybe it doesn't matter?12:49
moparisthebestanyhow, I'd like it to be used everywhere a normal password would be otherwise, at the console, ssh, sudo, su, and with it in common-auth it is12:50
moparisthebestI just don't want it to block non-interactive things, cron, I see one for dovecot, etc etc, any ideas?12:50
jamescarris the GNUTILS bug patched in ubuntu 12.10?12:56
Patrickdkor well, is 12.10 even supported?13:03
Patrickdkapril 2014, so yes, you just bearly made it13:04
jamescarrhow ironic. I am doing distro upgrades this week13:04
jamescarrand GNUTLS bug comes along13:04
Patrickdkwell, your still kindof out of luck13:04
Patrickdkit was 13.04 they made the change in13:04
Patrickdkand 13.04 is eol, so no fix there13:05
jamescarr13.10 still uses the 2.12?13:05
jamescarrλ ~ → dpkg -s libgnutls-openssl2713:06
jamescarrVersion: 2.12.23-1ubuntu413:06
Patrickdkyou really don't understand distros do you13:07
jamescarrI do... 2.12 is considered stable ain't it13:07
Patrickdkwhat does the version have to do with anything?13:07
jamescarr2.12.x has a nasty certificate exploit13:08
Patrickdksays who?13:08
Patrickdklets see here13:09
Patrickdkaccording to that,      libgnutls26 2.12.23-1ubuntu4.2 doesn't13:09
Patrickdkplease do note13:09
Patrickdkthese are UBUNTU versions, not gnutls versions13:09
Patrickdkso using gnutls documentation about exploits is pointless13:10
=== smoser` is now known as smoser
jamescarrha thank you ;)13:10
jamescarrand our nodes already have that version to13:11
=== RoyK^ is now known as RoyK
=== Pici` is now known as Pici
GeekDudeI'm thinking of getting a graphical environment for my home server. I want something lightweight, so I was thinking lxde, especially because I have experience with it on my raspberry pi. Would you recommend something else? Or something more server-oriented?14:57
cfhowlettGeekDude, lxde or xfce are the ones I have experience with.  both lightweights14:57
GeekDudewould you recommend one over the other?14:58
cfhowlettGeekDude, pretty much the same look/feel as far as I'm concerned.  Note: xfce is the basis for xubuntu AND ubuntustudio FWIIW14:59
GeekDudecfhowlett: From what I've read, xfce is only slightly heavier, but with greatly increased configurability/useability15:01
geniiGeekDude: Did you need a full suite of apps or are you just going to be using 2-3 things all the time?15:01
genii( because even lighter is something more basic like twm then you run your app from an xterm)15:02
GeekDudegenii: Probably just a web browser, maybe MC if I can get it to install (My box has an agp port, and I just found an agp gfx card, wanna test it)15:02
GeekDudeI need to be able to test the webserver(s) locally, and lynx just won't cut it15:02
geniiGeekDude: Alternately, install xvfb and then run X over ssh to your regular box.15:04
GeekDudeWouldn't just installing XAuth work?15:05
geniiGeekDude: xvfb is good for testing because it installs minimal X, also you can tell it to use different resolutions and grab a screenshot, etc15:06
GeekDudeI think I'm gonna try out xfce15:07
jamescarrcan someone clear up for me the gnutls bug? Does it effect my servers that serve up ssl certs or client apps that connect over ssl?15:08
jamescarrall the articles on it basically just say "your gonna die if you don't patch it!"15:08
spidernik84hi there! Question about the new dns configuration in 12.04: I know we're supposed to specify the dns servers in the interfaces file, but what if we have multiple bridges (on a kvm host in this case). Do we need to put the dns-nameservers line in each interface stanza?15:27
spidernik84stgraber, I'm sure you're the most suitable person to answer this :)15:27
mardraumyour host doesn't need to lookup dns on the bridge15:27
spidernik84thanks. So the bond would be enough15:28
mardraumif that's your default gateway for the host, yes15:29
spidernik84it is. I thought the dns was setup systemwide15:30
jrwrenit is.15:30
jrwrenall that happens is ifup eventually calls resolfconf <interfacename> and passes the nameserver config to it.15:30
jrwrenassuming you are using resolvconf15:30
spidernik84yes, resolvconf. Thanks15:32
DelemasI'm trying to get an enterprise to support running their products on Ubuntu. Do we have any good sourced data on enterprise server use of Ubuntu vs other distributions (RHEL for example)? I'm looking for percentages or a graph etc.15:34
GeekDude:D Just got ICS working between my server and my laptop, with the Win7 laptop as the host15:37
GeekDudehmm. Trying to set the DNS server, and resolv.conf says not to edit it by hand15:39
spidernik84GeekDude, https://help.ubuntu.com/12.04/serverguide/network-configuration.html#name-resolution15:39
JanCDelemas: there used to be something like that15:40
GeekDudeah, thanks15:40
DelemasI just found this which might be good enough: http://w3techs.com/technologies/details/os-linux/all/all15:40
DelemasIt is all web servers vs. enterprise use though...15:40
GeekDudespidernik84: Thanks. DNS is working now15:41
GeekDudeUuh, am I missing something, or can I not just do apt-get install xfce16:04
GeekDudeapt-get install xfce4?16:05
GeekDudeWhy is my terminal only 36 lines tall, when the current screen resolution is 1600x1200? It only takes up 1/4 of the space in the top left corner16:08
geniiGeekDude: Yes, xfce4 for just the desktop16:09
GeekDudeoh, nvm. I'm an idiot.16:10
GeekDudeIt's only taking up that much space because I have an s-video cable plugged into my graphics card16:10
GeekDudeIt's showing hi-res in a small area of the screen, as opposed to low res16:11
densinhi all.16:22
densinhow to enable ubuntu (ipv4) can communicate with ipv6 .   I seem my ubuntu can't ping  ipv6.google.com.16:23
densinor event lookup IP16:23
paco11hi folks16:35
paco11I'm running 12.04.4 x64. i'm testing the openldap server with JMeter. i added "session required        pam_limits.so" in /etc/pam.d/common-session. i added "* hard  nofile  65000 | root  hard  nofile  65000 | openldap  hard  nofile  65000" in /etc/security/limits.conf. i added "fs.file-max = 65536" in /etc/sysctl.conf. With all these configurations, i follow to have "Too Many Open files" with cat /proc/sys/fs/file-nr > 169606553616:44
metasansanaso what's the future of upstart?16:49
ogrametasansana, whatever you make of it :)17:04
_root_hello guys17:18
* _root_ asks for help on the subject http://askubuntu.com/questions/429743/setting-max-connections-in-mysql-server-globally17:18
ubottuPlease don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience17:19
RoyK_root_: isn't that just setting max_connections?17:22
_root_RoyK, I don't know nothing about this; If you know plz explain m8.17:23
RoyKjust set max_connections in my.cnf to whatever max you want17:23
RoyK_root_: mysql> show variables like 'max_connections';17:23
RoyKthat'll show the current17:24
_root_RoyK, How to force mysql to create only 3 process for example17:26
avid_fanQuestion: Anyone know how to choose a different typeface for the console?17:26
RoyK_root_: why?17:26
_root_RoyK, Look at the Q? my sql on the new Server install creates 20 processes and eats 50% of memory17:27
RoyK_root_: innodb and myisam have different tuning parameters for the number of threads to be started17:27
RoyK_root_: google a bit about mysql tuning. btw - how much memory is in this machine?17:27
_root_RoyK, innodb myisam?17:27
_root_RoyK, 1GB17:27
RoyK_root_: not a whole lot17:28
RoyK_root_: better tune down memory use for mysql17:28
_root_RoyK, It is a VPS not a DS17:28
RoyK(but what's DS?)17:29
_root_RoyK, that's what I am asking. HOW to tell mysql to create for example 5 processes instead of 20. (DS = dedicated Server)17:29
RoyKit doesn't matter how many processess it starts17:30
_root_RoyK, nd this is the first time II have this problem.17:30
RoyKit matters how much memory it uses17:30
RoyK_root_: how big is the database?17:30
_root_RoyK, yes; I agree with you.17:30
_root_RoyK, it is not big at all. it is a fresh install. I don't even have a database in my sql right now17:31
GeekDudeDoes ubuntu server come with sound drivers? Or do I need to install alsa or someting17:31
RoyK_root_: pastebin "ps axfv" output17:31
RoyK!pastebin | _root_17:31
ubottu_root_: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.17:31
_root_GeekDude, I install 12.04.4 LTS yesterday and I was installed by default17:32
_root_maybe install an alsamixer?17:32
GeekDudealsamixer fails unless run as root?17:34
GeekDudehmm... xfce added a neat background to grub it seems17:36
=== tyhicks` is now known as tyhicks
GeekDudeah. Sounds only work as root17:41
GeekDudedo I need to add myself to some user group or something?17:41
qman__GeekDude: audio17:43
GeekDudesudo adduser me audio17:43
qman__then log out and back in17:45
=== matsubara is now known as matsubara-lunch
GeekDudeGreat, it works. Thanks!17:47
* GeekDude watches youtube 17:47
RoyK_root_: did you pastebin that?17:50
_root_RoyK, it is something wrong. I can't even VNC to it now? I am trying wait17:55
_root_RoyK, 76% memory; No wonder I can't Vnc18:00
RoyK_root_: ps axfv|pastebinit18:01
_root_RoyK, http://paste.ubuntu.com/7039765/18:01
RoyK_root_: and free?18:02
RoyK_root_: not a whole lot of real memory used there18:02
_root_RoyK, What o you mean; So why 75% memory?18:06
_root_RoyK, http://paste.ubuntu.com/7039792/   it is after a reboot18:07
RoyK_root_: did you pastebin output of 'free'?18:12
_root_RoyK, http://paste.ubuntu.com/7039840/18:14
RoyK_root_: that tells you you're using about 100MB of RAM18:19
RoyKthe rest is buffers/cache18:19
RoyKthe first row of "used" will climb18:19
RoyKbecause that includes what's used for buffers/cache18:19
RoyKthat memory will be released if needed18:20
_root_RoyK, So did i go under attack of some kind? it was 75% about a minute ago18:20
RoyKdoubt it18:21
RoyKdid you check the -/+ buffers/cache: row?18:21
RoyK_root_: also, if you're afraid of being attacked, make sure to enable ufw. "ufw allow ssh && ufw enable"18:22
RoyKperhaps "ufw status" first to check if it's enabled already18:22
_root_RoyK, inactive18:24
RoyKthen enable it18:24
RoyKit's easy and secure18:24
RoyKjust make sure to open for stuff you need from the outside, like http18:24
RoyKand make sure you allow ssh before you enable it18:25
_root_RoyK, Thank m8; really Helped18:26
* _root_ gives RoyK +118:26
RoyK_root_: now, by default, your vm will only be accessible by ssh, ufw allow http etc will open up18:27
RoyKman ufw for more info18:27
_root_RoyK, T H A N K Y o U man18:30
RoyKnp :)18:30
=== Logan_ is now known as Logan-
=== rcsheets_ is now known as rcsheets
RoyK_root_: run som tests with mysql/apache and check "free" output again, and you'll see that the amount of "free" memory drastically decreases, which is fine, since it's used for caching ;)18:42
_root_RoyK, So what you are saying ; Is that the web server and mysql claim the memory but not use it. and if the load added to them they use what they graped before18:44
RoyKno, I'm saying they don't, but that linux probably uses the memory for caching18:44
RoyK_root_: let it run for some time, do some tests, don't reboot, and post ps axfv; free etc18:45
=== Logan- is now known as Logan_
=== marlinc_ is now known as Marlinc
=== matsubara-lunch is now known as matsubara
jamespagesmb, ping me tomorrow and well sort iscsitarget once and for all :-)20:40
iTraceI own this server and I have two apps in two seperate directories on the server. Can i have the apps accessible via a single domain?20:48
zenadm1nHas anyone here done a Ubuntu install from HP ILO?21:02
bekkszenadm1n: Why?21:03
bekks!anyone | zenadm1n21:03
ubottuzenadm1n: A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.21:03
zenadm1nHP ILO gives me the option of RHEL or SUSE. Ubuntu isn't an option although HP says it's supported.21:06
DeltaHeavyHey, I'm wondering what's the reasoning for not including MariaDB in the Ubuntu repos. Can anybody help me understand?21:06
bekkszenadm1n: HP ILO doesnt have such a menu at all. HP SmartStart does.21:08
bekkszenadm1n: ILO is the management web interface.21:08
henkjan_DeltaHeavy: http://packages.ubuntu.com/trusty/database/21:10
henkjan_DeltaHeavy: mariadb is in the repo's for trusty21:11
DeltaHeavyhenkjan_: They're not in 12.04 though >:21:11
henkjan_12.04. almost 2 years ago no distro had mariadb in the repo's21:12
DeltaHeavyhenkjan_: I thought they might add it in thogh.21:13
henkjan_DeltaHeavy: no. only existing software is updated. no new software is being added once a release is done21:14
DeltaHeavyOk, got it.21:15
=== hggdh_ is now known as hggdh
jamespagezul, ceilometer -> python-croniter21:42
=== RoyK is now known as Royk^
=== Royk^ is now known as RoyK
thumperwhy would upstart say a job is unknown?22:31
thumperwhen I can see it in /etc/init22:31
thumperit did seem that udev wasn't started due to too many open files when I started the container22:31
thumperbtw, this is inside an lxc container22:31
thumperI started about 50 at once22:31
thumperload testing to see if it died....22:31
thumperlxc tells me all the machines are running22:31
thumperI can ssh into it22:32
thumperbut juju failed to start the machine agent22:32
thumperand when I try to start it manually, it fails22:32
thumpersaying "unknown job"22:32
=== mjohnson15_2 is now known as mjohnson15
zuljamespage:  seriously?!22:34
m1sf1thi, does anyone know of a program that can do a similar thing to system restore in windows? i need to make a lot of changes to my server, and would like to be able to restore it if it all goes to hell. any suggestions?22:56
m1sf1ti've considered using dd, but i'm not sure if it'd be safe or reliable to use dd if=/ of /path/to/backup.img22:57
m1sf1t...while the system is running22:57
sarnoldm1sf1t: nothing exactly like windows's system restore.. a few ideas, you can use e.g. btrfs or zfs snapshotting at the filesystem level, or use lvm snapshots at the block level, or you can use dd to generate a disk image that you could use to overwrite the server ..22:58
sarnoldyou shouldn't use dd if=/dev/blah if /dev/blah is mounted read-write. if it is mounted read-only it ought to function.22:58
m1sf1tsarnold: do you know if dd would be safe or reliable to use while running? or should i boot a live cd and do it that way?22:58
sarnoldm1sf1t: live cd would be easiest22:59
sarnoldm1sf1t: ooh, I'm proud of this one :) you could use qemu-img to convert the disk image into a qcow2 image, snapsoht, do the work in a vm, and either re-export it or rollback23:00
m1sf1tsarnold: hmm... downtime :/ i think i'll have to do that. also, if i were to dd the whole filesystem (80GB) do you know if it's possible to reduce that size? or is that restricted by the filesystem?23:00
sarnoldm1sf1t: you'll have to read all 80 gigs, but you might not have to write all 80 gigs, if you use the conv=sparse option and your 'empty space' has been zeroed already...23:01
m1sf1tsarnold: just saw what you said about qemu-img, that sounds interesting :) a bit confused haha but i see what you're getting at23:03
m1sf1tsarnold: i think i'll keep it at 80GB. although i would have to do it now lol as it's the least busy time23:04
m1sf1tsarnold: i'll be replacing my file server hdd with a 2TB soon so i can make do with a little less storage for now ;)23:05
=== bradm1 is now known as bradm
sarnoldm1sf1t: woo :)23:08
m1sf1tsarnold: haha :) thanks for the advice, i'm gonna boot into a cd now then, so gotta go. bye :)23:10
sarnoldm1sf1t: have fun!23:10
m1sf1tsarnold: will do! staring at a terminal with no idea how long dd has left lol :D23:11
m1sf1tsarnold: cya23:11
geniidd could really use some kind of prgress indicator23:12
genii( when source or dest ore finite)23:12
sarnolddefinitely. I wish linux supported siginfo23:13
zuljamespage:  i have it packaged locally with tests running so ill upload it tomorrow23:21
m1sf1tsarnold: back, i forgot... ubuntu server is installed on a raid1 software array (the default one in the ubuntu server setup). the live cd hasn't recognised it :( do you know how to mount md0, when it doesn't even show under /dev/ ?23:38
m1sf1tsarnold: well, not mount. i just need to get an ubuntu live cd to recognise it23:38
sarnoldm1sf1t: yikes, that's not good. sorry, I don't know anything about mdadm stuff :(23:39
m1sf1tsarnold: haha me neither :( this is the first time i've even used raid, had to google the numbers lol23:40

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!