sarnold | I don't allow password access to my sshd | 00:00 |
---|---|---|
sarnold | keys only | 00:00 |
Matt3o12 | Why? | 00:00 |
sarnold | there's just too many brute-forcers on the internet | 00:00 |
Matt3o12 | And.. what about the key or a password + a pam module (2 step authentication using google's authenticator)? | 00:01 |
sarnold | Matt3o12: I'm paranoid but also lazy :) | 00:02 |
Matt3o12 | So am I (that why I use 20 letter password, generated and almost unique)...But what do you think about a password + google authenticator. I may need to log into the server in school... | 00:03 |
sarnold | Matt3o12: some friends do use e.g. pam_duo, though. if it makes sense to you, go for it | 00:03 |
sarnold | Matt3o12: ah, using a machine you don't control? that's always iffy.. | 00:03 |
Matt3o12 | Yeah, I know, that's why I have 2 user accounts (one with limited access)... But I just hate to work with windows and I sometimes need to use unix... | 00:06 |
Matt3o12 | Anyway. what is your opinion about 2FA instead of a key.. I might lose it any booting the server with init=/bin/sh is really what I want to do least... | 00:08 |
sarnold | if I had to use passwords I'd definitely use 2fa | 00:09 |
Matt3o12 | Ok... | 00:09 |
Matt3o12 | How can I su into root once I removed the password. | 00:09 |
sarnold | sudo -s | 00:10 |
Matt3o12 | One last thing: what's the difference between sudo -i and sudo -s ? | 00:15 |
sarnold | Matt3o12: sudo -i tries to act like you just logged in via getty or sshd; sudo -s just starts a shell with the right user privileges. e.g. -s doesn't change directories or goof around with environment variables.. | 00:17 |
Matt3o12 | Ok. Thank you very much for your help :) | 00:19 |
=== phunyguy__ is now known as phunyguy | ||
=== cmagina_ is now known as cmagina | ||
zartoosh__ | Hi which package install this directory: /boot/grub/x86_64-efi/ Thanks | 02:44 |
=== CripperZ- is now known as cripperz | ||
TJ- | zartoosh__: "apt-file search <file-name>" ... but I happen to know it's created by grub-install and gets copies of the GRUB modules from the package "grub-efi-amd64-bin" (/usr/lib/grub/x86_64-efi/) | 03:44 |
Icabash | I haven't made any progress so far - x86 Ubuntu 14.04 install is stopping at "load debconf preconfigruation file" (I can still access the terminal with ctrl+alt+f2, though) | 03:54 |
Icabash | Wondering if I should try CentOS or Debian | 03:58 |
kernel13 | is there a way to generate preseed file from existing server | 03:59 |
=== arrrghhhAWAY is now known as arrrghhh | ||
=== arrrghhh is now known as arrrghhhAWAY | ||
=== davidbowlby is now known as davidbowlby-zZzZ | ||
Icabash | Figured out the problem - I was too impatient and didn't give the install enough time to proceed. (Although waiting for 2 hours seems a bit much for one step of the install) | 06:54 |
=== Gu_______ is now known as omrib | ||
poobutt | at ssh login 14.04 says 7 Packages can be updated 7 Packages are security updates. But update/upgrade does nto install or find anyhting. reboot still shows this msg | 09:26 |
rbasak | poobutt: try "sudo apt-get dist-upgrade". | 09:56 |
poobutt | rbasak: thanks this shows a headers upgrade i am actualy currently already on 14.04.1 LTS should i still go ahead with the dist-upgrade? | 10:10 |
rbasak | poobutt: pastebin the output please? | 10:10 |
poobutt | paste.ubuntu.com/8052540 | 10:12 |
rbasak | poobutt: that's just a kernel update. You probably want to take that. It has been issued for 14.04 users. "dist-upgrade" is needed to get kernel updates, since they use a metapackage that depends on a new kernel package. | 10:13 |
rbasak | poobutt: you'll need to reboot afterwards to boot the new kernel. Note that there is a (small) regression risk so you should be prepared to handle that. | 10:14 |
poobutt | ok thanks, going for it now | 10:15 |
poobutt | rbasak: thanks worked and no more available update msg at log in, and on another note after pasting in paste.ubuntu.com hitting the back button in browser alows you to edit / add to paste never knew that b4 | 10:18 |
poobutt | scratch that paste note.ubuntu.com comment it only does that in local browser it seems | 10:20 |
poobutt | thats nice... | 10:31 |
=== cripperz is now known as CripperZ- | ||
=== Lcawte|Away is now known as Lcawte | ||
technocf | Where can I find a good tutorial for setting up an Ubuntu mail server with virtual mailboxes. I've found some tutorials but they only go into setting up postfix, not all the other bits. | 11:48 |
technocf | Found one | 11:54 |
obi12341 | technocf, https://www.exratione.com/2012/05/a-mailserver-on-ubuntu-1204-postfix-dovecot-mysql/ | 11:56 |
technocf | obi12341: Thanks, that's better than the one I found | 11:57 |
obi12341 | ;) | 11:57 |
obi12341 | we used this tutorial for a really big customer, so this tutorial is proofen | 11:58 |
obi12341 | *proofed | 11:58 |
technocf | Great! Setting up my new company... we need emails. :P | 11:58 |
obi12341 | :P | 11:58 |
technocf | Soon I should have ceo@deviotion.com | 11:59 |
technocf | What do I do if the server is more than just mail? | 12:00 |
technocf | It says make the hostname "mail." | 12:00 |
obi12341 | then just use the "normal" hostname without mail | 12:01 |
technocf | ok, I just wasn't sure | 12:01 |
technocf | I followed the instructions word for word and https://mail.deviotion.com/postfixadmin/setup.php doesn't exist... | 12:14 |
technocf | Fixed it | 12:16 |
samba35 | i am trying to install wireless card (netgear wg311v3) with ndiswrapper after driver is installed when i run iwconfig its not able to detect card ,can you please tell me what could be wrong i am doing | 12:55 |
samba35 | i am trying this card with server and desktop with no luck | 12:55 |
=== davidbowlby-zZzZ is now known as davidbowlby | ||
JoeyJoeJo | I've got a new software raid 5 made out of 3 3TB drives, but it's showing up as 4TB. Shouldn't it be 5.4TB? | 13:09 |
=== mjohnson151 is now known as mjohnson15 | ||
=== Malinux_ is now known as Malinux | ||
=== khaitanya is now known as Guest31251 | ||
Kunzem1984 | Hi is there a easy way of checking which hdd in my raid 1 setup has block errors? I get "status: { DRDY ERR }" with lots of other errors in syslog . googled them and it seems hdd failure. | 14:03 |
rbasak | coreycb, jamespage, gnuoy, beisner, rharper, lutostag, smoser, hallyn: it's the scheduled time for another merge sprint now. | 14:06 |
rbasak | Who is here and will attend, please? | 14:06 |
lutostag | lutostag: cant for first hour, will join after that | 14:06 |
lutostag | lol, rbasak ^^ | 14:06 |
rbasak | OK no problem, thanks. | 14:07 |
coreycb | o/ | 14:07 |
beisner | rbasak, elbow deep in a bug and an RT, need to wrap those up, will be joining biab | 14:07 |
rbasak | OK beisner | 14:07 |
rbasak | Hi coreycb! | 14:08 |
coreycb | rbasak, hi! | 14:08 |
* rbasak waits to see who else is here | 14:08 | |
coreycb | rbasak, is there any priority in which packages require merge? | 14:19 |
rbasak | Let me take a look at the list as it stands today. | 14:20 |
hallyn | pad url? | 14:22 |
rbasak | coreycb: without looking at changelogs or if anybody else has taken it, so not considering complexity... | 14:22 |
hallyn | (I'm merging qemu right now, but will look at anything blocked) | 14:22 |
rbasak | hallyn: http://pad.ubuntu.com/server-team-merges | 14:22 |
hallyn | thx | 14:22 |
rbasak | I'd say amavisd-new, maybe dovecot, exim4 (again! but may be OK after feature freeze), logwatch (possibly complex)... | 14:23 |
rbasak | mod-wsgi may want a sync - version looks significant. | 14:23 |
rbasak | nginx is in progress (me) but is important. | 14:24 |
rbasak | Maybe openldap, but looks maybe complex | 14:24 |
rbasak | That's everything that stands out to me right now. | 14:24 |
rbasak | Everything would be good, but I'd say those are the headline ones we probably want to do for server users. | 14:25 |
rbasak | openldap less so - few will probably run an LDAP server in production on Utopic. | 14:25 |
coreycb | rbasak, cool thanks. have an tips on determining priority in the future or does priority == most commonly used packages? | 14:26 |
rbasak | coreycb: very much a subjective judgement call. I'm going by my impression of how people use the server distribution, and what they will miss the most. | 14:26 |
hallyn | btw, merge of slof, build failed. probably a bug in the cross-compiler. | 14:26 |
coreycb | rbasak, ok | 14:26 |
rbasak | So big version bump, or a small bump that indicates bugfixes that might be valuable. | 14:26 |
rbasak | Or a package where I know that having the latest is important to the user demographic (eg. nginx) | 14:27 |
coreycb | rbasak, thanks | 14:28 |
=== cyphermox__ is now known as cyphermox | ||
j^ | whats the new way of creating a new vm for libvirt/kvm (vmbuilder kvm ubuntu --suite=trusty fails and lp lists some bugs that its deprecated, but could not find what replaces it) | 14:42 |
rbasak | j^: https://help.ubuntu.com/14.04/serverguide/cloud-images-and-uvtool.html | 14:46 |
j^ | uvtool depends on avahi-daemon? | 14:47 |
rbasak | No, but it did use avahi-daemon in the guest in the past. What makes you think that? | 14:48 |
j^ | apt-get install uvtool wants to install avahi-daemon on my server | 14:48 |
rbasak | Which release? | 14:48 |
j^ | 14.04 | 14:49 |
Pici | You may need to use --no-install-recommends | 14:49 |
j^ | I upgraded that system from 12.04, was the default changed for install recommends? | 14:49 |
rbasak | j^: ah, that's because uvtool-libvirt recommends libnss-mdns | 14:50 |
rbasak | I should probably drop that recommendation, but you aren't required to follow it. | 14:50 |
rbasak | I used to use libnss-mdns for IP address detection in the guest. | 14:50 |
rbasak | With avahi-daemon on the guest to publish it. | 14:51 |
rbasak | I gave up on that though. It wasn't reliable enough. Instead I now parse the libvirt-specific dnsmasq's leases file. | 14:51 |
rbasak | Which is a hack, but it works reliably and by default at least. | 14:51 |
* rbasak has filed bug 1357400 | 14:52 | |
uvirtbot | Launchpad bug 1357400 in uvtool "uvtool-libvirt unnecessarily recommends libnss-mdns" [Medium,Triaged] https://launchpad.net/bugs/1357400 | 14:52 |
j^ | https://help.ubuntu.com/14.04/serverguide/cloud-images-and-uvtool.html could mention where disk images are located. is there some way to specify this? | 15:17 |
j^ | whats the second disk image name-ds.qcow used for? it shows up as unformated emtpy disk | 15:19 |
j^ | uvt-simplestreams-libvirt purge looks dangerous, it also removes disks of running vms | 15:25 |
rbasak | j^: see the manpage. | 15:25 |
rbasak | The second disk image is for the cloud-init data source | 15:26 |
rbasak | It passes in cloud-init userdata and metadata. | 15:26 |
rbasak | uvt-simplestreams-libvirt purge *is* dangerous, and it says so in the manpage. | 15:26 |
rbasak | --source can override the disk image source, but the source must publish metadata in the simplestreams format. | 15:27 |
rbasak | There are mirroring tools in the simplestreams packaging. | 15:27 |
j^ | saw that, if its removed does not matter, otherwise destroying running vms before deleting the images might be better though. | 15:27 |
rbasak | I added to handle breakages during development. | 15:28 |
rbasak | It shouldn't ever be needed in production use. Destroying the VM removes running VMs before deleting the images. | 15:28 |
j^ | im just pushing all buttons to see what happens :) | 15:29 |
rbasak | :) | 15:29 |
j^ | adding an --autostart option to create would be usefull but can also call virsh autostart $name after creating a new vm | 15:32 |
rbasak | IIRC, it enables autostart by default. | 15:32 |
rbasak | Oh, perhaps not. | 15:33 |
rbasak | j^: filed bug 1357420. Thanks! | 15:35 |
uvirtbot | Launchpad bug 1357420 in uvtool "VMs do not autostart" [Wishlist,Triaged] https://launchpad.net/bugs/1357420 | 15:35 |
Guest35236 | hey guys | 16:13 |
Guest35236 | im having an issue where a new build server (12.04) with nginx and openssl is reporting as vulnerable to heartbleed under nessus and nmap, but slightly less updated servers are not | 16:14 |
Guest35236 | does anyone know of any issues with the newest update? | 16:14 |
rbasak | Guest35236: can you confirm your package versions of the relevant nginx and openssl packages? | 16:15 |
rbasak | The most common case asked here seems to be when packages aren't fully up to date. | 16:16 |
Guest35236 | root@dev-upload01:/etc/nagios# nginx -v | 16:16 |
Guest35236 | nginx version: nginx/1.1.19 | 16:16 |
Guest35236 | root@dev-upload01:/etc/nagios# openssl version -a | 16:17 |
Guest35236 | OpenSSL 1.0.1 14 Mar 2012 | 16:17 |
rbasak | No, the *package* version. | 16:17 |
rbasak | dpkg-query -W nginx | 16:17 |
rbasak | dpkg-query -W nginx-core | 16:17 |
Guest35236 | nginx 1.1.19-1ubuntu0.6 | 16:17 |
rbasak | dpkg-query -W libssl1.0.0 | 16:17 |
rbasak | etc | 16:17 |
Guest35236 | libssl1.0.0 1.0.1-4ubuntu5.17 | 16:17 |
rbasak | OK it looks like you are indeed up to date. Thank you for confirming. | 16:18 |
rbasak | e version does not exhibit this behaviour? | 16:19 |
rbasak | Do you know what package version does not exhibit this behaviour? | 16:19 |
Guest35236 | ok | 16:19 |
Guest35236 | hang on, ill have a look | 16:19 |
Guest35236 | libssl1.0.0 1.0.1-4ubuntu5.12 | 16:20 |
Guest35236 | doesnt | 16:20 |
rbasak | Guest35236: that's interesting, thanks. | 16:22 |
rbasak | mdeslaur: ^^ | 16:22 |
mdeslaur | Guest35236: how is nessus determining it's vulnerable? | 16:23 |
Guest35236 | very good question lol | 16:23 |
Guest35236 | ill see if i can get a look at the plugin | 16:24 |
mdeslaur | Guest35236: can you paste me the plugin somewhere? | 16:24 |
Guest35236 | the nmap script is more accessible | 16:24 |
rbasak | I'll leave this to mdeslaur - thanks. It seems likely to be a false positive to me but probably worth checking. | 16:24 |
Guest35236 | https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse | 16:25 |
Guest35236 | thats the nmap script | 16:25 |
Guest35236 | yeah i think it must be as well | 16:25 |
RoyK | Guest35236: commercial nessus, or old OSS nessus? If it's the latter, why not openvas? It should be a wee bit more updated | 16:25 |
Guest35236 | its just strange that other servers arent showing it | 16:25 |
Guest35236 | commercial nessus | 16:25 |
RoyK | ok | 16:26 |
Guest35236 | i just got a trial licence this morning | 16:26 |
RoyK | Guest35236: try openvas | 16:26 |
Guest35236 | ive got that as well | 16:26 |
RoyK | ok | 16:26 |
Guest35236 | its not as pretty tbh | 16:26 |
Guest35236 | harder to sell to the boss :P | 16:26 |
RoyK | Guest35236: it is? openvas is free :D | 16:26 |
Guest35236 | seems to do a better job than qualsys though | 16:26 |
Guest35236 | haha true | 16:26 |
Guest35236 | but wed probably have to get a support contract somewhere | 16:27 |
mdeslaur | Guest35236: and what response did that script give?% | 16:27 |
RoyK | Guest35236: what for? | 16:27 |
Guest35236 | ill get a pastie for you | 16:27 |
Fishscene | Greetings. I'm running Ubuntu server 14.04 x64 and have set up an LTSP environment. I'm looking to update the i386 image, but when I run the commane "sudo ltsp-update-image —arch i386", it doesn't recognize the arch option. Multiple tutorials reference this command, but it appears the option was removed: http://manpages.ubuntu.com/manpages/trusty/man8/ltsp-update-image.8.html How do I update the i386 LTSP image? | 16:27 |
Guest35236 | the problem with openvas is that it uses CPEs to keep you updated on patch versions | 16:29 |
Guest35236 | which dont have the ubuntu versions of updates in them | 16:29 |
Guest35236 | so it throws up a lot of errors that have been fixed | 16:29 |
=== cmagina_ is now known as cmagina | ||
Guest35236 | qualsys does the same thing i think | 16:30 |
patdk-wk | any idea why the changelog is missing? | 16:31 |
patdk-wk | http://changelogs.ubuntu.com/changelogs//main/o/openssl/openssl_1.0.1-4ubuntu5.17/changelog | 16:31 |
Guest35236 | Heres the output: | 16:32 |
Guest35236 | http://pastie.org/9476008 | 16:32 |
Guest35236 | its on here: | 16:34 |
Guest35236 | https://launchpad.net/ubuntu/precise/+source/openssl/+changelog | 16:34 |
RoyK | Guest35236: AFAIK openvas/nessus just checks for the version running, so if it says openssl 1.0.0, it decides it's a bad version, but then, most distros don't upgrade core packages to the latest patch level, they just backport the fixes and don't include new stuff | 16:38 |
mdeslaur | Guest35236: I'm not sure how to debug that...have you filed a bug with commercial nessus to see what they say about it? | 16:39 |
Guest35236 | not yet | 16:40 |
Guest35236 | i thought that would be the case | 16:40 |
Guest35236 | but the older version doesnt do this | 16:40 |
Guest35236 | and nmap definitely didnt do that | 16:40 |
Guest35236 | (the stuff i linked) | 16:40 |
mdeslaur | the only thing I can do when I get a minute is to try to run one of the original heartbleed test script on our package | 16:41 |
RoyK | heartbleed is evil (tm) | 16:41 |
Guest35236 | its really very strange | 16:42 |
patdk-wk | atleast my updated server is not vaulnerable | 16:42 |
Guest35236 | ah hang on | 16:43 |
Guest35236 | it seems to be related to nrpe | 16:43 |
Guest35236 | it only fails on port 5666 | 16:43 |
patdk-wk | what is nrpe | 16:44 |
Guest35236 | nagios client | 16:44 |
Guest35236 | ill check the pkg | 16:44 |
Guest35236 | ii nagios-nrpe-server 2.12-5ubuntu1.2 Nagios Remote Plugin Executor Server | 16:44 |
patdk-wk | does that package depend on libssl? | 16:45 |
patdk-wk | odd, it does | 16:45 |
RoyK | patdk-wk: nrpe uses ssl | 16:45 |
patdk-wk | you have restarted it since heartbleed? | 16:45 |
Guest35236 | im not sure how i double check depencies, but it transmits using ssl | 16:45 |
patdk-wk | royk, I know, the question was if it was compiled in or linked | 16:45 |
RoyK | ok | 16:45 |
Guest35236 | i actually checked this, hang on | 16:46 |
Guest35236 | root@dev-upload01:/etc/nagios# ldd /usr/sbin/nrpe | grep ssl | 16:47 |
Guest35236 | libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007fc908570000) | 16:47 |
Guest35236 | which is afaik the ubuntu library | 16:47 |
patdk-wk | yes, has it been restarted in the last 4 months or so? | 16:48 |
Guest35236 | hmmm | 16:48 |
Guest35236 | yes, but possibly not till after the ssl update i suppose | 16:48 |
patdk-wk | well, we want it restarted after the ssl update | 16:49 |
patdk-wk | or else it won't notice the update | 16:49 |
Guest35236 | yeah true | 16:49 |
patdk-wk | I would restart it, then retest | 16:49 |
Guest35236 | ill double check | 16:49 |
Guest35236 | you guys have full permission to slap me | 16:50 |
Guest35236 | lol | 16:50 |
Fishscene | NVM! I think I figured it out… "sudo ltsp-update-image i386" | 16:50 |
rbasak | jamespage: mongodb \o/ | 16:51 |
Guest35236 | my puppet scripts must not notify nrpe on an openssl update | 16:51 |
Guest35236 | hadnt even thought about it | 16:51 |
Guest35236 | thanks guys | 16:51 |
=== arrrghhhAWAY is now known as arrrghhh | ||
Guest35236 | seriously stupid | 16:51 |
Fishscene | Don't beat yourself up too badly. I stared at my own answer for a couple of minutes before it dawned on me that "CHROOT" was the same thing as the Architecture in an old command. lol. | 16:52 |
rbasak | Guest35236: check out checkrestart(1). Might be an idea to run a nagios monitor for that. | 16:53 |
Guest35236 | good idea | 16:56 |
Guest35236 | i always like overengineering nagios checks, seems like a perfect candidate :) | 16:57 |
LucidGuy | Anyone using zfsonlinux? | 16:59 |
hallyn | zul: around? | 17:08 |
zul | hallyn: not really | 17:08 |
hallyn | jsut a quick q, | 17:08 |
hallyn | ii libvirt-bin 1.2.6-0ubuntu5 amd64 programs for the libvirt library | 17:08 |
hallyn | ii libvirt0 1.2.6-0ubuntu5 amd64 library for interfacing with different virtualization systems | 17:08 |
hallyn | ii python-libvirt 1.2.5-0ubuntu1 amd64 libvirt Python bindings | 17:08 |
hallyn | is python-libvirt spuposed to be at 1.2.6-0ubuntu5? | 17:08 |
Pici | :| | 17:08 |
hallyn | zul: qa-regresion-tests are failing so i can't tell if it's my new qemu or the old python-libvirt :) | 17:09 |
zul | its suppose to be 1.2.6-0ubuntu1 | 17:09 |
* hallyn checks publish history | 17:09 | |
zul | ill upload it if its not there | 17:09 |
hallyn | yeah it doesn't seem to be in proposed | 17:10 |
zul | hallyn: ill get to it | 17:10 |
hallyn | zul: ok, thanks. meanwhile i'm going to go ahead and push new qemu. | 17:10 |
zul | hallyn: ack | 17:11 |
=== cyphermox_ is now known as cyphermox | ||
=== krtaylor is now known as krtaylor_away | ||
s0m3b0dy | Hello, I wanted to know how to install one package from a different repository without having to upgrade all the dependencies? | 19:47 |
genii | It doesn't work that way. | 19:48 |
s0m3b0dy | would it be possible? | 19:48 |
s0m3b0dy | Well, I actually use debian, but their support channel sucks so here I am | 19:48 |
s0m3b0dy | I need to install this on debian sqeeze: https://packages.debian.org/sid/rhnsd | 19:49 |
Pici | Try their official channels on oftc then. | 19:51 |
s0m3b0dy | Pici: who's channel is that? | 19:52 |
Pici | iirc, they were on #freenode and moved to #oftc, there is just some leftover things here. | 19:52 |
s0m3b0dy | debian? | 19:53 |
Pici | er, I don't know why I put hashes in from of those. | 19:53 |
s0m3b0dy | yeah was gonna say :p | 19:53 |
Pici | It's been a long day. | 19:54 |
s0m3b0dy | I spent all morning figuring out how to install spacewalk on centos, with almost no documentation available for any of the issues I had | 19:55 |
patdk-wk | sometimes the package will work as is | 19:58 |
patdk-wk | sometimes you have to recompile it | 19:58 |
patdk-wk | and other times, you have to actually install all the deps | 19:59 |
darkxploit | hello guys i got ubuntu server 13.04 .. how do i upgrade to latest version?. because each time i made an upgrade it gives me error 404 | 20:33 |
sarnold | you're far enough back that downloading a 14.04 LTS image and starting there might be easier | 20:34 |
sarnold | there is an old-releases.ubuntu.com archive that might help you if you want to try upgrading in place without downloading new images | 20:34 |
darkxploit | sarnold, its on a vps i dont want to lose everything | 20:34 |
s0m3b0dy | but to answer your question darkxploit run: dist-upgrade | 20:35 |
darkxploit | s0m3b0dy, thats too same error | 20:35 |
s0m3b0dy | what is the error? | 20:36 |
s0m3b0dy | darkxploit: you have to run apt-get update first though | 20:36 |
darkxploit | s0m3b0dy, sorry i mean there is no thing available on dist-upgrade | 20:36 |
darkxploit | apt-get update and apt-get upgrade gives me error 404 | 20:37 |
s0m3b0dy | what error? | 20:37 |
s0m3b0dy | paste the whole error here | 20:37 |
s0m3b0dy | darkxploit: ? | 20:39 |
darkxploit | s0m3b0dy, This is for the apt-get update http://pastebin.com/m5s4zb9Q | 20:40 |
s0m3b0dy | darkxploit: try to run a traceroute to this IP: 91.189.92.200 | 20:41 |
s0m3b0dy | what happens if you run "apt-get dist-upgrade | 20:42 |
darkxploit | s0m3b0dy, here is the traceroute result http://pastebin.com/KzJV3yve | 20:43 |
s0m3b0dy | darkxploit: sudo /etc/init.d/nscd restart | 20:44 |
s0m3b0dy | that will flush the DNS cache | 20:44 |
s0m3b0dy | then try doing an apt-get update again | 20:44 |
darkxploit | s0m3b0dy, i dont have nscd | 20:46 |
darkxploit | s0m3b0dy, i dont have nscd | 20:53 |
s0m3b0dy | darkxploit: sorry was afk | 20:53 |
s0m3b0dy | darkxploit: can you restart the whole server? the DNS cache is stuck and Im not sure why it can't find the IP | 20:54 |
darkxploit | s0m3b0dy, i have restarted it as well.. then start network service | 20:55 |
darkxploit | same error | 20:55 |
s0m3b0dy | hm | 20:56 |
s0m3b0dy | did you try "apt-get dist-upgrade" instead of just "dist-upgrade" ? | 20:56 |
darkxploit | s0m3b0dy, are you sure its the cache or that version dont have any more update. | 20:56 |
s0m3b0dy | oh crap, that's what it is x.x | 20:57 |
s0m3b0dy | I didn't check the repos before, sorry | 20:58 |
darkxploit | s0m3b0dy, this is the repos http://pastebin.com/ahAmgK9F | 21:03 |
darkxploit | s0m3b0dy, cat /etc/issue | 21:04 |
darkxploit | Ubuntu 13.04 \n \l | 21:04 |
s0m3b0dy | darkxploit: and which ubuntu version are you running? | 21:04 |
s0m3b0dy | no idea what to say then darkxploit :/ | 21:05 |
s0m3b0dy | do you need all the repos there? | 21:05 |
s0m3b0dy | delete the last one if anything | 21:05 |
s0m3b0dy | and this one | 21:06 |
s0m3b0dy | http://security.ubuntu.com/ubuntu/dists/raring-security/ | 21:06 |
darkxploit | i need to make an upgrade to latest version.. because right now i cant install anything for example i can install aptitude | 21:06 |
darkxploit | i cant install aptitude* | 21:06 |
darkxploit | s0m3b0dy, i have comment the last 2 lines in the repo.. same error | 21:09 |
zartoosh__ | HI I am using ubuntu 14.04. When I type apt-get upgrade it tries to install newer kernel version. I do not want to get the newer kernel, is there a way I can automate this please? Thanks | 21:23 |
=== a1berto_ is now known as a1berto | ||
Patrickdk | zartoosh__, heh? | 22:17 |
Patrickdk | apt-get upgrade does NOT install newer kernels | 22:17 |
zartoosh__ | Patrickdk, so the something else does it, thanks, now I have to find out what does it. | 22:26 |
Patrickdk | dist-upgrade :) | 22:26 |
Patrickdk | upgrade just *warns* you that it can't install them, cause you didn't use dist-upgrade | 22:26 |
sarnold | apt-get dist-upgrade will upgrade your kernel for you | 22:26 |
Patrickdk | no, he wanted upgrade | 22:27 |
Patrickdk | he doesn't want a kernel | 22:27 |
Patrickdk | he doesn't understand the difference | 22:27 |
sarnold | ah he likes his vulnerabilities :) | 22:27 |
Patrickdk | upgrade *upgrades* existing packages | 22:27 |
Patrickdk | sar, no, upgrade would do that ok :) | 22:27 |
Patrickdk | dist-upgrade, upgrades and upgrades things that require new dependencies (the kernel being one of those) | 22:27 |
Patrickdk | like say you install mysql-server, and it installs mysql-server-5.1 | 22:28 |
Patrickdk | then later mysql-server is upgraded to mysql-server-5.5 | 22:28 |
Patrickdk | upgrade would never install that new mysql version | 22:29 |
Patrickdk | dist-upgrade would | 22:29 |
sarnold | .. only if some set of package dependencies asked for the new 5.5 or 5.6.. | 22:29 |
Patrickdk | ya, the generic top level package *mysql-server* would ask for mysql-server-5.5 :) | 22:29 |
Patrickdk | ya, that is exactly how it works in ubuntu (had to check, I haven't used mysql in ubuntu for a long time) | 22:30 |
Patrickdk | same with kernel | 22:30 |
Patrickdk | linux-generic depends on the actual linux kernel version | 22:31 |
Patrickdk | so it's always a new dependency on upgrades | 22:31 |
Patrickdk | less common, is a package having a new dependency, like adding in liblz4 or something | 22:31 |
zartoosh__ | apt-get -q --force-yes -y upgrade I guess this command was upgrading my kernel. | 22:31 |
sarnold | zartoosh__: seems unlikely to me | 22:32 |
Patrickdk | it defently wouldn't | 22:32 |
zartoosh__ | sarnold, then I am lost what make my kernel upgrades ... | 22:32 |
Patrickdk | how do you know it's upgrading? | 22:32 |
zartoosh__ | My kernel has changed from 3.12-24 to 3.12.32 | 22:34 |
sarnold | zartoosh__: do you perhaps have unattended-upgrades installed? | 22:34 |
Patrickdk | I didn't even think unattended upgrades does reboots too | 22:35 |
zartoosh__ | sarnold, I hope not, this is a server so no gui stuff running | 22:35 |
Patrickdk | what does that have to do with gui? | 22:35 |
sarnold | Patrickdk: it shouldn't, but it could be a surprising reason why a kernel update might be installde | 22:35 |
zartoosh__ | the destop enviroment adds more applications which I am not aware of all ... that what I meant | 22:35 |
Patrickdk | zartoosh__, what does unattended-upgrades have to do with gui | 22:36 |
Patrickdk | is it installed or not? :) | 22:36 |
Patrickdk | unattended-upgrades - automatic installation of security upgrades (nothing to do with gui) | 22:36 |
Patrickdk | it is *automatically* installed if you install a gui | 22:37 |
zartoosh__ | Patrickdk, a newer kernel is installed, never mind the gui, I provided the wrong info, I am using server | 22:37 |
Patrickdk | heh? you still haven't answered the question | 22:37 |
Patrickdk | is unattended-upgrades installed or not | 22:37 |
sarnold | zartoosh__: dpkg -l unattended-upgrades :) | 22:37 |
zartoosh__ | let me check sorry I did not understood that one sec | 22:38 |
zartoosh__ | no it is not | 22:38 |
Patrickdk | most everything in /etc/apt/apt.conf.d/50unattended-upgrades commented out? | 22:39 |
Patrickdk | except like 2 lines at the top? | 22:39 |
zartoosh__ | let me check | 22:39 |
sarnold | zartoosh__: check out /var/log/dpkg.log -- it can tell you when the new packages were installed, you miht be able to use that to figure out who might have installed it.. | 22:39 |
Patrickdk | just wanted to double check, it wasn't turned on manually, isntead of via the package :) | 22:40 |
sarnold | :) | 22:40 |
zartoosh__ | Patrickdk, there is no /etc/apt/apt.conf.d/50xxx in my system. | 22:41 |
Patrickdk | heh | 22:42 |
Patrickdk | odd | 22:42 |
zartoosh__ | setting GRUB_DEFAULT does not help to boot to older kernel either .. | 22:42 |
=== Lcawte is now known as Lcawte|Away |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!