[01:57] <aurorauser> anyone have experience with mdadm arrays?
[01:59] <aurorauser> mdadm, anyone?
[04:39] <neurotus> is there a package for cgi:irc in 14.04 ?
[04:40] <neurotus> there is one in 10.04 but in 14.04 ?
[04:40] <neurotus> or an alternative ?
[07:00] <sheptard> I approve
[07:01] <soren> Yeah, that was getting old.
[07:18] <jonascj> Hi all. I have rented a server with hetzner.de and after installation of Ubuntu Server 14.04 the system have a single user 'root' which I can log into. What would the recommended action be at this point, to get to a system where I don't use the root account?
[07:19] <jonascj> Should I just add another user and setup sudo (maybe it already is), and disable the root account?
[07:25] <jonascj> And how should I disable the root-account, remove the password or "PermitRootLogin no" in the ssh-config?
[08:05] <lordievader> Good morning.
[09:44] <RoyK> DanaM: probably quite a few here that knows mdadm ;)
[11:01] <peetaur2> Hi. Why do I have these strange ntp servers that don't appear in my ntp.conf? https://bpaste.net/show/6f9ef78b6616
[11:01] <ihre> Hello, what happens when an application sends a a line bigger than 1024 characters syslog?
[11:01] <peetaur2> and missing the 2nd and 3rd ntp server I have from conf. the list there should be ntp, ntp3, localhost
[11:03] <peetaur2> oh nevermind...found it. there was some file here:  /var/lib/ntp/ntp.conf.dhcp
[13:06] <peetaur2> how do I tell it to install without removing the other stuff? https://bpaste.net/show/f04a392fc245  (like with rpm --force --nodeps)
[13:10] <peetaur2> I guess this worked:    apt-get -d install rsyslog ; dpkg --force-depends-version -i /var/cache/apt/archives/rsyslog_7.4.4-1ubuntu2.3_amd64.deb
[13:10] <peetaur2> but not sure if it will survive updates ;)
[13:40] <zul> jamespage:  any objections to update alembic?
[14:39] <MacroMan> I have read advice saying it's best to turn off DNS recursion in Bind9.
[14:40] <MacroMan> I only use Bind9 for locally hosted websites. Is it safe to turn off recursion?
[14:47] <maswan> MacroMan: It is best to separate authorative and recursive nameservers, so that the same bind/whatever doesn't do both.
[14:48] <MacroMan> I'll be honest, that's gone over my head
[14:48] <maswan> using it "for locally hosted websites" doesn't say which kind of use
[14:49] <MacroMan> I use my servers IP addresses in my nameserver settings on my domains, so I think I use it authoritively
[14:50] <maswan> The IPs in /etc/resolv.conf or equivalent is "recursive"/"resolving" use
[14:50] <maswan> Authorative is when you configure it to answer questions to the whole world for a particular dns zone/domain
[14:55] <MacroMan> Then I use it Authoritvely
[14:56] <jamespage> zul, nope
[15:42] <peetaur2> sigh.... my solution before to the rsyslog issue wasn't so good. Unlike what I said with zypper/rpm, it results in stupid errors so you can't install anything else normally afterwards: https://bpaste.net/show/7ea74828b41e
[15:50] <ogra_> well, package maintainers dont add versioned dependencies just for fun (they are not fun to maintain at all)
[15:51] <dpes> hi all
[15:51] <dpes> how to disable apparmor
[15:52] <dpes> ?
[15:52] <dpes> i'm still getting apparmor module is loaded. after stop
[15:52] <ogra_> you edit your kernel cmdline
[15:52] <dpes> on 14.04
[15:52] <dpes> without restart...
[15:56] <jdstrand> dpes: boot with apparmor=0. that said if you are trying to workaround policy bugs with Ubuntu-shipped policy, I would advise reporting the bugs at: https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug
[15:58] <dpes> jdstrand: could You confirm that then there is no >ZERO< loaded profiles in apparmor
[15:58] <dpes> then it don't interfer in os?
[15:58] <dpes> after teardown
[15:58] <jdstrand> dpes: if you boot with apparmor=0, apparmor will be disabled
[15:58] <dpes> i cannot boot this machine
[15:59] <jdstrand> dpes: with teardown, you can see if anything is loaded with 'sudo aa-status'
[15:59] <dpes> apparmor module is loaded
[15:59] <jdstrand> dbck: you will always get that the apparmor module is loaded if you aren't booting with apparmor=0
[15:59] <dpes> and everywhare 0
[15:59] <dpes> 0 profiles *
[15:59] <jdstrand> the module is loaded in the kernel
[16:00] <jdstrand> but if no profiles are loaded in the kernel, the module will not do anything
[16:00] <dpes> ok i get it
[16:00] <dpes> so it won't be apparmor issue
[16:00] <jdstrand> you can also watch /var/log/syslog for apparmor DENIALs
[16:01] <jdstrand> err
[16:01] <jdstrand> DENIED messages
[16:01] <jdstrand> I use this when try to see if apparmor needs to be adjusted: tail -f /var/log/syslog | grep DEN
[16:02] <dpes> thx
[16:02] <jdstrand> np
[17:15] <jamespage> jdstrand, do you have a revised set of apparmor patches for docker/libcontainer?  just looking at the merge for vivid - the current patch applies OK - but I see some chat upstream :-)
[17:20] <Daviey> jamespage / jdstrand: Are you tracking CVE-2014-6407 ?
[17:21] <jdstrand> jamespage: not yet, on my todo
[17:21] <Daviey> Ah, doesn't look like it impacts the ubuntu version.
[17:22] <jdstrand> we also have hardlink and symlink protections via yama
[17:22] <jamespage> Daviey, yes I am
[17:59] <TechIsCool> Got a question about services. In windows a service can be assigned a user account. How can I check if services are attached to a user account in ubuntu? I am trying to remove a old user account but want to confirm I will not break anything by removing the account
[18:00] <jamespage> jdstrand, 1.3.2 is testing OK with the current patch from 1.2.0; I'll upload that as a merge and we can take if from there
[18:05] <jdstrand> jamespage: yeah, that should work fine. the upstream stuff is for running a new docker with old apparmor userspace
[18:05] <jamespage> jdstrand, ack