sarnoldsuperboot: http://old-releases.ubuntu.com/releases/lucid/ubuntu-10.04.3-server-amd64.list ?00:01
=== martinst is now known as martins-afk
=== markthomas|away is now known as markthomas
=== markthomas is now known as markthomas|away
storrgieIn 14.04 is it advisable to install mariadb from the base repositories or use their repository?01:09
sarnoldstorrgie: base repo is probably fine, one of our users (otto) does a good job keeping up on security fixes01:10
sarnoldstorrgie: though feel free to use their repository if you'd feel better about that01:10
storrgiesarnold, hypothetical, if someone was able to gain underprivileged user access, say through wordpress (if I have a php or wordpress user to run their garbage code), would that user be able to see the crontab, or is that a root only thing?01:16
storrgieI ask because I typically do this on my mariadb installs: @weekly mysqlcheck -o --user=root --password=<your password here> -A01:16
sarnoldstorrgie: that should be safe01:20
storrgiesarnold, along those same lines, whats the convention for installing something like wordpress? I always just make a wordpress user and chown the wp install directory(s) with that user account01:20
sarnoldstorrgie: the crontabs are stored in /var/spool/cron/crontabs/, which has restrictive permissions, and the individual files have restrictive permissions, too;01:20
sarnoldstorrgie: that's a good approach; especially if you make sure the user running the webserver / wordpress executables doesn't have write access to its own files01:21
storrgiesarnold, isn't there a way to pass an arg when you make the user account that makes it a 'system' account effectively iwth no home directory?01:23
storrgiesarnold, is there a guide on hardening nginx that you'd recommend?01:24
storrgiesorry with all the questions, I still have more01:24
storrgieis fail2ban considered useful or is there alternatives that are better?01:25
sarnoldstorrgie: hmm, adduser seems to create homedirs even with --system ... that's probably n ot terrible though, only things that use getent(3) would care. You could set the permissions on its directory to forbid it from writing in the directory, if you wish01:26
sarnoldstorrgie: nginx hardening is best asked to teward ^^01:26
storrgieteward, sir are you present?01:27
sarnoldstorrgie: and some people do like fail2ban, I think it's better to just turn off password authentication once your keys are on the system, and avoid bruteforce password searches entirely that way, but blocking those hosts via iptables isn't a bad idea01:27
sarnoldstorrgie: ufw can also do rate limiting, which may help avoid need for fail2ban too01:27
sarnoldstorrgie: .. I'm just reluctant to run scripts as root on data supplied by attackers, even if the log files "should" be safe ...01:28
storrgiesarnold, thats a good point01:36
storrgieI've already installed it, is it easy to remove (will it leave system cruft)? I'm already using key based auth and a diff port01:37
sarnoldstorrgie: apt-get purge will clean up config files too01:37
storrgieI like the ufw limit a lot more01:40
storrgiesarnold, just installed php5 and php5-fpm, do you know where the php.ini file is located now days?01:47
storrgieon fedora/centos its /etc/php.ini01:48
storrgiesarnold, nvm, found it at: sudo vim /etc/php5/fpm/php.ini01:49
=== kees_ is now known as kees
=== neunon_ is now known as neunon
lxus_Evening folks, having a few issues with ubuntu server. for some reason when i try to boot normally the boot fails and the process restarts. the message i keep getting is / boot terminated with error 104:19
lxus_any clues?04:19
lxus_However when i boot into recovery and continue normal boot i lets me into console :|04:19
fattywumpusapologies to those that just saw this on #ubuntu, how are most folks managing user accounts/ids/groups on 20+ systems.  ldap?05:25
fattywumpusor just synchronizing passwd/shadow/etc05:25
jpds_fattywumpus: Probably using LDAP at that point.05:27
jpds_fattywumpus: Another method would be to use something like puppet to roll out user accounts.05:30
fattywumpusjpds_: that's what i was wondering, if folks are digging into that route these days.   it's been a few years and i've done ldap a few times05:31
fattywumpushaven't tried any of the cool new tools for managing users05:31
jpds_I hear freeipa is good.05:31
fattywumpuswhoa, never heard of it, looks interesting..thanks!05:33
lordievaderGood morning.06:09
=== DenBeiren is now known as zz_DenBeiren
megapixelPlease give me command line for format root sda07:20
Slingmegapixel: you want to remove the current partitions on your /dev/sda disk and create a new one, or?07:26
Slingyou could use 'fdisk' or 'sfdisk' for that07:27
Slingsfdisk is probably easiest07:27
Slingalthough it doesn't understand GPT07:28
Slingthere is also 'parted'07:28
=== Lcawte|Away is now known as Lcawte
linuxmintIs there a grep command to search for a line of code, as I can't find the file containing the code?08:23
Walexlinuxmint: yes08:37
halvorsI'm trying to setup dovecot with sieve and a default script in the path: /var/lib/dovecot/sieve/default.sieve. But when an email arrives i get the following error: Error: sieve: main script: failed to stat sieve script: stat(/var/lib/dovecot/sieve/default.sieve) failed: Permission denied (euid=1011(halvors@halvors.org) egid=1004(halvors.org) missing +x perm: /var/lib/dovecot, we're not in group 0(root), dir owned by 0:0 mode=0750)08:48
halvorsI understand that this is a permission problem somehow, but what user is supposed to own it?08:48
Walexhalvors: also "missing +x perm"08:54
halvorsi did chmod +x default.sieve09:01
halvorsWalex: But what user should be the owner of the default.sieve file?09:01
=== frickler_ is now known as frickler
Walexthat depends on which user is running the dovecot and/or sieve processes.09:07
Walexhalvors: also note that the 'sieve' process needs to traverse the '/var/lib/dovecot' directory, and as the message says its mode is "=0750".09:08
=== cripperz is now known as CripperZ
halvorsWalex: How can i find out what user is running the sieve process?09:40
Tazmainhi all, it seems that some packages in my update list on my server can't be authenticated? does that mean I waited too long to update or something ?09:47
=== CripperZ is now known as cripperz
=== cripperz is now known as CripperZ
Slinghm, if i put '/var/log/folder/file*' in a custom logrotate.d/file , is it smart enough to not match the .gz files created by logrotate in the past?10:16
Walexhalvors: with 'ps' with the 'u' option.10:21
Walexhalvors: if you are asking basic questions like this perhaps you need a system administrator to help you...10:21
WalexSling: the psychic version of 'logrotate' will be released soon :-)10:22
SlingWalex: well I would expect it to only rotate textfiles, for example :)10:24
Slingoh well I've fixed it now by just specifying the files in full10:24
=== bilde2910|away is now known as bilde2910
halvorsWalex: Seems like root is running dovecot.11:24
halvorsI don't see why this wouldn't work then.11:24
halvors1055 root      20   0   17768   1528   1236 S   0.0  0.0   0:00.03 dovecot11:24
halvors 1164 dovecot   20   0    9276    956    812 S   0.0  0.0   0:00.00 anvil11:24
=== Lcawte is now known as Lcawte|Away
=== DalekSec_ is now known as DalekSec
=== martins-afk is now known as martinst
=== martinst is now known as martins-afk
jpds_halvors: Have you checked the dovecot apparmor rules?11:54
=== martins-afk is now known as martinst
=== Lcawte|Away is now known as Lcawte
=== Lcawte is now known as Lcawte|Away
superbootsarnold: Thanks for the manifest link. Just got it now.13:20
=== mrt333_ is now known as mrt333
=== caribou_ is now known as caribou
=== jhenke_ is now known as jhenke
=== danjared_ is now known as danjared
=== kickinz1` is now known as kickinz1|afk
=== kickinz1|afk is now known as kickinz1
=== Faylite_ is now known as Faylite
strikovrbasak: is it correct in case of juju-core: dpkg-source: warning: Version number suggests Ubuntu changes, but there is no XSBC-Original-Maintainer field15:14
strikovrbasak: i though that i lost it while baking 1.22.0 but it looks like it was not available even before it15:14
rbasakstrikov: that's fine to ignore, since we maintain it primarily in Ubuntu and it is not derived from Debian.15:18
strikovrbasak: ok, thanks15:43
strikovrbasak: https://github.com/juju/juju/pull/2072/files15:45
strikovrbasak: could you review this please15:45
strikovrbasak: looks ~okay to me (don't know how to make it better)15:45
rbasakstrikov: looks great to me.16:02
=== markthomas|away is now known as markthomas
strikovrbasak: allocate some time tomorrow afternoon please to review/upload juju-1.22.1 to vivid; i modified tests to install upstart and finished d/copyright; need to wait for a single upstream fix and we're done16:57
rbasakstrikov: OK17:10
=== Lcawte|Away is now known as Lcawte
=== kickinz1 is now known as kickinz1|afk
=== kickinz1|afk is now known as kickinz1
=== markthomas is now known as markthomas|away
arcskywhat do you guys recommend ansible or puppet or chef?20:02
=== markthomas|away is now known as markthomas
roaksoax_arcsky: juju and maas20:14
=== roaksoax_ is now known as roaksoax
=== martinst is now known as martins-afk
=== lifeless1 is now known as lifeless
=== martins-afk is now known as martinst
=== martinst is now known as martins-afk
=== bilde2910 is now known as bilde2910|away
=== zz_DenBeiren is now known as DenBeiren
=== essembe is now known as sbeattie
=== Lcawte is now known as Lcawte|Away

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!