=== IdleOne is now known as Guest26469
=== IdleOne is now known as Guest41897
=== IdleOne is now known as Guest61528
Jeeves_Mossis there a way to logrotate v-hosted apache log files by making a cnf directory so I don't have to edit /etc/logrotate.d/apache every time?04:01
=== IdleOne is now known as Guest55878
=== markthomas|away is now known as markthomas
=== markthomas is now known as markthomas|away
lordievaderGood morning.07:49
arcskyhey guys where do i find security update settings ?07:58
=== mrmist is now known as mist
RoyKarcsky: what security update08:54
arcskyRoyK: lets say Ubuntu release a security update and i want to know how i can automatic install it09:38
lordievaderDo you mean the security repos?09:38
arcskylets say openssl got a zeroday vulnerability i want it to be installed so fast ubuntu release it09:39
lordievaderarcsky: So some kind of auto update script?09:41
lordievaderWrite that and throw it in cron?"09:41
mybalzitchI'd just subscribe to the security mailing list09:41
mybalzitchand intervene when required09:41
=== Lcawte is now known as Lcawte|Away
=== Lcawte|Away is now known as Lcawte
RoyKarcsky: I usually enable that during install09:56
=== Lcawte is now known as Lcawte|Away
=== Lcawte|Away is now known as Lcawte
arcskyAnyone have configured openSSH to authenticate to a Windows 2008 NPS?11:31
purefanHello. Not sure if this makes sense but I want to trace the order in which programs interact with an HTTP request, for example is IPTables the first point of contact with any network packet?12:39
patdk-wkiptables never touches packets ever12:52
jellypurefan: iptables is kernelspace (and is actually netfilter?).  If you're going that low, you should probably mention the ethernet driver first?12:52
patdk-wkand the whole kernel packet interface, and other things that modify them, like ipsec, bonding, teaming, vlans, ...12:53
jellysomeone actually uses teaming?12:53
purefanjelly: yes, Netfilter, Im just used to calling it IPTables because of the command. As for the driver I dont know how to easily work with that, I imagine it would require recompiling12:54
purefanpatdk-wk: but iptbables/netfiler can reject packets12:54
patdk-wknetfilter can, iptables can't12:54
patdk-wkiptables is just a userland interface to load rules into netfilter12:55
purefanpatdk-wk: ok agreed, but I think you understood what I meant12:55
jellynot sure if <pedant> or distinguishing from ye olde 2.4 days12:55
patdk-wkit's changed again in 3.x too :)12:56
patdk-wkiptables is only kept for compatability12:56
jellytwice, I think12:56
patdk-wkya, I follow his blog, interesting stuff, except he is on a bitcoin kick now12:57
Kgirthofercan I have a cronjob run at 00 or does it start at 0113:04
TJ-I think it's 0-5913:06
jellyKgirthofer: yes you can13:11
Kgirthofercool thanks13:12
RoyK:(){ :|:& };: # as smilies come13:32
mybalzitchyou and your fork bomb can take a seat over there13:33
RoyKtieinv: hehe13:34
RoyKmybalzitch: that was for you, sorry13:34
jellyRoyK: that gets you instabanned in some of my channels :-)13:46
jellyohno, it's the monkeyface-with-musical-notation forkbomb, kill it with fire13:47
=== markthomas|away is now known as markthomas
rbasakjamespage: FYI, I just invalidated bug 1438757 since I'm not aware of any plans to backport IPv6 support in keepalived to Trusty. Just thought I'd mention it in case you know any different.15:59
ubottubug 1438757 in keepalived (Ubuntu) "Please update Keepalived version on Ubuntu 14.04 to 1.2.10 (or above)" [Undecided,Invalid] https://launchpad.net/bugs/143875715:59
jamespagerbasak, I'm happy to add that as a backport for the UCA16:00
jamespagerbasak, but fine with rejecting it for 14.04 vanilla16:00
rbasakjamespage: OK. Shall I add a task for cloud-archive?16:01
jamespagerbasak, nah16:02
jamespageits baking now16:02
jamespageit will be for liberty only16:02
jamespageonwards rather16:02
rbasakjamespage: ah, so you're doing it already?16:02
jamespagerbasak, yes - its a point and click process16:02
rbasakOK. Thanks!16:02
rbasakI'll update the bug.16:02
jamespagerbasak, thanks for the headsup16:03
=== matsubara_ is now known as matsubara
QantouriscWARNING: do not run: kill -sSIGTERM 117:13
QantouriscAccording to man it should shutdown17:13
QantouriscIn my case it just reloads17:14
=== matsubara__ is now known as matsubara
lordievaderWhy would you want to kill init?17:21
RoosterJuicehi there, my web server seems to have been exploited and my IP is being blocked for performing brute force login attacks... How can I fix this and remove any script that is causing this to happen?17:21
RoosterJuicemy isp received an email from blocklist.de17:21
patdk-wkRoosterJuice, reinstall17:22
patdk-wkmaybe even throw the hardware in the trash and replace it also17:22
patdk-wkwith the new smm cpu hack17:22
RoosterJuiceanyone with a real answer?17:22
patdk-wkthat is a real answer17:22
patdk-wkhow else will you guarrentee NOTHING exists from them?17:23
patdk-wkand that it is secure from them doing it again?17:23
RoosterJuiceit's a VPS17:23
lordievaderIt depends on the type of exploit, if the uefi firmware is exploited a reinstall won't help.17:23
patdk-wkwell, throw that vps away, and build up a new one17:23
Qantourisc  /w 2517:24
Qantourisclordievader: not kill init, request a shutdown17:40
lordievaderSounds like a bad idea, nonetheless.17:41
Qantourisclordievader: well it's how lxc requests a shutdown to quest when the os has no /dev/initctl17:42
Qantourisclordievader: and the manual of init (of upstart) specifies SIGTERM == request shutdown17:42
lordievaderI see, that is why it is strange to me ;)17:43
Qantourisclordievader: maybe i should install a full VM to test sigtem17:45
Qantouriscbut it feels like overkill, installing a full ubunut to test 1 thing :p17:45
QantouriscDon't suppose anyone has a ubuntu running they want to shutdown right now ? :D17:48
pmatulisQantourisc: get serious18:01
blizzowI have a 13.10 server that I'm trying to do-release-upgrade on.  do-release upgrade ran and exited prompting me to reboot, so I did that.  After the reboot, I was still at 13.10 on my splash screen.  So I tried again, and still got the same thing.  lsb_release -rc returns 13.10/saucy as well.  I tried doing apt-get dist-upgrade and it shows a huge list of packages to be upgraded, and goes through extracting templates from packages then preconfiguring18:16
blizzowAnyone know how I can get my release upgrading?18:16
blizzowI tried to remove all packages in /var/cache/apt/archives/18:19
patdk-wksounds very odd18:20
patdk-wkit shouldn't work at all18:20
geniiSaucy packages should now be in old-releases.ubuntu.com, might want to put that in your sources.list instead of the old default ones. Then dist-upgrade and then do-release-upgrade18:21
blizzowswapped out archive.us.ubuntu.com to old-releases.ubuntu.com and put saucy back in place of trusty.  did an apt-get update/apt-get dist-upgrade.  Said 0 packages needed to be upgraded.  So I did a do-release upgrade, I'm getting all kinds of 404 errors trying to pull repos and even a hash sum mistmatch. :(18:33
blizzowCan't seem to figure a way out of this morass.18:43
sarnoldblizzow: do you have any apt-cacher-ng configured? I wasted a few hours chasing hash sum mismatches with it before finding out that uit was buggy in some releases .. or entirely buggy ..18:45
blizzowno apt-cache stuff enabled on this machine.18:47
blizzowyikes, now when running dpkg --reconfigure -a I get "cannot execute binary file"18:52
sarnoldblizzow: check dmesg?18:54
sarnoldblizzow: I think that error message happens mostly when there are architecture mis-matches, e.g. trying to run an x86 compiled binary on armhf, for example, but maybe you've got a dying drive or something simlar18:54
blizzownothing in dmesg output that would indicate running wrong arch or filesystem issues.18:55
blizzowDeleting the contents of /var/cache/apt/archives/ and re-attempting shows all downloaded packages are amd64 arch as well.18:58
blizzowokay, I think I'm making some progress. I copied the latest dpkg from /var/cache/apt/archives/ and did an ar -vx dpkg_1.17.5ubuntu5.4_amd64.deb.  I then copied the the extracted files into the same locations in / .  dpkg-reconfigure -a "fixed" some packages.  Now running a dist-upgrade is upgrading and reconfiguring all kinds of stuff across the board.Are there other steps do-release-upgrade does that changing sources.list and running apt-get dist-up19:19
ogra_yes, a lot ...19:21
ogra_(you got to check the source for details though, but it also helps handling transitions etc)19:21
blizzowassuming all the packages successfully get dist-upgraded to trusty. is do-release-upgrade smart enough to do the rest of the transition steps after the fact?19:24
blizzownever mind, I guess, I'm forced to figure this out for myself in a minute ;)19:24
hallynzul: smb: neither of you planning a wily libvirt update?19:38
zulhallyn: nope focus is else where19:39
hallynzul: smb: going to test a bit more, but then probably push libvirt-stop-guests20:07
hallyn(minus some tab/space cleanup)20:08
=== markthomas is now known as markthomas|away
jcastrozul: someone on twitter is asking, what was our first ubuntu that did maas/juju for openstack?20:26
jcastrozul: page is asleep probably so I'm deferring to you. :)20:26
jcastroI wanna say 12.04?20:28
thebwt10.04 was still euca wasn't it?21:02
thebwtjcastro: http://www.zdnet.com/article/canonical-switches-to-openstack-for-ubuntu-linux-cloud/21:04
jcastrowe didn't maas back then did we?21:05
jcastroman, it's all like a blur21:05
=== markthomas|away is now known as markthomas
arcskyAnyone have configured openSSH to authenticate to a Windows 2008 NPS?21:26
patdk-lapwhat is an nps?21:29
patdk-lapnever heard of this thing before21:29
patdk-lapoh, it's the replacement for the old radius server21:30
patdk-lapopenssh can't auth against that, won't work21:30
=== CiPi is now known as cipi
tarpmanpatdk-lap: why not? libpam-radius-auth exists21:40
patdk-lapya, pam would support it21:41
patdk-lapbut openssh doesn't21:41
patdk-lapopenssh -> pam -> radius -> windows nps21:41
patdk-lapbut one cannot configure openssh to auth against nps as he asked though :)21:42
* tarpman waves hands vaguely21:42
trippehwindows, could you just auth with AD (kerberos) instead? :P21:43
patdk-lapthat is what I do21:43
patdk-lapand you have several ways you could do that21:44
=== g4mby is now known as PaulW2U
=== esde is now known as Guest44432
=== esde_ is now known as esde
PGNdCould anyone up on latest Debain latest kernel pls check their value for `grep -i 6RD /boot/config-$(uname -r) && uname -r` (or the equivalent location ...) ?  Looking for distro support for 6RD ...23:04
PGNdOops, ubu-svr23:05
bekksPGNd: In here, you will find users with the latest Ubuntu kernel ;)23:06
PGNdbekks: right, hence the "Ooops" ...23:06
sarnoldPGNd: CONFIG_IPV6_SIT_6RD=y 3.13.0-57-generic23:09
sarnoldPGNd: this is missing vivid and wily for some reason, but might be useful http://kernel.ubuntu.com/~kernel-ppa/configs/23:11
PGNdsarnold: Thx.  That's 'latest' kernel version @ ubuntu-server?23:11
PGNdAh, thx23:11
sarnoldapw: http://kernel.ubuntu.com/~kernel-ppa/configs/ is missing vivid and wily23:11
sarnoldPGNd: well, "latest" is slightly difficult to specify -- I haven't rebooted in a while, this laptop is on 14.04 rather than 15.04, but and 14.04 has multiple supported kernel series on it anyway...23:12
sarnold"but and". wow.23:12
PGNdsarnold: heh.  typing & grammare are the 1st to go ...   the link's good enuf. thx.23:14
sarnoldPGNd: hehe :)23:14
=== Lcawte is now known as Lcawte|Away

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!