=== IdleOne is now known as Guest26469 | ||
=== IdleOne is now known as Guest41897 | ||
=== IdleOne is now known as Guest61528 | ||
Jeeves_Moss | is there a way to logrotate v-hosted apache log files by making a cnf directory so I don't have to edit /etc/logrotate.d/apache every time? | 04:01 |
---|---|---|
=== IdleOne is now known as Guest55878 | ||
=== markthomas|away is now known as markthomas | ||
=== markthomas is now known as markthomas|away | ||
lordievader | Good morning. | 07:49 |
arcsky | hey guys where do i find security update settings ? | 07:58 |
arcsky | cli | 07:58 |
=== mrmist is now known as mist | ||
RoyK | arcsky: what security update | 08:54 |
arcsky | RoyK: lets say Ubuntu release a security update and i want to know how i can automatic install it | 09:38 |
lordievader | Do you mean the security repos? | 09:38 |
arcsky | lets say openssl got a zeroday vulnerability i want it to be installed so fast ubuntu release it | 09:39 |
lordievader | arcsky: So some kind of auto update script? | 09:41 |
lordievader | Write that and throw it in cron?" | 09:41 |
mybalzitch | I'd just subscribe to the security mailing list | 09:41 |
mybalzitch | and intervene when required | 09:41 |
arcsky | ok | 09:43 |
arcsky | http://www.howtogeek.com/204796/how-to-enable-automatic-security-updates-on-ubuntu-server/ | 09:43 |
=== Lcawte is now known as Lcawte|Away | ||
=== Lcawte|Away is now known as Lcawte | ||
RoyK | arcsky: I usually enable that during install | 09:56 |
=== Lcawte is now known as Lcawte|Away | ||
=== Lcawte|Away is now known as Lcawte | ||
arcsky | Anyone have configured openSSH to authenticate to a Windows 2008 NPS? | 11:31 |
purefan | Hello. Not sure if this makes sense but I want to trace the order in which programs interact with an HTTP request, for example is IPTables the first point of contact with any network packet? | 12:39 |
patdk-wk | no | 12:52 |
patdk-wk | iptables never touches packets ever | 12:52 |
jelly | purefan: iptables is kernelspace (and is actually netfilter?). If you're going that low, you should probably mention the ethernet driver first? | 12:52 |
patdk-wk | and the whole kernel packet interface, and other things that modify them, like ipsec, bonding, teaming, vlans, ... | 12:53 |
jelly | someone actually uses teaming? | 12:53 |
purefan | jelly: yes, Netfilter, Im just used to calling it IPTables because of the command. As for the driver I dont know how to easily work with that, I imagine it would require recompiling | 12:54 |
purefan | patdk-wk: but iptbables/netfiler can reject packets | 12:54 |
patdk-wk | netfilter can, iptables can't | 12:54 |
patdk-wk | iptables is just a userland interface to load rules into netfilter | 12:55 |
purefan | patdk-wk: ok agreed, but I think you understood what I meant | 12:55 |
jelly | not sure if <pedant> or distinguishing from ye olde 2.4 days | 12:55 |
patdk-wk | it's changed again in 3.x too :) | 12:56 |
patdk-wk | iptables is only kept for compatability | 12:56 |
jelly | twice, I think | 12:56 |
patdk-wk | ya, I follow his blog, interesting stuff, except he is on a bitcoin kick now | 12:57 |
Kgirthofer | can I have a cronjob run at 00 or does it start at 01 | 13:04 |
TJ- | I think it's 0-59 | 13:06 |
jelly | Kgirthofer: yes you can | 13:11 |
Kgirthofer | cool thanks | 13:12 |
RoyK | :(){ :|:& };: # as smilies come | 13:32 |
mybalzitch | you and your fork bomb can take a seat over there | 13:33 |
RoyK | tieinv: hehe | 13:34 |
RoyK | mybalzitch: that was for you, sorry | 13:34 |
mybalzitch | :D | 13:34 |
jelly | RoyK: that gets you instabanned in some of my channels :-) | 13:46 |
jelly | ohno, it's the monkeyface-with-musical-notation forkbomb, kill it with fire | 13:47 |
=== markthomas|away is now known as markthomas | ||
rbasak | jamespage: FYI, I just invalidated bug 1438757 since I'm not aware of any plans to backport IPv6 support in keepalived to Trusty. Just thought I'd mention it in case you know any different. | 15:59 |
ubottu | bug 1438757 in keepalived (Ubuntu) "Please update Keepalived version on Ubuntu 14.04 to 1.2.10 (or above)" [Undecided,Invalid] https://launchpad.net/bugs/1438757 | 15:59 |
jamespage | rbasak, I'm happy to add that as a backport for the UCA | 16:00 |
jamespage | rbasak, but fine with rejecting it for 14.04 vanilla | 16:00 |
rbasak | jamespage: OK. Shall I add a task for cloud-archive? | 16:01 |
jamespage | rbasak, nah | 16:02 |
jamespage | its baking now | 16:02 |
jamespage | it will be for liberty only | 16:02 |
jamespage | onwards rather | 16:02 |
rbasak | jamespage: ah, so you're doing it already? | 16:02 |
jamespage | rbasak, yes - its a point and click process | 16:02 |
rbasak | OK. Thanks! | 16:02 |
rbasak | I'll update the bug. | 16:02 |
jamespage | rbasak, thanks for the headsup | 16:03 |
rbasak | np! | 16:04 |
=== matsubara_ is now known as matsubara | ||
Qantourisc | WARNING: do not run: kill -sSIGTERM 1 | 17:13 |
Qantourisc | According to man it should shutdown | 17:13 |
Qantourisc | In my case it just reloads | 17:14 |
=== matsubara__ is now known as matsubara | ||
lordievader | Why would you want to kill init? | 17:21 |
RoosterJuice | hi there, my web server seems to have been exploited and my IP is being blocked for performing brute force login attacks... How can I fix this and remove any script that is causing this to happen? | 17:21 |
RoosterJuice | my isp received an email from blocklist.de | 17:21 |
patdk-wk | RoosterJuice, reinstall | 17:22 |
patdk-wk | maybe even throw the hardware in the trash and replace it also | 17:22 |
patdk-wk | with the new smm cpu hack | 17:22 |
RoosterJuice | anyone with a real answer? | 17:22 |
patdk-wk | that is a real answer | 17:22 |
patdk-wk | how else will you guarrentee NOTHING exists from them? | 17:23 |
patdk-wk | and that it is secure from them doing it again? | 17:23 |
RoosterJuice | it's a VPS | 17:23 |
lordievader | It depends on the type of exploit, if the uefi firmware is exploited a reinstall won't help. | 17:23 |
patdk-wk | well, throw that vps away, and build up a new one | 17:23 |
Qantourisc | /w 25 | 17:24 |
Qantourisc | lordievader: not kill init, request a shutdown | 17:40 |
lordievader | Sounds like a bad idea, nonetheless. | 17:41 |
Qantourisc | lordievader: well it's how lxc requests a shutdown to quest when the os has no /dev/initctl | 17:42 |
Qantourisc | lordievader: and the manual of init (of upstart) specifies SIGTERM == request shutdown | 17:42 |
lordievader | I see, that is why it is strange to me ;) | 17:43 |
Qantourisc | lordievader: maybe i should install a full VM to test sigtem | 17:45 |
Qantourisc | but it feels like overkill, installing a full ubunut to test 1 thing :p | 17:45 |
Qantourisc | Don't suppose anyone has a ubuntu running they want to shutdown right now ? :D | 17:48 |
pmatulis | Qantourisc: get serious | 18:01 |
blizzow | I have a 13.10 server that I'm trying to do-release-upgrade on. do-release upgrade ran and exited prompting me to reboot, so I did that. After the reboot, I was still at 13.10 on my splash screen. So I tried again, and still got the same thing. lsb_release -rc returns 13.10/saucy as well. I tried doing apt-get dist-upgrade and it shows a huge list of packages to be upgraded, and goes through extracting templates from packages then preconfiguring | 18:16 |
blizzow | Anyone know how I can get my release upgrading? | 18:16 |
blizzow | I tried to remove all packages in /var/cache/apt/archives/ | 18:19 |
patdk-wk | sounds very odd | 18:20 |
patdk-wk | it shouldn't work at all | 18:20 |
genii | Saucy packages should now be in old-releases.ubuntu.com, might want to put that in your sources.list instead of the old default ones. Then dist-upgrade and then do-release-upgrade | 18:21 |
blizzow | swapped out archive.us.ubuntu.com to old-releases.ubuntu.com and put saucy back in place of trusty. did an apt-get update/apt-get dist-upgrade. Said 0 packages needed to be upgraded. So I did a do-release upgrade, I'm getting all kinds of 404 errors trying to pull repos and even a hash sum mistmatch. :( | 18:33 |
blizzow | Can't seem to figure a way out of this morass. | 18:43 |
sarnold | blizzow: do you have any apt-cacher-ng configured? I wasted a few hours chasing hash sum mismatches with it before finding out that uit was buggy in some releases .. or entirely buggy .. | 18:45 |
blizzow | no apt-cache stuff enabled on this machine. | 18:47 |
blizzow | yikes, now when running dpkg --reconfigure -a I get "cannot execute binary file" | 18:52 |
sarnold | blizzow: check dmesg? | 18:54 |
sarnold | blizzow: I think that error message happens mostly when there are architecture mis-matches, e.g. trying to run an x86 compiled binary on armhf, for example, but maybe you've got a dying drive or something simlar | 18:54 |
blizzow | nothing in dmesg output that would indicate running wrong arch or filesystem issues. | 18:55 |
blizzow | Deleting the contents of /var/cache/apt/archives/ and re-attempting shows all downloaded packages are amd64 arch as well. | 18:58 |
blizzow | okay, I think I'm making some progress. I copied the latest dpkg from /var/cache/apt/archives/ and did an ar -vx dpkg_1.17.5ubuntu5.4_amd64.deb. I then copied the the extracted files into the same locations in / . dpkg-reconfigure -a "fixed" some packages. Now running a dist-upgrade is upgrading and reconfiguring all kinds of stuff across the board.Are there other steps do-release-upgrade does that changing sources.list and running apt-get dist-up | 19:19 |
ogra_ | yes, a lot ... | 19:21 |
ogra_ | (you got to check the source for details though, but it also helps handling transitions etc) | 19:21 |
blizzow | assuming all the packages successfully get dist-upgraded to trusty. is do-release-upgrade smart enough to do the rest of the transition steps after the fact? | 19:24 |
blizzow | never mind, I guess, I'm forced to figure this out for myself in a minute ;) | 19:24 |
hallyn | zul: smb: neither of you planning a wily libvirt update? | 19:38 |
zul | hallyn: nope focus is else where | 19:39 |
hallyn | eeeeeexcelent | 19:58 |
hallyn | zul: smb: going to test a bit more, but then probably push libvirt-stop-guests | 20:07 |
hallyn | (minus some tab/space cleanup) | 20:08 |
=== markthomas is now known as markthomas|away | ||
jcastro | zul: someone on twitter is asking, what was our first ubuntu that did maas/juju for openstack? | 20:26 |
jcastro | zul: page is asleep probably so I'm deferring to you. :) | 20:26 |
jcastro | I wanna say 12.04? | 20:28 |
thebwt | 10.04 was still euca wasn't it? | 21:02 |
thebwt | jcastro: http://www.zdnet.com/article/canonical-switches-to-openstack-for-ubuntu-linux-cloud/ | 21:04 |
thebwt | 11.10 | 21:04 |
jcastro | we didn't maas back then did we? | 21:05 |
jcastro | man, it's all like a blur | 21:05 |
=== markthomas|away is now known as markthomas | ||
arcsky | Anyone have configured openSSH to authenticate to a Windows 2008 NPS? | 21:26 |
patdk-lap | what is an nps? | 21:29 |
patdk-lap | never heard of this thing before | 21:29 |
patdk-lap | oh, it's the replacement for the old radius server | 21:30 |
patdk-lap | openssh can't auth against that, won't work | 21:30 |
=== CiPi is now known as cipi | ||
tarpman | patdk-lap: why not? libpam-radius-auth exists | 21:40 |
patdk-lap | ya, pam would support it | 21:41 |
patdk-lap | but openssh doesn't | 21:41 |
patdk-lap | openssh -> pam -> radius -> windows nps | 21:41 |
patdk-lap | but one cannot configure openssh to auth against nps as he asked though :) | 21:42 |
* tarpman waves hands vaguely | 21:42 | |
trippeh | windows, could you just auth with AD (kerberos) instead? :P | 21:43 |
patdk-lap | yes | 21:43 |
patdk-lap | that is what I do | 21:43 |
patdk-lap | and you have several ways you could do that | 21:44 |
=== g4mby is now known as PaulW2U | ||
=== esde is now known as Guest44432 | ||
=== esde_ is now known as esde | ||
PGNd | Could anyone up on latest Debain latest kernel pls check their value for `grep -i 6RD /boot/config-$(uname -r) && uname -r` (or the equivalent location ...) ? Looking for distro support for 6RD ... | 23:04 |
PGNd | Oops, ubu-svr | 23:05 |
bekks | PGNd: In here, you will find users with the latest Ubuntu kernel ;) | 23:06 |
PGNd | bekks: right, hence the "Ooops" ... | 23:06 |
sarnold | PGNd: CONFIG_IPV6_SIT_6RD=y 3.13.0-57-generic | 23:09 |
sarnold | PGNd: this is missing vivid and wily for some reason, but might be useful http://kernel.ubuntu.com/~kernel-ppa/configs/ | 23:11 |
PGNd | sarnold: Thx. That's 'latest' kernel version @ ubuntu-server? | 23:11 |
PGNd | Ah, thx | 23:11 |
sarnold | apw: http://kernel.ubuntu.com/~kernel-ppa/configs/ is missing vivid and wily | 23:11 |
sarnold | PGNd: well, "latest" is slightly difficult to specify -- I haven't rebooted in a while, this laptop is on 14.04 rather than 15.04, but and 14.04 has multiple supported kernel series on it anyway... | 23:12 |
sarnold | "but and". wow. | 23:12 |
PGNd | sarnold: heh. typing & grammare are the 1st to go ... the link's good enuf. thx. | 23:14 |
sarnold | PGNd: hehe :) | 23:14 |
=== Lcawte is now known as Lcawte|Away |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!