| Murdoch5 | I setup remote logging from about 20 servers back to 1 point in my network. Now I have the problem of having to sort and deal with the data. What do you guys recommend for log management? | 00:33 |
|---|---|---|
| === quantic_ is now known as quantic | ||
| TJ- | Anyone familiar with PXE booting a GRUB core.pxe image? | 00:58 |
| === Lcawte is now known as Lcawte|Away | ||
| Logos01 | TJ-: I know I myself am not. How does it differ from 'normal' pxe-booting? | 02:34 |
| Logos01 | Murdoch5: ELK is popular for that. | 02:35 |
| Logos01 | Murdoch5: That is, Elasticsearch + Logstash + Kibana | 02:35 |
| Logos01 | You might get away with just using Greylog though | 02:35 |
| TJ- | Logos01: differ? it doesn't, but the GRUB core I am building is causing the client to reboot instantly :) Wondering if anyone has had it properly boot the system | 02:44 |
| === CiPi is now known as cipi | ||
| === cipi is now known as CiPi | ||
| lordievader | Good morning. | 08:52 |
| Palm_premium | lordievader, Morning | 08:53 |
| lordievader | Hey Palm_premium | 08:53 |
| arcsky | hello, if u have installed ubuntu server 15. and want Gnome on it. how is the best way to install it ? | 09:38 |
| arcsky | i have no X right now | 09:38 |
| Palm_premium | arcsky, Hello, can't you install one of those desktop-* packages? | 09:41 |
| lordievader | arcsky: Why not use ssh to administer the server? X is, in most cases, a waste of resources. | 09:42 |
| hateball | arcsky: Suggestions aside, the answer to your original question is "sudo apt-get install gnome". But using SSH is an option you should consider. | 09:43 |
| === CiPi is now known as cipi | ||
| Sonu_ | hi | 10:36 |
| Sonu_ | i am getting " CONNECT ERROR: PHP Extensions "zlib" must be loaded." | 10:37 |
| Palm_premium | Hi sonu, are you using apache with php5? Did you install and enable the extension? | 10:58 |
| === cipi is now known as CiPi | ||
| === Lcawte|Away is now known as Lcawte | ||
| davidic654 | Hi are we to expect Linux kernel vulnerabilities and reboots nearly every day now? | 12:59 |
| === rcj` is now known as rcj | ||
| arcsky | hey guys, i just bought a KVM VPS. but now when i try to install i cant get it to work with encrypted hdd. isnt that possible with KVM ? | 13:17 |
| TJ- | arcsky: Insuffient data. What is the configuration of the KVM Guest ? what file-system are you trying to encrypt? | 13:19 |
| arcsky | TJ-: i dont know the conf for the KVM. i install via VNC. and i try to install it with LVM | 13:20 |
| andol | arcsky: Normally that wouldn't be a problem with a KVM setup, but I guess it depends on whatever the KVM VPS maintains it's own kernel+initrd, or if that is provided by the host system. | 13:21 |
| TJ- | install via VNC? doesn't make sense, you'll need to provide more detail | 13:21 |
| arcsky | http://ring0.se/g/d47697821766d47c.png | 13:21 |
| andol | TJ-: I'd imagine the VNC is a VNC accessed virtual console provided by the hosting provider. | 13:21 |
| TJ- | arcsky: usually the VPS provider has a system for installing default base images. | 13:21 |
| arcsky | i have my own image of ubuntu 15 there | 13:22 |
| TJ- | arcsky: where's the encryption there? that just says it failed to create an ext4 in partition #1 | 13:22 |
| andol | arcsky: Anyway, there's the possibiilty for there being all kind of provider specific details, so you are much better of talking to your provider's support. | 13:22 |
| TJ- | arcsky: 'image' of the ubuntu-server installer ISO you mean? | 13:23 |
| arcsky | http://ring0.se/g/f46782a499621c84.png | 13:23 |
| arcsky | TJ-: yes | 13:23 |
| arcsky | did try with EXT4 and LVM | 13:24 |
| TJ- | arcsky: OK, well encryption hasn't entered into the equation at the point of the error. The report seems to show there's a problem with partitioning vda | 13:24 |
| TJ- | arcsky: are you trying to create an encrypted root file-system? | 13:25 |
| arcsky | TJ-: yes root filesystem encryption | 13:27 |
| TJ- | arcsky: so you'll be configured the KVM hypervisor to boot from a raw image, not use a preconfigured vmlinuz+initrd.img ? | 13:28 |
| arcsky | TJ-: sorry i bought a VPS with KVM. i have other VPS with XEN-HMV and there its easy to fix under the ubuntu installation | 13:29 |
| arcsky | maybe KVM doesnt support this | 13:29 |
| arcsky | i have no access to the the kvm config | 13:29 |
| TJ- | arcsky: that first error suggests that the installer is expecting to use partition #1 for the encrpyted device, but it has been set to be formatted as ext4, which conflicts. Maybe you just need to alter the settings you're giving the partitioner so partition #1 has no file-system type set | 13:29 |
| arcsky | i have tested with ext4 and lvm | 13:29 |
| TJ- | arcsky: the KVM configuration is usually controlled by the guest profile you create in the provider's web management interface | 13:30 |
| arcsky | ok | 13:32 |
| arcsky | TJ-: http://ring0.se/g/39076c9e410201ee.png this looks better? | 13:40 |
| TJ- | arcsky: Yes, although I don't see a need to make an extended partition with a logical for crypto. That should just be a primary partition, so there's no extended at all. I'd also use GPT rather than MBR if I wanted to reserve the option of additional partitions later. | 13:43 |
| === mist is now known as groupcat | ||
| === groupcat is now known as group | ||
| === group is now known as Guest23234 | ||
| === Lcawte is now known as Lcawte|Away | ||
| theptr_ | hi i have i problem with an ubuntu server 12.04 the disk is full so i added in hyper-v 40gb of disk . How do i easly add this diskspace to dev/sda1 ? | 15:23 |
| theptr_ | i tryd sudo resize2fs /dev/sda1 | 15:23 |
| theptr_ | but that doesnt work | 15:24 |
| lordievader | theptr_: An ext filesystem can't be spanned over multiple block devices. | 15:24 |
| phre4k | can I upgrade 14.04 to 15.10 over SSH? | 15:25 |
| TJ- | theptr_: easiest way is to be already using LVM so you can just add another PV to the VG | 15:25 |
| lordievader | ^ that :D LVM \o/ | 15:25 |
| theptr_ | TJ-, problem is that my boss made the machine and not used to LVM | 15:25 |
| theptr_ | TJ-, so its not LVM enabled | 15:26 |
| TJ- | theptr_: alternative way is to convert the system to be a MD RAID-0 stripe so its made up of sda and sdb | 15:26 |
| lordievader | theptr_: Then you need to get creative with mounts. Put something big on the 40gb disk. | 15:26 |
| khildin | bosses should stay away from hardware... :P | 15:26 |
| theptr_ | khildin, for sure | 15:26 |
| TJ- | theptr_: that does require being careful in creating the MD device to *NOT* write any metadata at the start of the device (which involves choosing the appropriate metadata version) | 15:26 |
| theptr_ | TJ-, So its not possible to grow the disk ? | 15:27 |
| theptr_ | TJ-, or not in an easy way | 15:27 |
| lordievader | theptr_: Doesn't hyper v support that? Enlarging a disk? | 15:28 |
| TJ- | theptr_: the other option is to keep it as a separate disk (maybe 1 partition on it with LVM), and the move something like /var/ to a file-system on the /dev/sdb and add a mountpoint entry to fstab of the form "/dev/VG/LV /var ext4 defaults 0 2" | 15:28 |
| khildin | isn't it possible to create a PT and mount that? | 15:28 |
| theptr_ | lordievader, Yes i did that but it was like 75gb zo after i expanded it it stays 75gb | 15:28 |
| TJ- | theptr_: the disk remains 75GB, or the partition ? | 15:28 |
| lordievader | theptr_: The filesystem or the disk? What does parted say abouit the disk? | 15:28 |
| theptr_ | TJ-, partition | 15:29 |
| lordievader | theptr_: Ah, enlarge the partition ;) | 15:29 |
| TJ- | theptr_: if the disk is now larger, you will need to enlarge the (last) partition too | 15:29 |
| lordievader | And the filesystem. | 15:29 |
| TJ- | theptr_: *then* "resize2fs /dev/sda1" will work | 15:29 |
| theptr_ | TJ-, that command doesnt work i already tryed it | 15:29 |
| theptr_ | and im not used to hyper-v im more vmware guy but boss hates it because it costs money ... | 15:30 |
| lordievader | theptr_: It doesn't work if the partition ain't enlarged. | 15:30 |
| lordievader | theptr_: resize2fs resizes a filesystem to the partition size. If the partition size hasn't changed resize2fs won't do anything. | 15:30 |
| theptr_ | TJ-, lordievader i used this guide but nothing works http://askubuntu.com/questions/390769/how-do-i-resize-partitions-using-command-line-without-using-a-gui-on-a-server | 15:31 |
| TJ- | theptr_: how large is the disk? Is it using MBR or GPT? | 15:31 |
| theptr_ | TJ-, lordievader so now the disk is larger but the partition is the same . | 15:31 |
| lordievader | theptr_: Could you pastebin the output of 'sudo parted /dev/sda print'? | 15:32 |
| TJ- | theptr_: "pastebinit <( sudo parted /dev/sda unit s print )" | 15:32 |
| theptr_ | hyper -v i cant copy anything so im going to ssh into it second | 15:33 |
| TJ- | theptr_: the command I gave you will pastebin the details for you | 15:33 |
| theptr_ | a okay | 15:33 |
| TJ- | theptr_: you may need to "sudo apt-get install pastebinit" first | 15:33 |
| theptr_ | TJ-, when i do that command it says unable to correct problems bla bla | 15:34 |
| TJ- | theptr_: sounds like the system has packaging faults you should fix, too! | 15:35 |
| TJ- | theptr_: see what this has to say: "sudo apt-get -f install" | 15:35 |
| theptr_ | TJ-, not getting payt to fix haha | 15:35 |
| TJ- | Nor are we! | 15:35 |
| lordievader | Well, if the disk is full... | 15:35 |
| TJ- | lordievader: indeed; chicken and egg! | 15:35 |
| lordievader | My apt was broken too this morning because of a full disk. | 15:36 |
| TJ- | theptr_: you may gain a little space with "sudo apt-get clean && sudo apt-get autoremove" | 15:36 |
| lordievader | theptr_: Is copying through ssh still an option? | 15:36 |
| TJ- | lordievader: really? root-fs, boot, or something else? | 15:36 |
| lordievader | TJ-: Root-fs, nfsen was a bit happy writing data. What I found more disturbing was the fact that Zabbix didn't bug me about it. | 15:37 |
| theptr_ | TJ-, http://paste.ubuntu.com/13125016/ | 15:37 |
| TJ- | lordievader: do you keep a separate /var/ ? | 15:37 |
| theptr_ | lordievader, yes copy true ssh is possible | 15:37 |
| theptr_ | lordievader, problem is that sql wont start | 15:37 |
| lordievader | TJ-: On that vm /var/www is seperate. (Nfsen writes to /data, that is now seperate too) | 15:38 |
| TJ- | theptr_: OK, you won't be able to easily extend /dev/sda1 since there are additional partitions after i | 15:38 |
| TJ- | t | 15:38 |
| lordievader | Bummer | 15:38 |
| theptr_ | lordievader, TJ- im like working over for 4 hours now so if its not an easy fix i leave it so until tommorow | 15:38 |
| TJ- | lordievader: right. I always have a separate LV for /var/ and another for /var/cache/ | 15:38 |
| lordievader | If swap ain't used you could teoretically remove it temporarily. | 15:39 |
| TJ- | theptr_: ^^^ as lordievader says | 15:39 |
| theptr_ | TJ-, lordievader always problems with machines that i not install myself | 15:39 |
| lordievader | TJ-: Haven't found the need for that on that vm yet. Usually it well behaves. | 15:39 |
| lordievader | theptr_: We all have problems with machines we don't install ourselves :P | 15:39 |
| TJ- | theptr_: "pastebinit /proc/swaps" | 15:39 |
| theptr_ | lordievader, lol | 15:40 |
| TJ- | And some of us have problems with machines we install ourselves, too :P | 15:40 |
| TJ- | And some of us have problems even GETTING to the installed stage :D | 15:40 |
| theptr_ | TJ-, lol | 15:40 |
| theptr_ | TJ-, http://paste.ubuntu.com/13125048/ | 15:40 |
| lordievader | That too... | 15:41 |
| lordievader | What a drag it is. | 15:41 |
| theptr_ | TJ-, lordievader so im not the only one :) | 15:41 |
| theptr_ | TJ-, lordievader thanks for the help but would it not be easyer to just do as you say before make an extra mount and extra partition | 15:42 |
| TJ- | I've got a mobo here won't boot from USB; doesn't like the images no matter what I do. It can't do PXE (only does Novell Netware remote boot) so I plugged an Intel dual PCI NIC in which has PXE, but the PXE boot is now having problems. The IDE DOM module which was supposed to receive the installation has burnt out a trace on its PCB and killed its voltate regulator! Doing really well on this one :) | 15:42 |
| TJ- | theptr_: that last pastebin was the same as the first :) | 15:43 |
| TJ- | theptr_: "pastebinit /proc/swaps" | 15:43 |
| jcastro | hey rbasak | 15:45 |
| jcastro | what was the tldr on ntp by default? | 15:45 |
| rbasak | jcastro: not needed because systemd timesyncd | 15:57 |
| rbasak | jcastro: it's on by default if ntp isn't installed, and syncs time. | 15:58 |
| marcoceppi_ | rbasak: and that's in vivid onwards? | 15:58 |
| ack__ | Hello ... is MYSQLI_ASYNC a constant I should expect to be available in 14.04? Getting Use of undefined constant MYSQLI_ASYNC - assumed 'MYSQLI_ASYNC' in a PHP script | 16:04 |
| ack__ | phpinfo shows mysqlnd is loaded | 16:04 |
| === Lcawte|Away is now known as Lcawte | ||
| repozitor | is there exist another professional tool for server adminstration, except webadmin? | 16:57 |
| sarnold | if you use one of those web control panel things please make sure you've firewalled the machine and only allow access from only allowed IPs | 16:58 |
| sarnold | those control panels are universally terrible | 16:58 |
| patdk-wk | I always use ssh, been working great for years | 16:58 |
| sarnold | yes | 16:58 |
| repozitor | patdk-wk, no, sometimes web app is better | 16:58 |
| patdk-wk | heh? | 16:59 |
| patdk-wk | there is never a case where webapp is better, more useful maybe, but never better :) | 16:59 |
| patdk-wk | or meets a very specific usecase need | 16:59 |
| repozitor | patdk-wk, when you on mobile, so what do you think? | 17:00 |
| repozitor | which on is better? | 17:00 |
| patdk-wk | I believe webmin is the *only* one that is even alittle supported for debian/ubuntu | 17:00 |
| repozitor | :P | 17:00 |
| patdk-wk | heh? | 17:00 |
| patdk-wk | I am ALWAYS mobile, ssh was made for mobile use | 17:00 |
| patdk-wk | yes, I have ssh client on my phone | 17:01 |
| sarnold | repozitor: try mosh for poor connections, it's great | 17:01 |
| patdk-wk | but personally, I normally use my laptop that I ALWAYS take with me | 17:01 |
| patdk-wk | sometimes I must admin a windows machine, and that is always fun | 17:01 |
| repozitor | patdk-wk, even on plane or train or road? | 17:02 |
| repozitor | :D | 17:02 |
| patdk-wk | hmm, yes? what else is *mobile*? | 17:03 |
| patdk-wk | I often sit in the back seat of the car, and work on my laptop | 17:03 |
| patdk-wk | sometimes in the plane, but not often | 17:04 |
| patdk-wk | never on a train, cause I never take trains | 17:04 |
| repozitor | http://paste.ubuntu.com/13126248/ | 17:08 |
| repozitor | there is no webmin on my system | 17:08 |
| repozitor | what is wrong with apt-get? | 17:08 |
| sarnold | have you run apt-get update recently? | 17:09 |
| repozitor | yeah | 17:09 |
| sarnold | then for each of those try apt-get install libnet-ssleay-perl ; apt-get install libauthen-pam-perl ; apt-get install libio-pty-perl ; apt-get install apt-show-versions | 17:10 |
| repozitor | with -f option? | 17:12 |
| repozitor | needing to force? | 17:12 |
| sarnold | avoid it if you can | 17:12 |
| repozitor | sarnold, so that error printed to me | 17:12 |
| repozitor | can't avoid it, any idea? | 17:12 |
| sarnold | what happened with the other four apt-get install lines? | 17:13 |
| repozitor | something like previous | 17:13 |
| repozitor | http://paste.ubuntu.com/13126332/ | 17:14 |
| repozitor | take a look | 17:14 |
| sarnold | yeah, try apt-get install -f | 17:14 |
| repozitor | so you will reponsible for that :P | 17:15 |
| sarnold | heh, your system is pretty unhappy, I haven't seen apt that upset in a dozen years.. | 17:16 |
| patdk-wk | looks like a simple thing though | 17:17 |
| repozitor | that's awfull | 17:17 |
| repozitor | http://paste.ubuntu.com/13126371/ | 17:17 |
| patdk-wk | someone did a inproper upgrade | 17:17 |
| patdk-wk | or added some php ppa that isn't maintained anymore | 17:17 |
| sarnold | repozitor: just a plain "apt-get -f install", no parameters.. | 17:17 |
| repozitor | -f meaning —fix-missing? | 17:18 |
| sarnold | just copy and paste what the error says :) heh | 17:18 |
| patdk-wk | generally it will finish installing half-installed packages | 17:18 |
| patdk-wk | where a package died, apt was killed, or something happened | 17:18 |
| repozitor | so it is fix missing | 17:19 |
| === fwwf is now known as adv_ | ||
| patdk-wk | sorry, having a hard time concentrating, https://twitter.com/reubenbond/status/662061791497744384 | 17:20 |
| rbasak | marcoceppi_: yes | 18:28 |
| rbasak | jcastro, marcoceppi_: I'm not sure I like it but that's how it is for now anyway. I don't know of any changes to change it in Xenial. | 18:28 |
| === Lcawte is now known as Lcawte|Away | ||
| hehnope | what do you guys do for ddos mitigation? | 18:34 |
| patdk-wk | there is nothing you can do, except as much as possible | 18:40 |
| patdk-wk | easy solutions are dns and ip blackholes | 18:41 |
| patdk-wk | harder solutions is actually making things still work | 18:41 |
| patdk-wk | the *best* you can hope for, is a ddos that you can mitigate | 18:42 |
| patdk-wk | as in, it uses a single dns entry, ip, or depends on tcp connections | 18:42 |
| patdk-wk | and you can just stop responding to what looks like the attack, and continue processing the others | 18:43 |
| patdk-wk | if they flood your incoming pipe, then your just screwed, ip blackhole can help you there some | 18:43 |
| JanC | best is if you can avoid it :) | 18:46 |
| jcastro | rbasak: yeah we just ran into an ntp issue on a host and were just thinking outloud "did we fix time yet?" | 18:46 |
| jcastro | tldr some jenkins slaves clocks were off, aws and joyent cared, other clouds didn't, took a while to figure out why | 18:47 |
| === csdc is now known as adv_ | ||
| caribou | smoser: I'm looking at the haproxy LP: #1477198 bug | 19:31 |
| ubottu | Launchpad bug 1477198 in Ubuntu Cloud Archive liberty "Stop doesn't works on Trusty" [High,Confirmed] https://launchpad.net/bugs/1477198 | 19:31 |
| caribou | smoser: I have an in flight SRU for this in trusty | 19:31 |
| smoser | wait, what ? | 19:31 |
| smoser | its been sru'd to trusty | 19:31 |
| smoser | via niedbalski | 19:31 |
| smoser | right ? | 19:31 |
| caribou | smoser: LP: #1481737 | 19:32 |
| ubottu | Launchpad bug 1481737 in haproxy (Ubuntu Trusty) "HAProxy init script does not work correctly with nbproc configuration option" [Medium,In progress] https://launchpad.net/bugs/1481737 | 19:32 |
| smoser | :) | 19:32 |
| smoser | funny. | 19:32 |
| smoser | yeah, that was the thing i was just realizing | 19:32 |
| caribou | smoser: I'll try to get someone to do the SRU | 19:32 |
| smoser | it seems like we should fix this in xenial / wily too | 19:33 |
| caribou | smoser: then the remaining is to either fix 1.5 in trusty-backport LP: #1494141 | 19:33 |
| ubottu | Launchpad bug 1494141 in trusty-backports "HAProxy 1.5 init script does not terminate processes" [Medium,In progress] https://launchpad.net/bugs/1494141 | 19:33 |
| smoser | to just dtrt if there is no --pid option to start-stop-daemon | 19:33 |
| caribou | smoser: they're fine since dpkg has the --pid option that causes the bug | 19:34 |
| smoser | "they" ? | 19:34 |
| smoser | backports ? | 19:34 |
| caribou | sorry they = wily & xenial | 19:35 |
| smoser | right. but then it causes cloud archive bugs | 19:35 |
| smoser | because you dont fix it to work with older start-stop-daemon | 19:35 |
| caribou | smoser: cloud archive uses 1.5 ? | 19:35 |
| smoser | clodu-archive kilo == what-is-in-vivid | 19:36 |
| caribou | smoser: the fix in 1.4 awaiting SRU does, then I was planning to fix 1.5 | 19:36 |
| smoser | cloud-archive liberty == what-is-in-wily | 19:36 |
| caribou | smoser: I was told to fix -updates first and then care about 1.5 (in trusty-backport) | 19:36 |
| caribou | that's a bug that rbasak handed to me a while ago | 19:37 |
| caribou | anyway, I can fix it anywhere you want once it is SRUed | 19:37 |
| caribou | smoser: it is friday so the SRU will only go to -proposed but I can get the trusty-backport patch ready | 19:39 |
| caribou | smoser: and vivid as well | 19:39 |
| smoser | the other thing to do would be to get the start-stop-daemon fix back to trusty | 19:41 |
| caribou | smoser: working on it | 19:41 |
| smoser | from dpkg ? | 19:41 |
| caribou | smoser: no, haproxy on vivid | 19:41 |
| caribou | smoser: I'll look at it | 19:42 |
| caribou | smoser: dpkg | 19:42 |
| smoser | right. one other way to fix this is to make trusty's start-stop-daemon able to accept --pidfile | 19:42 |
| smoser | caribou, http://paste.ubuntu.com/13128831/ | 19:56 |
| smoser | that seems like it should work | 19:57 |
| caribou | smoser: why go to the extent to check for --pid existence if just looping on each pid in the pidfile sufficient , | 20:00 |
| caribou | ? | 20:00 |
| smoser | no good reason. other than keeping it more in line with what is in debian. | 20:01 |
| caribou | ah, ok | 20:01 |
| smoser | but that is a good point. its really the same and easier to just use --pid | 20:01 |
| kyle____ | Is anyone here running apt-cacher-ng on a network that gets hit by security scanners constantly (nessus, qualys, etc)? | 20:03 |
| Pici | kyle____: Whats the actual question? | 20:03 |
| smoser | caribou, definitely shorter: http://paste.ubuntu.com/13128940/ | 20:04 |
| kyle____ | Pici: If your cacher is getting kocked over constantly by the security scans. | 20:04 |
| kyle____ | And if there was a way of fixing it. | 20:04 |
| smoser | and all in all the same. even one *less* fork. not sure why i'd want to use --pid | 20:04 |
| smoser | what was the change you proposed into trusty ? | 20:05 |
| sarnold | kyle____: do your acls allow the whole world to use your proxy? is that what you want? | 20:05 |
| Pici | (or don't want?) | 20:05 |
| smoser | caribou, ^ | 20:06 |
| caribou | smoser: pretty much what you just proposed but with a trap() to cleanup proposed by rbasak | 20:06 |
| kyle____ | sarnold: No, the proxy is only available on our internal network, but our security folks consntatly run scanners, and when they see it responds to http, it slams them with known vulns for various different web servers, and application servers. | 20:07 |
| smoser | ah. yeah, ok. sure. just didnt bother with the trap. | 20:07 |
| caribou | smoser: http://paste.ubuntu.com/13128969/ | 20:07 |
| sarnold | kyle____: ahhhhhhh | 20:07 |
| decipher | hi guys - i have a ubuntu 14.04 server running on AWS. I keep getting the "[access_compat:error] [pid 9802] [client 127.0.0.1:39164] AH01797: client denied by server configuration" error message on my logs. i have php 2.4 and i made sure that the require all granted directive is on my vhost. however, this doesn't fix the problem. | 20:07 |
| sarnold | decipher: check for the trailing '/' on directory or path names in your configs. try fiddling with those. | 20:08 |
| kyle____ | sarnold: Yeah. And either the security guy doesn't know how to tell the scanner not to bother with wordpress (for example) exploits against the cacher, or the scanner isn't configurable enough to not do that sort of thing. | 20:08 |
| smoser | trap in functions is hard since its basically a global. | 20:08 |
| smoser | if you've not uploaded, i'd sugest quoting the 'tmp' everywhere. | 20:09 |
| smoser | and you actually really *should* set 'tmp' before 'rm -f' it. | 20:09 |
| sarnold | kyle____: the smartass in me wonders about tarpitting the scanner to give him encouragement to figure out how to whitelist your server :) | 20:09 |
| smoser | as you'll kill someones file that they had somehow into their environment $tmp | 20:09 |
| decipher | sarnold - do you mean i should include a trailing slash on my directory? | 20:09 |
| caribou | hmm, I thought I did | 20:09 |
| sarnold | decipher: I think remove it. I just remember that apache's error message is nearly useless. | 20:09 |
| kyle____ | sarnold: I *cough* __may__ have done something like that with iptables magic, and was told not to, because it defeated the purpouse of the security policy. | 20:09 |
| sarnold | kyle____: heheh | 20:10 |
| smoser | in that patch there, this would cause problems: sudo tmpf=/etc/passwd service haproxy start | 20:10 |
| kyle____ | I like having the security guy, and having im scan consantly, and making sure we have no gaping holes.....but killing thigns constantly is really bugging me. | 20:11 |
| decipher | sarnold - this is on my apache2.conf file | 20:11 |
| decipher | <Directory /> | 20:11 |
| decipher | Options FollowSymLinks | 20:11 |
| decipher | AllowOverride None | 20:11 |
| decipher | Require all denied | 20:11 |
| decipher | </Directory> | 20:11 |
| decipher | should i comment this out? | 20:11 |
| RoyK | !pastebin | decipher | 20:12 |
| ubottu | decipher: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic. | 20:12 |
| sarnold | decipher: oh. I thoght it'd be more involved than that | 20:12 |
| decipher | ooops. my bad! | 20:12 |
| sarnold | decipher: just keep in mind when you start doing <directory /foo/bar> vs <directory /foo/bar/> and get confusing error messages, the last / might be it :) | 20:13 |
| sarnold | decipher: note that 2.4 changed drastically from 2.2 http://httpd.apache.org/docs/2.4/howto/auth.html | 20:14 |
| decipher | sarnold: i hear you. i'm using ispconfig to manage my site. it automatically generates the vhost for me | 20:14 |
| decipher | sarnold: the vhost for my site does not have any trailing / on it | 20:15 |
| === tgm4883_ is now known as tgm4883 | ||
| wehde | does anyone here know how to get ansible to only run against failed hosts? | 21:21 |
| RoyK | wehde: huh? | 21:35 |
| RoyK | wehde: failed hosts aren't usually available over the network... | 21:36 |
| lordievader | It does sound like you need magic to pull that off. | 21:37 |
| wehde | RoyK, hosts can fail in ansible for even ssh prompting to accept the host key | 21:39 |
| wehde | RoyK, or if the workstation was powered down and will be back online monday i'd like to be able to run the same playbook agianst just the failed hosts | 21:40 |
| PermaNulled | Can someone help me out with some udev issues? http://pastie.org/pastes/10534977/text?key=kj8jl10lekbo24r2ekzfa | 23:13 |
| PermaNulled | Whenever I run apt-get upgrade it's removing execute from systemd-udevd and fails to restart | 23:14 |
| sarnold | PermaNulled: is there anything else in any logs? journals? | 23:19 |
| PermaNulled | http://pastie.org/pastes/10534983/text?key=hyvoj4jbyebb4mfxlnjjg | 23:20 |
| PermaNulled | There's ouput from journalctl -xe | 23:20 |
| PermaNulled | Any ideas? | 23:28 |
| wiuempe | hello | 23:45 |
| wiuempe | anyone know why postfix logs into /var/log/mail.log and /var/log/syslog on ubuntu 14.04? | 23:45 |
| TJ- | wiuempe: the config in /mnt/target/usr/share/rsyslog/50-default.conf | 23:50 |
| wiuempe | TJ-: i add to this file line: "& ~" and works good | 23:51 |
| wiuempe | TJ-: maybe do you know if i can in 14.04 configure service to respawn after kill? | 23:53 |
| TJ- | wiuempe: That's be an Upstart job configuration in /etc/init/<service>.conf | 23:53 |
| wiuempe | TJ-: oughhh... spamassassin has only init.d script | 23:54 |
| TJ- | wiuempe: in which case I think those are started via Upstart's /etc/init/rc-sysinit.conf | 23:56 |
| wiuempe | TJ-: yes, you are right, but how to respaw spamassassin? | 23:58 |
| TJ- | wiuempe: I do not know; if it is dieing I'd rather want to fix that :) | 23:59 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!
