=== CiPi is now known as cipi
=== alai888 is now known as alai
eman_no1Does anyone know if there is an updated PPA for HSTR/Server 15.10?07:10
dustin_I'm trying to update a production server that is running an EOL version of ubuntu 14.10. I keep getting errors regarding the mirrors. Is there an easy way to upgrade to the lts version?07:25
lifelessdustin_: theres a copy of all the old releases  you can use07:33
lifelessdustin_: you need to update your sources.lists files to point at them07:33
hateball!eolupgrade | dustin_07:34
ubottudustin_: End-Of-Life is the time when security updates and support for an Ubuntu release stop, see https://wiki.ubuntu.com/Releases for more information. Looking to upgrade from an EOL release? See https://help.ubuntu.com/community/EOLUpgrades07:34
dustin_My server is on digital ocean. I have read through the EOLUpgrades link and am trying that now. I'm about to just spin up another server and re-deploy. This is too difficult for this time of night.07:35
dustin_lifeless : how do I find the codename of the dist that is on my server?07:36
bradmdustin_: https://wiki.ubuntu.com/Releases07:38
lordievaderGood morning.08:50
=== Piper-Off is now known as Monthrect
Yossarianukhi - how to I stop 'ALLOWED' apparmor rules from writing to the logs?09:48
Yossarianuke.g -> im getting lots of '[44955.878729] type=1400 audit(1448269350.768:220): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/var/lib/sss/pubconf/krb5.include.d/domain_realm_ipa_xxxxx_co_uk" pid=8515 comm="ldap_child" requested_mask="r" denied_mask="r" fsuid=0 ouid=0' - can I modify the apparmor rules to not write to the file ?09:48
=== Lcawte|Away is now known as Lcawte
jjohansenYossarianuk: set your syslog filter to through out the messages if you don't want them in your logs11:42
Yossarianukjjohansen: cheers - wasn't sure if the filtering could be done via apparmor rules..11:57
=== cipi is now known as CiPi
=== Lcawte is now known as Lcawte|Away
keyfIs there a way to increase entropy generation on ubuntu? I'm trying to read a few kb from /dev/random and its been 30 minutes already14:28
keyfbanging on the keyboard to no avail14:28
hateballthey left before they could learn about /dev/urandom14:51
jpdshateball: That's insecure :-O14:53
jrwren'cept its not.14:53
jpdsjrwren: sudo apt-get install rng-tools14:54
jpdsjrwren: And you're /dev/random will hardly ever block14:55
patdk-wkit's not, anymore, insecure14:55
jrwrenjpds: nice.14:55
patdk-wkrng-tools broke for me, on upgrade to 14.0414:55
Xat`hi guys15:22
Xat`I'm using 15.04 and I installed xen-hypervisor. I'm able to select "Xen hypervisor" entry at grub screen, but it crashes after "LOADING DOMAIN 0", then reboot15:22
smbXat`, That is not really much information to work with. One thing which could cause something like this would be that you try to boot in UEFI mode. That is not working that well and you may be more successful when using backwards compatible BIOS mode (whatever that is called)15:29
=== manjo` is now known as manjo
Xat`smb: I'm using standard BIOS15:41
=== Daviey_ is now known as Daviey
Xat`I followed this link : https://help.ubuntu.com/community/Xen15:44
Xat`and everything works well with 14.0415:44
smbXat`, Maybe try to install xen-system-amd64 instead of xen-hypervisor-amd64 if that gets you some xen-utils that is the problem15:50
Xat`smb: I'll try16:00
Xat`smb: same behavior16:04
=== Azelphur is now known as Azeiphur
=== Azeiphur is now known as Azelphur
smbXat`, hard to say then what is wrong. Maybe adding "loglvl=all guest_loglvl=all" to GRUB_CMDLINE_XEN_DEFAULT in /etc/default/grub.d/xen.cfg, then run update-grub and then reboot shows something usable. But if it quickly reboots it might be hard to read anything before its gone16:12
=== Azelphur is now known as `Azelphur
=== `Azelphur is now known as Azelphur
=== Azelphur is now known as Azelphur`
=== Azelphur` is now known as Azelphur
=== Lcawte|Away is now known as Lcawte
=== Monthrect is now known as Piper-Off
=== Piper-Off is now known as Monthrect
T3DYIs there a command to setup automatic backups to another backup server? / Whats the best way?18:48
thebwtWhat kind of backups?18:48
lordievaderT3DY: I use dirvish for that.18:49
T3DYfor the whole server I guess18:49
T3DYlordievader Ill check that out, thanks18:49
halcyfornhello. i need antivirus for server. is something good what can scan all files what users upload on server, i need detect and kill all windows viruses malwares troyans etc.19:01
sarnoldhalcyforn: i'm afraid clamav is probably your best bet19:02
lordievaderThere is clamav.19:02
tarpmanhalcyforn: there's no such thing as a "good" antivirus, but clamav is probably what you want19:02
lordievader!info clamav19:02
ubottuclamav (source: clamav): anti-virus utility for Unix - command-line interface. In component main, is optional. Version 0.98.7+dfsg-0ubuntu4 (wily), package size 96 kB, installed size 718 kB19:02
halcyfornok i hear some people say they have laptop and they dont need antivirus they only send files to server what sit on ubuntu. thats why i want  add something what detect and clear this files what people send to server. this clamav detect malwares or not?19:04
tarpmanit tries.19:05
halcyfornhmmm or try  eset for linux19:05
quantichalcyforn: And what OS are they running on their laptops?19:07
halcyfornwindows 719:07
RoyKT3DY: I use bareos19:07
quantichalcyforn: aaand they say they don't need antivirus.19:08
quantichalcyforn: I'm waiting for the absurdity of that statement to sink in.19:08
halcyfornor they dont need because kaspersky slow down computer :D19:08
sarnoldI'm not surprised they don't -want- antivirus, it usually makes computers miserable slow etc19:08
quanticwant vs need.19:09
sarnoldand it's a constant stream of attempts to upsell people on more securityware19:09
tarpmanhalcyforn: force windows defender on them all with group policy, job done?19:09
sarnoldthe best one out there was microsoft's security essentials. no crap, no upsells, just a bare-bones AV. it was great. they killed it.19:10
quantichalcyforn: yeah, your problem is not the server. your problem is endpoint security.19:10
halcyfornmaybe work but when i see what they install i want secure server and people what use files on this server.19:10
sarnoldAV on the ubuntu system still makes some sense, since the clients can be bypassed or not have sufficient definitions, etc..19:10
quanticsarnold: I'm gonna bet that even a freeware Windows AV product is going to catch more than clamav.19:11
halcyfornkaspewrsky dont detect malwares this is bought for company antyvirus. this people use  downloaders form sites19:11
halcyfornthats why i want detct some shit on server19:11
sarnoldquantic: yeah, but people turn things off, or they ignore the "update virus definitions?" dialog boxes, etc.19:12
quanticsarnold: Avast business, push via policy console. Free.19:13
quanticDecently performant, good detection rates, and you can lock down endpoint configuration.19:13
halcyfornavast hmm on older machines can make nice slow down19:13
halcyfornlike kaspersky19:14
sarnoldhalcyforn: there's no way around that.19:14
sarnoldhalcyforn: the trick is to find one without a crappy UI that makes things worse than they need to be :)19:14
quantichalcyforn: Do you want a fast solution that doesn't actually catch anything, or do you care about security as well?19:14
halcyforni care for security and i care for people what have antiviruses on their machines but if they send infected files to server kaspersky dont detect malwares and some shit like troyan downlaoder when they download infected files from server. thats why i think about something what can detect this shit on server.19:16
quantici understand what you're going for, but you're running around with unprotected endpoints, and think that installing clamav or something on the server is going to do the trick.19:16
halcyfornthis is not a perfect solution but add some security19:16
quantichalcyforn: see also: layered defense.19:17
k2gremlinHey all, kind of a unique situation here. Got 2 VM's. First one is my WAN/LAN firewall Cent OS. Second is my GNS3 Debian build. I noticed that all of my traffic is appearing on both VM's. Lan traffic should only go out the Firewall server. Why is my GNS3 server also seeing the SAME traffic?19:17
quantick2gremlin: what hypervisor are you using, and are they on the same logical network segment?19:18
k2gremlinquantic, using ESXi and yea they are on the same vswitch19:18
quantick2gremlin: same host?19:18
k2gremlin2 different VM's19:18
quantick2gremlin: yyyeah. I said host. :P19:18
k2gremlinErrr same physical box yes19:18
quantick2gremlin: I think that VMs on the same host share the PHY layer. Both VMs are going to see traffic on the wire.19:19
quantick2gremlin: but, uh, double check that.19:19
k2gremlinIt makes sense that them being on same vSwitch would cause this.. but same host??19:20
k2gremlinIll split up the vSwitch :)19:20
quantick2gremlin: Um, think about that for a second.19:20
k2gremlinwell, the other vSwitch would be on a seperate VLAN.19:21
k2gremlintraffic should not cross vlans19:21
quantick2gremlin: Being on the same vSwitch would NOT cause this.19:21
zingz0rcan you help me understand what is this mean: Failed to start user service: Unknown unit: user@0.service19:21
quantick2gremlin: But the same host certainly could, as it's all the same physical hardware.19:21
zingz0rit'sw in dmesg19:21
k2gremlinquantic, let say I have a router and switch hooked together. I have 3 vlans on the router trunked to the switch. However, on the switch I have 3 seperate access ports. Traffic doesnt cross vlans there..?19:22
k2gremlineven though using same physical19:22
quantick2gremlin: But you have two VMs on the same host on the same vSwitch on the same VLAN. They're sharing everything except MAC addresses.19:23
quantick2gremlin: So, yeah, they're gonna see everything on the wire together.19:23
quantick2gremlin: New VLAN and vSwitch would fix it, but then you've got to adjust routes.19:23
k2gremlinYea thats why I said if I put the GNS3 on a seperate vSwitch (seperate NIC) should resolve the issue19:23
k2gremlinYep yep :) Ill have to add another interface to my Cent box, put that on the same vswitch as the GNS and route it19:24
k2gremlinNow, my question is, since I only need to talk between the cent box and the gns box, do I need to have a cable physically connected to the un-used NIC on my server?19:25
requiesthi all20:00
thebwtIs there a way to simply fetch the release codename via cat'n a file or something? I'm writing some docs and have to assume the reader doesn't just know 14.04 means trusty.20:23
tarpmanthebwt: lsb_release -cs20:24
thebwttarpman: BOOM! thanks!20:24
RipmindDoes anyone know a good UPnP server for ubuntu?20:34
quanticRipmind: I use miniupnpd20:40
=== Wicaeed_ is now known as Wicaeed
=== Malediction_ is now known as Malediction
=== Lcawte is now known as Lcawte|Away

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!