=== CiPi is now known as cipi
=== alai888 is now known as alai
[07:10] <eman_no1> Does anyone know if there is an updated PPA for HSTR/Server 15.10?
[07:25] <dustin_> I'm trying to update a production server that is running an EOL version of ubuntu 14.10. I keep getting errors regarding the mirrors. Is there an easy way to upgrade to the lts version?
[07:33] <lifeless> dustin_: theres a copy of all the old releases  you can use
[07:33] <lifeless> dustin_: you need to update your sources.lists files to point at them
[07:34] <hateball> !eolupgrade | dustin_
[07:34] <ubottu> dustin_: End-Of-Life is the time when security updates and support for an Ubuntu release stop, see https://wiki.ubuntu.com/Releases for more information. Looking to upgrade from an EOL release? See https://help.ubuntu.com/community/EOLUpgrades
[07:35] <dustin_> My server is on digital ocean. I have read through the EOLUpgrades link and am trying that now. I'm about to just spin up another server and re-deploy. This is too difficult for this time of night.
[07:36] <dustin_> lifeless : how do I find the codename of the dist that is on my server?
[07:38] <bradm> dustin_: https://wiki.ubuntu.com/Releases
[08:50] <lordievader> Good morning.
=== Piper-Off is now known as Monthrect
[09:48] <Yossarianuk> hi - how to I stop 'ALLOWED' apparmor rules from writing to the logs?
[09:48] <Yossarianuk> e.g -> im getting lots of '[44955.878729] type=1400 audit(1448269350.768:220): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/var/lib/sss/pubconf/krb5.include.d/domain_realm_ipa_xxxxx_co_uk" pid=8515 comm="ldap_child" requested_mask="r" denied_mask="r" fsuid=0 ouid=0' - can I modify the apparmor rules to not write to the file ?
=== Lcawte|Away is now known as Lcawte
[11:42] <jjohansen> Yossarianuk: set your syslog filter to through out the messages if you don't want them in your logs
[11:57] <Yossarianuk> jjohansen: cheers - wasn't sure if the filtering could be done via apparmor rules..
=== cipi is now known as CiPi
=== Lcawte is now known as Lcawte|Away
[14:28] <keyf> Is there a way to increase entropy generation on ubuntu? I'm trying to read a few kb from /dev/random and its been 30 minutes already
[14:28] <keyf> banging on the keyboard to no avail
[14:51] <hateball> they left before they could learn about /dev/urandom
[14:53] <jpds> hateball: That's insecure :-O
[14:53] <jrwren> lol
[14:53] <jrwren> 'cept its not.
[14:53] <hateball> :\
[14:53] <jrwren> http://www.2uo.de/myths-about-urandom/
[14:54] <jpds> jrwren: sudo apt-get install rng-tools
[14:55] <jpds> jrwren: And you're /dev/random will hardly ever block
[14:55] <patdk-wk> it's not, anymore, insecure
[14:55] <jrwren> jpds: nice.
[14:55] <patdk-wk> rng-tools broke for me, on upgrade to 14.04
[15:22] <Xat`> hi guys
[15:22] <Xat`> I'm using 15.04 and I installed xen-hypervisor. I'm able to select "Xen hypervisor" entry at grub screen, but it crashes after "LOADING DOMAIN 0", then reboot
[15:29] <smb> Xat`, That is not really much information to work with. One thing which could cause something like this would be that you try to boot in UEFI mode. That is not working that well and you may be more successful when using backwards compatible BIOS mode (whatever that is called)
=== manjo` is now known as manjo
[15:41] <Xat`> smb: I'm using standard BIOS
[15:41] <Xat`> (old)
=== Daviey_ is now known as Daviey
[15:44] <Xat`> I followed this link : https://help.ubuntu.com/community/Xen
[15:44] <Xat`> and everything works well with 14.04
[15:50] <smb> Xat`, Maybe try to install xen-system-amd64 instead of xen-hypervisor-amd64 if that gets you some xen-utils that is the problem
[16:00] <Xat`> smb: I'll try
[16:04] <Xat`> smb: same behavior
=== Azelphur is now known as Azeiphur
=== Azeiphur is now known as Azelphur
[16:12] <smb> Xat`, hard to say then what is wrong. Maybe adding "loglvl=all guest_loglvl=all" to GRUB_CMDLINE_XEN_DEFAULT in /etc/default/grub.d/xen.cfg, then run update-grub and then reboot shows something usable. But if it quickly reboots it might be hard to read anything before its gone
=== Azelphur is now known as `Azelphur
=== `Azelphur is now known as Azelphur
=== Azelphur is now known as Azelphur`
=== Azelphur` is now known as Azelphur
=== Lcawte|Away is now known as Lcawte
=== Monthrect is now known as Piper-Off
=== Piper-Off is now known as Monthrect
[18:48] <T3DY> Is there a command to setup automatic backups to another backup server? / Whats the best way?
[18:48] <thebwt> What kind of backups?
[18:49] <lordievader> T3DY: I use dirvish for that.
[18:49] <T3DY> for the whole server I guess
[18:49] <T3DY> lordievader Ill check that out, thanks
[19:01] <halcyforn> hello. i need antivirus for server. is something good what can scan all files what users upload on server, i need detect and kill all windows viruses malwares troyans etc.
[19:02] <sarnold> halcyforn: i'm afraid clamav is probably your best bet
[19:02] <lordievader> There is clamav.
[19:02] <tarpman> halcyforn: there's no such thing as a "good" antivirus, but clamav is probably what you want
[19:02] <lordievader> !info clamav
[19:02] <ubottu> clamav (source: clamav): anti-virus utility for Unix - command-line interface. In component main, is optional. Version 0.98.7+dfsg-0ubuntu4 (wily), package size 96 kB, installed size 718 kB
[19:04] <halcyforn> ok i hear some people say they have laptop and they dont need antivirus they only send files to server what sit on ubuntu. thats why i want  add something what detect and clear this files what people send to server. this clamav detect malwares or not?
[19:05] <tarpman> it tries.
[19:05] <halcyforn> hmmm or try  eset for linux
[19:07] <quantic> halcyforn: And what OS are they running on their laptops?
[19:07] <halcyforn> windows 7
[19:07] <RoyK> T3DY: I use bareos
[19:08] <quantic> halcyforn: aaand they say they don't need antivirus.
[19:08] <halcyforn> yes
[19:08] <quantic> halcyforn: I'm waiting for the absurdity of that statement to sink in.
[19:08] <halcyforn> or they dont need because kaspersky slow down computer :D
[19:08] <sarnold> I'm not surprised they don't -want- antivirus, it usually makes computers miserable slow etc
[19:09] <quantic> want vs need.
[19:09] <sarnold> and it's a constant stream of attempts to upsell people on more securityware
[19:09] <tarpman> halcyforn: force windows defender on them all with group policy, job done?
[19:10] <sarnold> the best one out there was microsoft's security essentials. no crap, no upsells, just a bare-bones AV. it was great. they killed it.
[19:10] <quantic> halcyforn: yeah, your problem is not the server. your problem is endpoint security.
[19:10] <halcyforn> maybe work but when i see what they install i want secure server and people what use files on this server.
[19:10] <sarnold> AV on the ubuntu system still makes some sense, since the clients can be bypassed or not have sufficient definitions, etc..
[19:11] <quantic> sarnold: I'm gonna bet that even a freeware Windows AV product is going to catch more than clamav.
[19:11] <halcyforn> kaspewrsky dont detect malwares this is bought for company antyvirus. this people use  downloaders form sites
[19:11] <halcyforn> thats why i want detct some shit on server
[19:12] <sarnold> quantic: yeah, but people turn things off, or they ignore the "update virus definitions?" dialog boxes, etc.
[19:13] <quantic> sarnold: Avast business, push via policy console. Free.
[19:13] <quantic> Decently performant, good detection rates, and you can lock down endpoint configuration.
[19:13] <halcyforn> avast hmm on older machines can make nice slow down
[19:14] <halcyforn> like kaspersky
[19:14] <sarnold> halcyforn: there's no way around that.
[19:14] <sarnold> halcyforn: the trick is to find one without a crappy UI that makes things worse than they need to be :)
[19:14] <quantic> halcyforn: Do you want a fast solution that doesn't actually catch anything, or do you care about security as well?
[19:16] <halcyforn> i care for security and i care for people what have antiviruses on their machines but if they send infected files to server kaspersky dont detect malwares and some shit like troyan downlaoder when they download infected files from server. thats why i think about something what can detect this shit on server.
[19:16] <quantic> i understand what you're going for, but you're running around with unprotected endpoints, and think that installing clamav or something on the server is going to do the trick.
[19:16] <halcyforn> this is not a perfect solution but add some security
[19:17] <quantic> halcyforn: see also: layered defense.
[19:17] <k2gremlin> Hey all, kind of a unique situation here. Got 2 VM's. First one is my WAN/LAN firewall Cent OS. Second is my GNS3 Debian build. I noticed that all of my traffic is appearing on both VM's. Lan traffic should only go out the Firewall server. Why is my GNS3 server also seeing the SAME traffic?
[19:18] <quantic> k2gremlin: what hypervisor are you using, and are they on the same logical network segment?
[19:18] <k2gremlin> quantic, using ESXi and yea they are on the same vswitch
[19:18] <quantic> k2gremlin: same host?
[19:18] <k2gremlin> nope
[19:18] <k2gremlin> 2 different VM's
[19:18] <quantic> k2gremlin: yyyeah. I said host. :P
[19:18] <k2gremlin> Errr same physical box yes
[19:19] <k2gremlin> lol
[19:19] <quantic> k2gremlin: I think that VMs on the same host share the PHY layer. Both VMs are going to see traffic on the wire.
[19:19] <quantic> k2gremlin: but, uh, double check that.
[19:20] <k2gremlin> It makes sense that them being on same vSwitch would cause this.. but same host??
[19:20] <k2gremlin> Ill split up the vSwitch :)
[19:20] <quantic> k2gremlin: Um, think about that for a second.
[19:21] <zingz0r> hi
[19:21] <k2gremlin> well, the other vSwitch would be on a seperate VLAN.
[19:21] <k2gremlin> traffic should not cross vlans
[19:21] <quantic> k2gremlin: Being on the same vSwitch would NOT cause this.
[19:21] <zingz0r> can you help me understand what is this mean: Failed to start user service: Unknown unit: user@0.service
[19:21] <quantic> k2gremlin: But the same host certainly could, as it's all the same physical hardware.
[19:21] <zingz0r> it'sw in dmesg
[19:22] <k2gremlin> quantic, let say I have a router and switch hooked together. I have 3 vlans on the router trunked to the switch. However, on the switch I have 3 seperate access ports. Traffic doesnt cross vlans there..?
[19:22] <k2gremlin> even though using same physical
[19:22] <k2gremlin> :)
[19:23] <quantic> k2gremlin: But you have two VMs on the same host on the same vSwitch on the same VLAN. They're sharing everything except MAC addresses.
[19:23] <quantic> k2gremlin: So, yeah, they're gonna see everything on the wire together.
[19:23] <quantic> k2gremlin: New VLAN and vSwitch would fix it, but then you've got to adjust routes.
[19:23] <k2gremlin> Yea thats why I said if I put the GNS3 on a seperate vSwitch (seperate NIC) should resolve the issue
[19:24] <k2gremlin> Yep yep :) Ill have to add another interface to my Cent box, put that on the same vswitch as the GNS and route it
[19:25] <k2gremlin> Now, my question is, since I only need to talk between the cent box and the gns box, do I need to have a cable physically connected to the un-used NIC on my server?
[20:00] <requiest> hi all
[20:23] <thebwt> Is there a way to simply fetch the release codename via cat'n a file or something? I'm writing some docs and have to assume the reader doesn't just know 14.04 means trusty.
[20:24] <tarpman> thebwt: lsb_release -cs
[20:24] <thebwt> tarpman: BOOM! thanks!
[20:34] <Ripmind> Does anyone know a good UPnP server for ubuntu?
[20:40] <quantic> Ripmind: I use miniupnpd
=== Wicaeed_ is now known as Wicaeed
=== Malediction_ is now known as Malediction
=== Lcawte is now known as Lcawte|Away