=== CiPi is now known as cipi
=== cipi is now known as CiPi
=== Lcawte|Away is now known as Lcawte
[09:14] <ren0v0> hi, can someone tell me where LXD images are stored when you run  "lxc publish" ?
=== MinedAWAY is now known as Mined
=== stevenroose|BNC is now known as stevenroose
=== ivoks_ is now known as ivoks
=== dandyd449 is now known as dandy
=== patsToms_ is now known as patsToms
=== ujjain- is now known as ujjain
=== _fortis_ is now known as _fortis
=== Punna is now known as Pwnna
=== dcmorton_ is now known as dcmorton
=== dw2 is now known as dw1
=== lionel_ is now known as lionel
=== lordieva1er is now known as lordievader
=== lordievader is now known as Guest78182
=== ejat_ is now known as ejat
=== Guest78182 is now known as lordievader
=== cpaelzer is now known as cpaelzer_afk
=== cpaelzer_afk is now known as cpaelzer
[12:51] <teward> I need some update/upgrade opinions.  Got an ancient 8.04 box that we've scheduled for migration to a newer OS, but we've got limited time, and not enough time to install clean 14.04 and then migrate everything.  Would a sane solution be to, for now, upgrade the box to 12.04 in place after taking a backup of the machine, and then in the summer when we have our next maintenance period (and two - three months to complete the update instead of
[12:51] <teward> two weeks), do the clean 14.04 install and migrate data over?
[12:51] <teward> or would it be more sane to start fresh anyways
[12:55] <maxb> I don't think anyone can suggest anything without knowing more about what migration means to you
[12:55] <jelly> don't you need to do release upgrades 8.04 -> 10.04 -> 12.04, going from hardy to precise directly would not be supported?
[12:56] <teward> jelly: well, i meant that :P
[12:56] <teward> maxb: that's up to the people above me in the pay chain :/
[12:56] <teward> and they said "Research potential courses of action, present them today"
[12:56] <teward> so :/
[12:56] <maxb> For example, it's unclear to me why you'd have time to upgrade some versions but not all the way to 14.04
[12:57] <jelly> it's hard to say what might break without knowing what services and apps you're actually running there, and which infrastructure (database, language versions) they depend on
[12:58] <jelly> right, going up to 12.04 and fixing everything, but not 14.04 seems somewhat arbitrary
[12:58] <maxb> Indeed. The practicality of in place upgrade varies widely depending on what services you're running, and how long they can be down whilst you deal with any oddities such as configuration changes that end up being needed
[12:59] <jelly> teward: see if you have... time to clone the machine into a VM, then test your desired course of action
[13:01] <maxb> We also need to know your uptime requirements - because if you're aiming for minimal downtime you'd be a lot safer just building out a replacement
[14:37] <tansy> Hi Guys,, anyone knows if i can change device name from /dev/sda to  /dev/sdb
[14:37] <tansy> ?
[14:38] <teward> jelly: that's actually my plan there xD
[14:38] <teward> (to clone the VM to another VM, and then test the upgrade paths)
[14:38] <TJ-> tansy: I just answered you in #ubuntu
[14:38] <TJ-> tansy: use the symlinks in /dev/disk/by-*/*
[14:39] <TJ-> tansy: that's the entire point of them; there is by-uuid, by-id, and a couple of useful others
[14:39] <teward> jelly: the main reason to 12.04 and not 14.04 is because we need a 'temporary' solution, and i know one of the things won't run on 14.04 (in-house program)
[14:40] <tansy> Hi TJ... i have 15 raw disks attached to server...
[14:41] <tansy> on 1 disk say /dev/sde my OS is installed.
[14:41] <tansy> but after reboot the name changes..
[14:41] <tansy> i am creating some storage cluster with disk names.
[14:41] <tansy> so i need persistent disk names
[14:41] <TJ-> tansy: right, which is what the persistent naming under /dev/disk/by-uuid/ is designed for
[14:42] <tansy> TJ.. by uuid is only if i create partitions or lvols..
[14:42] <tansy> but raw disks are not under uuid..
[14:43] <TJ-> tansy: then use by-id
[14:43] <TJ-> tansy: in some Ubuntu releases we used to have by-path too
[14:44] <tansy> so TJ the id's are consistens you mean.. and /dev/sd* can change ?
[14:45] <TJ-> tansy: correct, the nodes under /dev/disk/by*/* are symlinks to the actual block device nodes
[14:45] <TJ-> tansy: you could create your own udevd rule to create, for example, /dev/disk/by-serial/<disk-serial-number> sym-links
[14:46] <tansy> yes .. i see
[14:46] <tansy> wwn-0x678da6e715bce5201e04a7afa762365e -> ../../sdq
[14:46] <tansy> lets say after reboot the sdq starts poing to another block disk..
[14:46] <tansy> then what would happen
[14:46] <TJ-> tansy: right, those are the WWN namings so will be unique
[14:49] <tansy> Hi TJ..I got your point..
[14:49] <tansy> i was creating a storage cluster in which i was combinging /dev/sda of 10 nodes in 1 cluster...
[14:49] <tansy> so my script was expecting a single name accross all nodes..
[14:50] <tansy> otherwise it would be quite difficult to manage in my script..
[14:50] <TJ-> so the device presented by the cluster should be consistent? What are you using, iSCSI ?
[14:51] <tansy> yes it should be consistent.
[14:52] <tansy> TJ. i am actually not doing that... my storage colleague is creating ceph cluster and facing issue.
=== cyphermox_ is now known as cyphermox
=== dfused_ is now known as dfused
[15:36] <IIT> in installation of ubuntu server..
[15:36] <IIT> it is asking me to select the kernel so i am confused which one to select ?
[15:37] <IIT> by default it's highlighting vivid, which is 15.04 and i am installing linux 14.04.3 so how's that possible ?
[15:37] <IIT> and which kernel to choose ?
[15:50] <IIT> generic, virtula, signed ? which one to select
[15:50] <IIT> what's the difference between each of them
[16:29] <jelly> IIT: I think "vivid" means the "hardware enablement stack" of kernel for your release that's exactly the same version as comes with vivid.  Pick that and generic if you don't know better.
[16:31] <teward> jelly: they got an answer in #ubuntu i believe
[16:37] <jelly> ah.  Usually there's so much traffic there, I don't even bother trying to check
=== Lcawte is now known as Lcawte|Away
[16:40] <teward> :P
=== cpaelzer_ is now known as cpaelzer_afk
[16:47] <IIT> jelly, thanks for the reply :) yeah i got the point with the help of Pici :)
[16:50] <nacc> rharper: ping
=== Piper-Off is now known as Monthrect
[17:46] <Logos01> Is there any chance anyone here is already using Pulp for repository mirroring?
[18:10] <IIT> for server which repos should i enable ?
[18:10] <IIT> and which one i shouldn't
[18:13] <teward> IIT: that's really your call.  On my servers, I want things to get bug fixes as well as Security fixes, so I keep the -updates and -security repositories enabled
[18:13] <teward> and my applications on there have Universe dependencies, so i enable the Universe repositories too
[18:14] <teward> (but what you should enable is up to you and your needs)
[18:16] <IIT> teward, can you share your sources.list file ?
[18:20] <teward> Not from here I can't, no SSH to my servers
[18:20] <teward> (my keys are unfortunately back at home :/)
[18:22] <IIT> np :)
[18:23] <IIT> anyone who read the msg can share their source.list :)
[18:46] <patdk-wk> hmm, don't care
[18:46] <patdk-wk> share
[18:46] <patdk-wk> just go into your sources.list and edit it
[18:46] <patdk-wk> and if you want security updates, do not enable backtrack
[18:46] <patdk-wk> or backport, whatever it is called :)
=== goosblabla is now known as goosfraba
[18:50] <IIT> patdk-wk, okay :)
[18:51] <IIT> the prob was when i installed a new ubuntu-server there were no repos listed in sources.list and i was curious to learn different repos meant and started googling out..
[18:52] <patdk-wk> none at all?
[18:52] <patdk-wk> I wonder how you managed that
[18:52] <IIT> yes none
[18:52] <Logos01> patdk-wk: What makes you say that about ${release}-backports vs ${release}-security ?
[18:53] <Logos01> Do they have naming conflicts or something?
[18:53] <IIT> and the cd-rom repo was the single line that too uncommented..
[18:53] <IIT> it was really hard time typing out the long list of all the repos. :/
[18:53] <patdk-wk> -security is security only, not updates
[18:53] <patdk-wk> -updates, not too sure
[18:53] <patdk-wk> -backport is NEW VERSIONS, security updates are not done for these, except by chance
[18:54] <patdk-wk> say like, you need a newer version of dovecot, for a new feature, it might be in backports
[18:54] <patdk-wk> but if there is ever a security issue with it, you are not guarrenteed to ever get that security issue patched
[18:55] <IIT> so it's better not to use backports..
[18:55] <patdk-wk> or only on a package by package bases if you must
[18:55] <Logos01> patdk-wk: Unless it's updated in the later release and backport is renewed.
[18:55] <patdk-wk> or if the server that security doesn't matter
[18:56] <Logos01> Since that's what backports are.
[18:56] <IIT> okay :)
[18:56] <IIT> Logos01, can you share sources.list ? if possible
[18:56] <patdk-wk> Logos01, heh?
[18:57] <patdk-wk> they don't respin everything on newer releases into backports
[18:57] <Logos01> IIT: You probably don't want to copy mine. I do ... stuff, and things.
[18:57] <patdk-wk> https://wiki.ubuntu.com/UbuntuBackports
[18:58] <IIT> just for learning purpose Logos01 :)
[18:58] <Logos01> https://help.ubuntu.com/lts/serverguide/configuration.html
[19:00] <IIT> ideally i should have this enabled ?
[19:00] <IIT> frankly i am going to use ssh and qemu that's it ..
[19:00] <slidinghorn> IIT: Have you come across this answer yet?  http://askubuntu.com/questions/586595/restore-default-apt-repositories-in-sources-list-from-command-line
[19:01] <IIT> slidinghorn, no, this seems to be useful
[19:03] <Jeeves_Moss> do I only need the SNMP daemon if I'm not running the server?
[19:03] <Logos01> patdk-wk: "When a package which has been backported receives a security update, the Ubuntu Backporters will make a best-effort attempt to update the backport."
[19:04] <Logos01> patdk-wk: Most of the times it's pretty automatic.
[19:04] <Logos01> Jeeves_Moss: You need the snmp daemon if you're running a service that uses snmp to communicate with the server.
[19:04] <Logos01> That could for example be a nagios server.
[19:06] <Jeeves_Moss> Logos01, thanks!  that's what I'm looking to do!  I'm just testing right now, then I'll use chef to roll it out
[19:12] <Logos01> Re-asking for consistency's sake and because it's semi-relevant; has anyone here done any groundwork for enabling .deb support in Pulp for their local usage?
[19:18] <micahg> if you don't see a backport request for a relevant security update, feel free to file a new backport request for it
[19:20] <micahg> sorry, I meant to say if you don't see a backport updated in a timely manner, feel free to request a new backport that includes the security update
=== cpaelzer_afk is now known as cpaelzer_
=== cpaelzer_ is now known as cpaelzer_afk
[21:01] <TJ-> 12.04, apache2, listening on an IPv6 address (confirmed with 'ss' and 'netstat'), ip6tables shows port 80/443 allowed in, but unable to make IPv6 connections from external networks, or even from the host itself. manual 'telnet' connections timeout without connecting. Any ideas?
[21:06] <jrwren> TJ-: do you have a return route?
[21:07] <ianorlin> TJ-: traceroute6?
[21:08] <TJ-> jrwren: ianorlin it fails on the host itself; but route is fine, icmpv6 pings OK
[21:08] <ianorlin> I do not know how to help you then
[21:10] <TJ-> it's puzzling me terribly! ssh on IPv6 is fine too
[21:12] <ianorlin> TJ-: wget -6 ?
[21:13] <TJ-> ianorlin: well telnet fails so wget does too
[21:28] <genii> Maybe only udp forwarding is on
[21:29] <patdk-wk> define ssh is fine
[21:29] <patdk-wk> do you have a pmtu problem?
[21:30] <patdk-wk> mtu issue?
[21:30] <patdk-wk> you didn't block icmp6 did you?
=== cpaelzer_afk is now known as cpaelzer_
[21:32] <DammitJim> is there a way to install ubuntu and set up LVM?
[21:32] <DammitJim> I"m confused about the installer
[21:36] <Logos01> DammitJim: I ran into that problem, sort of, just recently -- the installer had a serious hate-on for my LVM config.
[21:36] <Logos01> Had to do a manual install, which was all sorts of headache.
[21:37] <Logos01> TJ-: is there anything in sysctl -a | grep -i tcp that might indicate ipv6 is disallowed?
[21:37] <Logos01> TJ-: Also, are you getting any DEN errors in dmesg/auditd ?
[21:37] <DammitJim> so, i need to do a manual partition?
[21:38] <DammitJim> it doesn't revert the stupid thing
[21:38] <TJ-> Logos01: ssh/icmpv6 are all working fine
[21:38] <Logos01> TJ-: That doesn't answer my question.
[21:38] <DammitJim> I am installing now, but I let the system do LVM automatically
[21:38] <Logos01> DammitJim: I'm not saying that -- I'm saying that *I* wound up doing what I did.
[21:38] <DammitJim> oh
[21:40] <DammitJim> Dammit... I"m such an idiot
[21:40] <DammitJim> I was installing ubuntu desktop
[21:41] <TJ-> IPv6/Apache diags/config: http://paste.ubuntu.com/14132555/
[21:41] <Logos01> ...
[21:42] <Logos01> TJ-: Is there anything in "sysctl -a | grep -i tcp" or "dmesg | grep DEN" that might appear to be related to your http traffic?
[21:47] <TJ-> Logos01: no, nothing
[21:49] <Logos01> TJ-: So in your netstat and iptables output I see that traffic is hitting the port and that there's actually a daemon listening.
[21:49] <RoyK> Logos01: you have to do manual installation with existing lvm setup
[21:49] <TJ-> Logos01: correct; although the port 80 count is not increasing, and nor is my remote host count for 2a02:8011:2007::/48
[21:50] <Logos01> TJ-: what happens when you run "tail -f /var/log/apache2/*.log & curl -X HEAD http://::1"
[21:50] <Logos01> Err, sorry, that'd be curl -X HEAD -i
[21:50] <TJ-> Logos01: no such logs; its vhosts; each domain under /home/<domainname>/logs/ for that
[21:50] <RoyK> TJ-: erm - are you using a /48 mask for a host?
[21:50] <TJ-> RoyK: /64
[21:50] <RoyK> makes more sense :P
[21:51] <Logos01> TJ-: "17  1360 ACCEPT     tcp      eth0   *       ::/0                 ::/0                 tcp dpt:80 /* HTTP *"
[21:51] <Logos01> Shows 17 unique connections historically having hit.
[21:52] <TJ-> more configs: http://paste.ubuntu.com/14132647/
[21:52] <Logos01> The established connections would go to the "state RELATED,ESTABLISHED", right, so you wouldn't see packet increases except for unique connection attempts.
[21:52] <Logos01> As to the /home/<domainname>/logs/
[21:52] <Logos01> ... why in the hell would you do that?
[21:52] <Logos01> Logfiles shouldn't go to /home/
[21:52] <TJ-> Yes, they should
[21:53] <RoyK> no, they shouldn't
[21:53] <TJ-> apache2 is using suexec, each domain is a separate user account, and the server spawns a separate process for each uid
[21:53] <Logos01> RoyK: Yeah, I didn't want to but the desktop installer wouldn't let me do anything but /boot and a single logvol for /
[21:53] <Logos01> RoyK: Which is quite the opposite of CIS compliance.
[21:54] <Logos01> TJ-: ... even so, daemons should not log to /home
[21:54] <RoyK> Logos01: in his setting, it makes sense
[21:54] <Logos01> Case in point; where are the logfiles for the global/parent daemon itself?
[21:55] <TJ-> Logos01: the 'daemons' are running as the user itself
[21:55] <TJ-> that's the point of apache's suexec
[21:55] <Logos01> ...
[21:55] <Logos01> Where are the logfiles for the global/parent daemon itself?
[21:56] <Logos01> Furthermore; doesn't matter that the individual domains' workers are running as a specific user; they should still be logging in FHS-compliant manner, tbqh.
[21:57] <TJ-> Logos01: the usual place; and there's nothing in error.log or suexec.log indicating an issue. This was working fine for years, until about 3 hours ago, when there was a minor change in a site config that required a service restart. I suspect some recent package updates have caused this, since the service had been running for several months before that
[21:57] <Logos01> And does apachectl configtest return anything problematic?
[21:58] <TJ-> "Syntax OK"
[21:59] <Logos01> So according to your ip6tables config, you're allowing and receiving traffic on port 80 and port 443
[21:59] <TJ-> I'm not sure if this excludes apache2 or not, as yet, but I wanted to have 'nc' listen on the port but it seems to be so old as to not parse IPv6, but I tried bash with "cat </dev/tcp/<ipv6-address>/80" and clients couldn't connect either
[21:59] <Logos01> According to your netstat/ss output, you have listeners.
[22:00] <Logos01> So there's something already handling your ::*:80 and ::*:443
[22:00] <Logos01> And what do you get when you use "nc -6 -vv ::* 443" ?
[22:01] <Logos01> Err, ::1
[22:01] <RoyK> TJ-: try wireshark
[22:03] <TJ-> Logos01: there is no IPv6 support in 'nc' on 12.04
[22:03] <TJ-> RoyK: for what?
[22:03] <RoyK> TJ-: for seeing what's going over the wire
[22:03] <TJ-> RoyK: I'll run tcpdump on the server, if thats what you mean
[22:04] <patdk-wk> logos01, I dunno what you mean by state RELATED,ESTABLISHED
[22:04] <patdk-wk> oh wait, I misread that
[22:05] <patdk-wk> odd config, from what I am used to
=== cpaelzer_ is now known as cpaelzer_afk
[22:06] <patdk-wk> what doesn't work about ipv6?
[22:06] <patdk-wk> it works for me atleast
[22:06] <patdk-wk> https://[2a01:7e00:e000:151:0:1:1:2]/
[22:06] <patdk-wk> Squoo.sh those bugs
[22:06] <patdk-wk> Automated Diagnostic and Repair services for GNU/Linux systems
[22:06] <TJ-> patdk-wk: you just hit it from  2001:470:e0ba:5:f500:78f6:322c:9e86.52642 ?
[22:06] <patdk-wk> yes
[22:07] <TJ-> patdk-wk: in which case something very weird is happening on my local end; doesn't explain why I couldn't get it to operate on the host itself though! *head spinning*
[22:07] <TJ-> patdk-wk: I've got a telnet still waiting to connect, but I have an SSH and a ping both working to that same IPv6 address
[22:07] <Logos01> TJ-: ... why are you on 12.04 ?
[22:08] <TJ-> Logos01: why not? it's supported
[22:08] <ianorlin> I don't think 12.04 supported ipv6 well
[22:08] <patdk-wk> it supports it, but ya, lots of programs didn't
[22:08] <Logos01> There's a clean/sane upgrade path from 12.04 to 14.04; 16.04 is about to come out, ipv6 in particular was not really as much of a "thing" three years ago -- the system support for things like the apache version was not so hot
[22:09] <patdk-wk> I am having a horrible time attempting to upgrade from 12.04 to 14.04
[22:09] <patdk-wk> all kind of php upgrade issues
[22:09] <Logos01> patdk-wk: It's nothing like 10.04 to 12.04 though.
[22:09] <patdk-wk> I have no issues from 10.04 to 12.04
[22:09] <Logos01> patdk-wk: They changed toplevel directories.
[22:09] <TJ-> patdk-wk: I'm doing a clean install in a chroot alongside to 16.04 :)
[22:10] <patdk-wk> heh?
[22:10] <patdk-wk> that iddn't affect me at all
[22:10] <Logos01> 16.04 is gonna be a headache upgrade, though.
[22:10] <Logos01> upstart -> systemd
[22:10] <TJ-> I don't allow php on the server
[22:10] <ianorlin> I like static site generators
[22:10] <Logos01> I mean, compared between the two -- Loennart notwithstanding -- systemd is better than upstart.
[22:10] <RoyK> Logos01: fresh install may be easier
[22:10] <Logos01> RoyK: True.
[22:11] <RoyK> Logos01: but last time I tried upgrading to debian 8, it worked flawlessly
[22:11] <Logos01> RoyK: I have a bunch of desktop/physical-server installs that use ZFS as root filesystem, as well.
[22:11] <patdk-wk> Logos01, depends on the scope of systemd :)
[22:11] <RoyK> Logos01: not from upstart, though, from sysV to systemd
[22:11] <TJ-> I've had this server operating since 2007, starting with hardy-heron and upgraded since; time for a fresh install to abandon the cruft
[22:11] <RoyK> Logos01: sounds like a pita
[22:12] <Logos01> RoyK: I expect it to be. But then again it may be far less of one, considering the 16.04 version should have native support for ZFS baked-in.
[22:12] <Logos01> And I'll finally have a distro-release stable driver of ZFS to play with, if all goes well.
[22:12] <Logos01> The trick is gonna be seeing how the systemd bits play with all the crap I have on my laptop for example -- I've been carrying basically the same install since 2009.
[22:13] <Logos01> The servers... well, if I have to blow them up, then I have to blow them up.
[22:13] <RoyK> Logos01: 15.10 has zfs support, but a very old version
[22:14] <Logos01> RoyK: Right, which might come back to bite me considering I'm running relatively recent feature-flags.
[22:14] <Logos01> Had to patch and compile GRUB myself.
[22:14] <RoyK> Logos01: I was thinking more about bugs than features
[22:15] <RoyK> Logos01: zol isn't really stable as in stable. I've used it in production for a year without issues, but there are several unresolved issues known
[22:16] <RoyK> Logos01: I have a 60TiB pool (two raidz2 vdevs with 11+12 drives) at work scheduled for demolishment to be replaced by striped mirrors (23 mirrors, 4TB each, plus two spares)
[22:17] <RoyK> Logos01: I've been working with zfs for 5+ years and although there are issues with zol, I'd rather use that than illumos because of the userspace
[22:17] <Logos01> http://paste.ubuntu.com/14132856/
[22:18] <RoyK> Logos01: zpool status?
[22:18] <Logos01> RoyK: It's just a single backing drive.
[22:18]  * patdk-wk can't wait
[22:19] <Logos01> I have larger setups but this is just a desktop.
[22:19]  * patdk-wk wants to play with 500gig m.2 nvme
[22:19] <patdk-wk> should have been here, but isn't yet :(
[22:19] <Logos01> W/ a 500GB desktop hybrid drive ... I'm not really worried about checksum failures/errors
[22:19] <patdk-wk> probably got delayed somehow
[22:19] <patdk-wk> problem with ordering new crap
[22:20] <RoyK> Logos01: zfs will find the checsum errors, but won't be able to do anything about them without redundancy
=== cpaelzer_afk is now known as cpaelzer_
[22:27] <wafflejock> trying to build the latest apache (on Ubuntu Server 14.04) but when trying to get the libapr1-dev dependency for building I'm getting an error libapr1-dev : Depends: libapr1 (= 1.5.0-1) but 1.5.1-2+deb.sury.org~precise+1 is to be installed, what to do? need to get the latest Apache for PCI compliance (or at least version 2.4.16, right now have downloaded source for 2.4.18)
[22:29] <patdk-wk> wafflejock, you don't understand pci compliance then
[22:30] <patdk-wk> WHAT is it that isn't compliant?
[22:30] <ianorlin> also doesn't the packages in archives have backports
[22:30] <ianorlin> for vulnverabilities?
[22:30] <wafflejock> Details: Multiple vulnerabilities fixed in Apache HTTP Server 2.4.16, 07/20/15 CVE 2015-0228 CVE 2015-0253 CVE 2015-3183 CVE 2015-3185 Apache HTTP Server 2.4.16 fixed multiple vulnerabilities.
[22:31] <wafflejock> yup
[22:31] <patdk-wk> and those affect ubuntu?
[22:31] <wafflejock> there's more
[22:31] <wafflejock> one sec will paste
[22:31] <patdk-wk> http://www.ubuntu.com/usn/usn-2523-1/
[22:32] <patdk-wk> according to that url, it was fixed, you should NOT upgrade to 2.4.16
[22:32] <wafflejock> http://paste.ubuntu.com/14132939/
[22:32] <ianorlin> apt-get chanelog apache2 show having stuff backported to fix cve's
[22:33] <wafflejock> well I did sudo apt-get update and sudo apt-get upgrade and the latest apache I have says it's 2.4.10 so the PCI scan appears to be correct
[22:33] <patdk-wk> no
[22:33] <patdk-wk> you read that wrong
[22:33] <patdk-wk> you do not have apache 2.4.10
[22:33] <wafflejock> ?
[22:33] <patdk-wk> you have apache 2.4.10+ubuntu-updates-and-security-patches
[22:33] <wafflejock> I did apache2 -version it says 2.4.10
[22:33] <wafflejock> ah okay
[22:33] <patdk-wk> so?
[22:33] <wafflejock> well
[22:33] <patdk-wk> what package do you have installed?
[22:33] <wafflejock> how do I fix this?
[22:34] <patdk-wk> you don't fix it
[22:34] <patdk-wk> what apache is ACTUALLY installed?
[22:34] <patdk-wk> using dpkg
[22:35] <patdk-wk> dpkg -l apache2
[22:35] <wafflejock> apache2
[22:36] <TJ-> apt-cache policy apache2
[22:36] <ianorlin> why not try apt-get changelog apache2 and see what things have been patched
[22:36] <patdk-wk> could probably do that
[22:36] <wafflejock> 2.4.10-1+deb.sury.org~precise+1
[22:37] <TJ-> huh? that's not the 14.04 apache2
[22:37] <patdk-wk> nope, looks like he already started down the bad pci road
[22:37] <patdk-wk> and found random ppa's to upgrade apache with
[22:37] <TJ-> the latest in 14.04 is " 2.4.7-1ubuntu4.5 " from ubuntu-security
[22:37] <wafflejock> I'm on 14.04.3 but this server was upgraded from 12.04 I'm almost positive
[22:37] <wafflejock> patdk-wk: nope
[22:37] <patdk-wk> yes :)
[22:37] <TJ-> changelog for Trusty here http://changelogs.ubuntu.com/changelogs/pool/main/a/apache2/apache2_2.4.7-1ubuntu4.5/changelog
[22:37] <patdk-wk> https://launchpad.net/~ondrej/+archive/ubuntu/php5/+index?field.series_filter=precise
[22:38] <wafflejock> eh well didn't do it recently then patdk-wk :)
[22:38] <patdk-wk> well, the problem is now, you no long are using ubunt usecurity updates, but depending on that person to do them for you
[22:38] <ianorlin> !ppa
[22:39] <ubottu> A Personal Package Archive (PPA) can provide alternate software not normally available in the offical Ubuntu repositories - Looking for a PPA? See https://launchpad.net/ubuntu/+ppas - WARNING: PPAs are unsupported third-party packages, and you use them at your own risk. See also !addppa and !ppa-purge
[22:39] <patdk-wk> personally, I would find out if you REALLY REALLY need 2.4.10 (doubtful)
[22:39] <patdk-wk> and if not, go back to stock ubuntu apache2
[22:39] <wafflejock> yup well aware of PPAs I typically don't add them
[22:39] <wafflejock> maybe was daft in this case
[22:39] <patdk-wk> then you just post the changelog as the, why this case is solved and mitigated to your pci compliance service
[22:39] <ianorlin> unsupported stuff on things you want pci compliance for o.0
[22:39] <TJ-> looks like that came in due to adding a PPA that is primarily for PHP 5.6
[22:40] <ianorlin> this is why I don't apt-get install -y
[22:41] <TJ-> I use apt-changelog - its extremely useful for keeping up
[22:41] <TJ-> so you get to see the changelogs of each upgrading package before it is installed
[22:41] <patdk-wk> I use apt-cahangelog to know if I should bother or not :)
[22:42] <patdk-wk> if so, on the test machine, roll to production
[22:42] <TJ-> it looks like my IPv6 issue may be due to a failure on my ISPs network; looks like they installed a transparent proxy that isn't transparent, and is failing too
[22:42] <wafflejock> alright well thanks patdk-wk, TJ, and ianorlin time to clean up my stupid mess
[22:43] <patdk-wk> pci compliance people are lazy :)
[22:43] <patdk-wk> they just attempt to figure out what version you have, not if you are vaunerable
[22:43] <patdk-wk> so you just have to reply, yes, my version is old, but it was patched for this issue, see here
=== Lcawte|Away is now known as Lcawte
[23:15] <TJ-> whats with the terrible letsencrypt scripts!? I ran it, it reports an error from 1 of the scripts, which is under /tmp/   which it immediately deletes so I cannot investigate!
[23:26] <zune> hey anyone got an idea on how to make cs-go servers work after last update...
[23:26] <zune> mine is restricted to local access
[23:39] <wafflejock> patdk-wk: sorry for the attitude can't believe I had installed that via PPA, have it fixed now thanks again