| === Lcawte is now known as Lcawte|Away | ||
| === Monthrect is now known as Piper-Off | ||
| === Lcawte|Away is now known as Lcawte | ||
| === [Mew2] is now known as [[Mew2]] | ||
| === Lcawte is now known as Lcawte|Away | ||
| jay_ | hello everybody | 09:49 |
|---|---|---|
| jay_ | i got some general questions about ubuntu-server | 09:49 |
| jay_ | apt-get update and apt-get upgrade they upgrade the packges right ? | 09:50 |
| jay_ | hi poeple | 10:01 |
| jay_ | apt-get update and apt-get upgrade they upgrade the packges right ? | 10:04 |
| jay_ | how about if i want to upgrade only one package | 10:04 |
| jay_ | can i do it | 10:04 |
| jay_ | hi kritz | 10:11 |
| jay_ | hi seabstien | 10:11 |
| jay_ | hi semajnz | 10:14 |
| jay_ | hi bilde2910 | 10:28 |
| Ben64 | jay_: why | 10:37 |
| Seveas | jay_: apt-get install package | 10:44 |
| Seveas | that'll upgrade it if an upgrade is available. | 10:45 |
| jay_ | Ben64 its me jeevan @ jay now | 10:48 |
| jay_ | i just want to know how linux and ubuntu systems work ? | 10:48 |
| Ben64 | why would you not want all the security updates | 10:49 |
| jay_ | thats good question, how about if i want to choose one instead of all others | 10:50 |
| jay_ | actually Ben64 | 10:51 |
| jay_ | the organisation im working | 10:51 |
| jay_ | they havent upgraded the ubuntu systems | 10:51 |
| jay_ | the system which im working has two vulnerabilities | 10:52 |
| jay_ | one is openssl and other proftpd | 10:52 |
| jay_ | both are scanned by nessus | 10:52 |
| jay_ | commerical license of nessus | 10:52 |
| Ben64 | step 1. sudo apt-get update && sudo apt-get dist-upgrade | 10:52 |
| jay_ | i just one general | 10:53 |
| jay_ | why does ubuntu releases version 14 and 15 | 10:53 |
| jay_ | when ubuntu is backporting and supporting earlier 12.04 | 10:53 |
| jay_ | i can keep doing apt-get update and apt-get upgrade every few months | 10:53 |
| jay_ | instead of changing distibution | 10:54 |
| Ben64 | apt-get dist-upgrade doesn't change distro | 10:54 |
| Ben64 | there is a new version of ubuntu released every 6 months, every 4 releases one is a Long Term Support (LTS) release. The LTS releases are supported for 5 years, the other releases are supported for 9 months. | 10:55 |
| Ben64 | the version number, such as 14.04 is the year and month of its release, 14.04 = 2014.04 = April 2014 | 10:55 |
| jay_ | ok | 10:56 |
| Ben64 | 12.04 and 14.04 are the currently supported LTS releases, 12.04 loses server support in April 2017, it has already lost desktop support. 14.04 is supported until April 2019. The next LTS will be 16.04, coming out this coming April, and it will be supported until April 2021 | 10:57 |
| Ben64 | ooh wait, 12.04 is supported on desktop and server for 5 years | 10:58 |
| jay_ | yes ok ok | 10:58 |
| Ben64 | the point is, do the updates already | 10:58 |
| jay_ | yes i did in the test machines after you and rww explaination | 10:59 |
| Ben64 | yet you keep asking about upgrading just one package | 11:00 |
| jay_ | sorry if l presummed as stubborn or dumb i will clarify my doubt | 11:00 |
| jay_ | i did some work in test machines after you left | 11:00 |
| jay_ | at present in 1 machine | 11:01 |
| jay_ | i have openssl 1.0.1 14 march 2012 and built on 2014 | 11:02 |
| jay_ | but after doing apt-get upgrade | 11:02 |
| jay_ | the built on changes 2014 to 2015 | 11:02 |
| jay_ | as you both people said in the morning, as ubuntu backports | 11:03 |
| jay_ | thats good | 11:03 |
| jelly | that means you successfully applied patches and restarted relevant services that use them | 11:03 |
| jay_ | yes yes | 11:03 |
| Ben64 | so whats the problem now | 11:03 |
| jay_ | if i do apt-get changelog openssl before the upgrade and after the upgrade its same page | 11:04 |
| jay_ | its changelog page of openssl tillnow | 11:04 |
| jay_ | so that means built on 2014 is same as 2015 | 11:04 |
| Ben64 | ...no | 11:04 |
| jay_ | i was asking because i need to show some proof to my superior | 11:05 |
| jelly | jay_: zless /usr/share/doc/libssl1.0.0/changelog.Debian.gz | 11:05 |
| jelly | that's the packaging changelog for the version that's actually installed | 11:05 |
| jelly | erm. | 11:06 |
| jay_ | ok ok i will se | 11:06 |
| jay_ | jelly and Ben64 do you people know Built on time | 11:06 |
| jay_ | i mean what is built on means | 11:06 |
| Ben64 | can you provide context | 11:07 |
| jay_ | Im sorry Ben64 and jelly i may sound like stupid but i feel im not understanding properly | 11:07 |
| jay_ | like | 11:07 |
| jay_ | if u type openssl version -b before upgrade shows built on 2014 after upgrade openssl version -b shows built 2015 | 11:08 |
| jay_ | im presenting working in patch management for linux server | 11:08 |
| Ben64 | thats when it was compiled | 11:08 |
| jay_ | so i'm thinking that compilation date is same as ubuntu backports | 11:09 |
| jay_ | am i right ? | 11:09 |
| Ben64 | probably | 11:10 |
| jay_ | ok | 11:10 |
| jay_ | since i work in patch management team i need to be techincally good and explainable | 11:10 |
| jay_ | i dont mean im depending on you | 11:11 |
| jay_ | but im getting all the facts and understanding i can from people and search engines | 11:11 |
| ikonia | jay_: would it not be better to talk to the more experienced people in your team | 11:11 |
| ikonia | explain to them where you feel you're not clear on things and ask them to explain and how it falls in lines with the teams polcies/processes | 11:12 |
| jay_ | what you said is right, its not exactly easy but i will try , they will look for weakness in a person not honesty | 11:13 |
| jay_ | i will try | 11:13 |
| ikonia | it seems the more logical approach | 11:13 |
| jay_ | suppose if i didnt perform this patch properly i will be considered as non-competent candidate | 11:13 |
| jay_ | or not worthy candidate | 11:14 |
| jay_ | ofcourse logically its true. | 11:14 |
| ikonia | talk to the team explain your knowledge gap, ask them to explain and critical how it fits in with the teams process/policies | 11:15 |
| jay_ | the point we even dont have KT knowledge transfer at all | 11:15 |
| jelly | jay_: if your audit people can provide exact CVE numbers for the vulnerabilities their script thinks are present, you can look at the changelog for libssl1.0.0 and see if those are fixed or not. You can also look up specific CVE numbers on http://people.canonical.com/~ubuntu-security/cve/ and see which versions they were fixed in, if they're fixed. | 11:15 |
| jay_ | i have all the CVE numbers | 11:15 |
| jay_ | i will check once again | 11:16 |
| jay_ | im sorry if u feel irritated by my continous questing , im just not smart enough to understand just in one line | 11:16 |
| jelly | eg. http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3195.html | 11:16 |
| jay_ | after Ben 64 and RWW explanations i went and did some virtualbox testing for 3 hours | 11:16 |
| jay_ | at present | 11:17 |
| jay_ | Ubuntu 12.04 LTS (Precise Pangolin):released (1.0.1-4ubuntu5.32) im here | 11:17 |
| jay_ | my nessus report says | 11:17 |
| jay_ | to upgrade to 1.0.2e | 11:17 |
| jay_ | or 1.0.1g or 1.0.1h | 11:18 |
| jay_ | what do i do | 11:18 |
| ikonia | read about back porting | 11:18 |
| ikonia | or talk to your team about their policy on back porting | 11:18 |
| ikonia | (or accepting back porting) | 11:18 |
| jay_ | ok | 11:18 |
| jay_ | kindly check these | 11:19 |
| jay_ | http://www.tenable.com/plugins/index.php?view=single&id=73412 | 11:19 |
| jay_ | http://www.tenable.com/plugins/index.php?view=single&id=77200 | 11:19 |
| ikonia | why ? | 11:19 |
| jay_ | i was stuck here | 11:19 |
| ikonia | check them for what ? | 11:19 |
| jay_ | to show my problem is real | 11:20 |
| jay_ | tats all | 11:20 |
| ikonia | what ? | 11:20 |
| ikonia | your problem is your don't understain how to maintain a system and you haven't learnt your teams policies/practices | 11:20 |
| ikonia | understand sorry | 11:20 |
| jay_ | that i agree | 11:21 |
| ikonia | ok - so go and deal with that | 11:21 |
| jay_ | im sorry | 11:21 |
| ikonia | no need to be sorry | 11:21 |
| Ben64 | its not a real problem | 11:21 |
| Ben64 | CVE-2014-0224 was fixed June 5th 2014 | 11:22 |
| Ben64 | in openssl 1.0.1-4ubuntu5.14 | 11:22 |
| Ben64 | wait, was fixed june 2nd | 11:22 |
| jay_ | i understand ur point, as i said in the morning the superior is stuck on , that nessus i saying to upgrade to 1.0.1h or later why havent upgraded ? | 11:23 |
| ikonia | then talk to him | 11:24 |
| jay_ | i was thinking from his perspective and i got all doubts linked | 11:24 |
| jelly | jay_: default nessus db is full of false positives | 11:24 |
| ikonia | it's not our problem to convince your team / set your team's policy | 11:24 |
| jay_ | software management and security maintenance | 11:24 |
| jay_ | ohhh | 11:24 |
| jay_ | i understand its not at all linked to ubuntu people | 11:24 |
| jay_ | i completely understand | 11:24 |
| jelly | they check the version numbers instead of actual vulnerability, and they have no idea what debian or ubuntu have fixed while _keeping_ the upstream version | 11:25 |
| jay_ | atleast im getting these all knowledge from you all people | 11:25 |
| jay_ | yes yes you are 100% jelly | 11:25 |
| jelly | you need to explain their tools are crap, in an acceptable way | 11:25 |
| jay_ | what im understanding from 5 hours of activity on this single openssl | 11:26 |
| * jelly is jelly that's true | 11:26 | |
| jay_ | yes yes you are 100% jelly right | 11:26 |
| jay_ | ok | 11:26 |
| jay_ | thank you everyone | 11:27 |
| jay_ | thank you jelly Ben64 ikonia | 11:27 |
| jay_ | generally on ubuntu server we dont compile from source right ? we do all from repositories right | 11:28 |
| ikonia | yes | 11:31 |
| jay_ | ok | 11:32 |
| jay_ | and i should not PPA to live servers right ? | 11:35 |
| jay_ | i mean only if i trust them thats different point | 11:36 |
| ikonia | it's up to you what you use | 11:36 |
| jay_ | but generally we dont add PPA unless its needed compulsory | 11:36 |
| ikonia | and what is in line with your TEAM POLICY | 11:36 |
| ikonia | no | 11:36 |
| ikonia | it's up to you what you do | 11:36 |
| jay_ | hmm | 11:36 |
| jay_ | ok | 11:36 |
| jay_ | ubuntu doesnt has PPA offically right ? | 11:38 |
| ikonia | there are PPA's provided by ubuntu projects | 11:38 |
| jay_ | i mean its collboration right | 11:39 |
| jay_ | but not official | 11:39 |
| ikonia | what ? | 11:39 |
| ikonia | there are official ubuntu projects with PPA's | 11:39 |
| jay_ | any example please | 11:39 |
| ikonia | no | 11:39 |
| ikonia | look in launchpad | 11:40 |
| ikonia | look at the teams that own / maintain the PPA's | 11:40 |
| jay_ | yes yes i have seen | 11:40 |
| jay_ | launchpad.net/ubuntu | 11:40 |
| jay_ | is this official | 11:40 |
| jay_ | how do i call it official or not i dont know | 11:41 |
| ikonia | look at the team that owns it | 11:41 |
| jay_ | the team is ubuntu members | 11:41 |
| ikonia | you've not even linked to a PPA | 11:41 |
| jay_ | maintainer is ubuntu techinical board | 11:41 |
| ikonia | so that is an official ubuntu project account | 11:42 |
| jay_ | ok ok ok | 11:42 |
| jay_ | i asked the basic question official or not, because generally in ubuntu site at installation software page it says add PPA on your own risk. | 11:44 |
| ikonia | and thats true no matter who owns/maintains it | 11:44 |
| jay_ | thats why i felt it may not be official | 11:44 |
| jay_ | ok ok ok | 11:45 |
| jay_ | i think im getting confused by myself | 11:45 |
| jay_ | i guess im speaking with my half knowledge about every topic | 11:46 |
| jay_ | i need to get more knowledge | 11:46 |
| ikonia | just talk to your team | 11:46 |
| ikonia | and ask about their policies and practices | 11:46 |
| jay_ | since you said and recommended i will talk | 11:47 |
| jay_ | ok general question | 11:50 |
| jay_ | why a person should not compile from source ? | 11:50 |
| ikonia | again - talk to your team | 11:51 |
| jay_ | is it because its hard to adjust with dependencies | 11:51 |
| jay_ | ok ok | 11:51 |
| ikonia | they can explain why that is bad | 11:51 |
| jay_ | nothing nothing ok ok ok | 11:51 |
| jay_ | i have new doubt | 11:59 |
| jay_ | why Organisation (ubuntu and redhat) does backporting instead of just adding the new versions in their repositories ? | 12:00 |
| Ben64 | that was explained to you hours ago | 12:00 |
| jay_ | i understand that ubuntu is supporting 12.0.4 by helping security updates (backporting) | 12:01 |
| jay_ | any specific technical and logical reason behind it | 12:02 |
| Ben64 | reason behind what | 12:03 |
| jay_ | reason behind : instead of doing the backporting why doesnt organisation just add the new verisions of packages ? | 12:04 |
| Ben64 | yes, that was explained to you a few times hours ago | 12:05 |
| jay_ | ok i will check | 12:05 |
| jay_ | ok thank you all ikonia : Ben64 : jelly i saved the chats for my reference | 12:18 |
| jay_ | thank you once again and Happy new year to you people. i wil be logging out now | 12:19 |
| RoyK | bug 833562 says a bit about bug fixing for ubuntu server ;) | 13:42 |
| ubottu | bug 833562 in grub2 (Ubuntu) "grub-update doesn't check for removal of kernels" [Undecided,Invalid] https://launchpad.net/bugs/833562 | 13:42 |
| RoyK | happy new year :D | 13:42 |
| === Piper-Off is now known as Monthrect | ||
| devster31 | is there a command I can use to get the ip address from the hostname? grepping /etc/hosts returns multiple results and it would be better to have a command for this... | 14:49 |
| devster31 | and no, "host" is not a valid command on my box for some reason | 14:52 |
| === tinoco_ is now known as tinoco | ||
| m1dnight_ | I have set up a bridge for my kvm hosts but i cant seem to access the internet. | 15:14 |
| m1dnight_ | I can ping 8.8.8.8 etc though. | 15:14 |
| m1dnight_ | but dns doesnt work | 15:14 |
| volkswagner | Happy New Year! | 15:51 |
| volkswagner | I'm running Ubuntu 14.04.2 LTS \n \l as KVM guest. The small root partition is getting full. I'm in a catch 22 with removing old kernels via autoremove and getting apt-get install on track. | 15:52 |
| volkswagner | I'm getting disk full error via apt-get install -f, even after removing log files and such to gain double the space reported needed by apt. | 15:53 |
| volkswagner | apt-get install -f "says" > Need to get 0 B/46.4 MB of archives. After this operation, 229 MB of additional disk space will be used. and / has 671M avialable, yet still get disk full error | 15:54 |
| volkswagner | Should I start the manual removal of old kernels? Does anyone know why it seems I have enough space to complete the apt-get install task, yet still get disk full error? | 15:55 |
| volkswagner | here is full output of apt-get install -f http://pastebin.com/CyFMzcfB | 15:57 |
| volkswagner | actually that was not full output, here is the error portion after saying yes install http://pastebin.com/bXyUCpPd | 15:59 |
| volkswagner | I only have separate partitions for /srv everything else is mounted at / in an 8gig partition | 16:01 |
| === Lcawte|Away is now known as Lcawte | ||
| jelly | volkswagner: run a "du -x / > du-x-root.$(date -I)" then look at "sort -n du-x-root.$(date -I) | tail -n 40" for largest contributors. Consider setting up your systems with LVM, next time. | 16:08 |
| jelly | volkswagner: different filesystem types have different sizes of reserved space, with low space conditions what "df" reports may not be exact | 16:09 |
| volkswagner | I have used du to clear up space. shouldn't 671M available be enough space to complete apt-get install asking for 229M of disk space? | 16:10 |
| jelly | which fs type is it? | 16:11 |
| jelly | is it something weird like btrfs? | 16:11 |
| volkswagner | EXT4 | 16:11 |
| jelly | who knows | 16:11 |
| volkswagner | Where should I go from here? Should I manually remove old kernels? | 16:12 |
| jelly | manually? | 16:12 |
| JanC | it needs space for the package, and space for the unpacked files | 16:12 |
| jelly | do a dpkg -S /boot/vmlinuz* | 16:12 |
| jelly | then apt-get remove linux-image-old-1 linux-image-old-2 ... | 16:13 |
| jelly | keep one or two known working versions | 16:13 |
| volkswagner | jelly here is output http://pastebin.com/yC4yFfPs | 16:13 |
| volkswagner | I will try remove | 16:14 |
| jelly | I'm confident you can figure out the package names from that output even without looking at it! | 16:14 |
| JanC | autoremove should be able to remove kernels | 16:14 |
| volkswagner | jelly I can't use apt-get at all because of partially installed or non fully installed. I keep getting error run "apt-get install -f" which fails with disk space error, hence my catch 22 complaint ;) | 16:16 |
| jelly | volkswagner: dpkg --remove ... then | 16:16 |
| volkswagner | Janc, yest automove should, but it fails with similar error here http://pastebin.com/YAL3PkSM | 16:17 |
| volkswagner | I'll try dpkg | 16:17 |
| jelly | 8GiB ought to be quite enough for a server system tho. Tho we keep /var separate. | 16:18 |
| jelly | still, lvm <3 ... keep mount points small initially and grow where needed | 16:20 |
| JanC | I assume you cleaned out stuff under /var/cache ? | 16:22 |
| volkswagner | Is it possible I need to reboot? I see uname -a is 3.13.0-63-generic, yet dpkg -S /boot/vmlinuz* shows *65-generic and *74-generic | 16:22 |
| volkswagner | Here is error I get when trying to use dpkg to remove http://pastebin.com/m2i6s5yq | 16:23 |
| volkswagner | Janc | 16:24 |
| volkswagner | I do have 86M in /var/cache/apt-xapian-index | 16:24 |
| volkswagner | It is likely in the past I ran upgrade without rebooting, which may have included kernel upgrade, but never rebooted | 16:26 |
| volkswagner | I'm not sure why I didn't use LVM. I do have it on the KVM host… not much use for the guest though | 16:27 |
| volkswagner | I think I was concerned about possible overhead, LVM in guest on top of LVM host. This was thought about without any research or confirmation if there is such an overhead issue ;) | 16:28 |
| JanC | if you remove linux-image-3.13.0-46-generic you also have to remove its dependents like linux-image-extra-3.13.0-46-generic | 16:29 |
| volkswagner | JanC: Thank you, that seems to work! | 16:32 |
| volkswagner | I see dpkg also reconfigures Grub… Let me remove more and see how it goes | 16:32 |
| JanC | to remove grub entries for removed kernels | 16:33 |
| volkswagner | Yes, the manual method I was thinking of required manually updated grub. I ran it years ago, but couldn't find it today. | 16:35 |
| CiPi | Happy New World Order ppl | 16:36 |
| volkswagner | JanC: jelly and others, thank you… Disk space went from 91% full to 51% full. Now apt-get install -f is running! Thank You, Thank You, Thank You! | 16:43 |
| volkswagner | I'll be keeping a closer eye on old kernels in the future | 16:43 |
| volkswagner | I guess apt-get install will need an output like "will need xxxMB working disk space to complete your request" for guys like me, hahaha | 16:45 |
| JanC | that's hard to predict for all sorts of reasons | 16:49 |
| volkswagner | JanC: I believe that! I guess lessoned learned… "don't think you're smarter than the devs, believe the error despite what you (I) think" | 16:52 |
| johnsmith | I'm trying to set a static IP on a secondary NIC on an Ubuntu server (14.04) VM. I've added an entry for eth1 (the second NIC) in /etc/network/interfaces and restarted the networking service. I then ran ifconfig eth1 up. I can see the second interface with I run ifconfig, but it doesn't have an inet addr, bcast or mask even though I set a static IP in /etc/network/interfaces. I'm not sure what I am doing wrong | 18:31 |
| ikonia | are you using network manager ? | 18:32 |
| johnsmith | command line | 18:32 |
| ikonia | thats not what I asked | 18:33 |
| johnsmith | I don't understand what you mean by network manager | 18:33 |
| ikonia | it's an application used to control the network cards | 18:33 |
| johnsmith | then no | 18:33 |
| ikonia | then your interfaces file is wrong | 18:34 |
| johnsmith | I have: auto eth1 \ iface eth1 inet static \ address 10.1.1.132 \ netmask 255.255.255.0 \ network 10.1.1.0 \ broadcast 10.1.1.255 (\ denoting new line) | 18:35 |
| ikonia | something is wrong in it, or it would be working | 18:36 |
| ikonia | go through it again, | 18:36 |
| johnsmith | I'm using the second interface (eth1) to c reate an internal network on an ESXi host. I've created the vSwitch for the internal network, and assigned the eth1 interface to the internal network vSwitch. As I understand it, I just need to put each gues VM on the same subnet so that they can communicate with eachother via the internal network. Am I missing part of the concept or is this just a configuration error? | 18:38 |
| ikonia | that should have nothing to do with the card getting an IP or not | 18:40 |
| johnsmith | alright | 18:41 |
| johnsmith | thanks | 18:41 |
| === Lcawte is now known as Lcawte|Away | ||
| === sebastien is now known as Sebastien | ||
| === Lcawte|Away is now known as Lcawte | ||
| === Lcawte is now known as Lcawte|Away | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!