=== King is now known as hiwhiteboy | ||
=== hiwhiteboy is now known as King | ||
=== King is now known as hiwhiteboy | ||
lordievader | Good morning. | 09:05 |
---|---|---|
=== fayyaz is now known as Ather | ||
=== Ather is now known as ather | ||
=== ather is now known as ather_ | ||
devster31 | how can I login as root from a ssh session? I have ssh root disabled, but I can sudo su -, however the old login session stays open if I do this, and I can't change usernames with the old user session still open | 13:37 |
bekks | devster31: Login as user, and dont use sudo su - (which is nonsense), but just sudo -i | 13:38 |
bekks | And for changing usernames, you need to create another user capable of using sudo -i, login as the new user, and change the username of the old user. | 13:38 |
bekks | No need for unlocking the root account, no need for enabling ssh as root. | 13:39 |
devster31 | so the only way to rename a user is to create a new one with root privileges and log in as this one? | 13:41 |
bekks | Correct. | 13:41 |
patdk-lap | is there some way I can audit all access in apparmor? | 14:49 |
patdk-lap | I cannot seem to locate the correct path to block access for a file | 14:49 |
Sling | patdk-lap: you can set it in learning mode | 14:55 |
Sling | see https://help.ubuntu.com/lts/serverguide/apparmor.html | 14:55 |
Sling | (see aa-genprof) | 14:56 |
patdk-lap | ya, but that only works if a something matches | 14:56 |
patdk-lap | the problem is, I can't get anything to match | 14:56 |
patdk-lap | atleast for the folder I am concerned about | 14:56 |
patdk-lap | for other folders, works fine | 14:56 |
patdk-lap | nothing was captured by aa-genprof :( | 15:04 |
patdk-lap | is there a way I can show what profile I'm running in, to confirm it's actually matching? | 15:05 |
patdk-lap | ah, na, it's not matching the program | 15:06 |
patdk-lap | ok, so the path to the program itself is also messed up | 15:07 |
devster31 | bekks: why is sudo su - nonsense? doesn't it login as root? | 15:17 |
=== hiwhiteboy is now known as King | ||
snowgoggles | devster31: ? | 15:44 |
devster31 | he said: Login as user, and dont use sudo su - (which is nonsense), but just sudo -i | 15:49 |
ogra_ | sudo su - messes up the environment, sudo -i gives you a proper one | 15:53 |
ogra_ | (and "sudo su" generally starts extra subshells which is pointless) | 15:54 |
devster31 | but sudo resets the entire env, only some variables are passed right? | 16:08 |
snowgoggles | devster31: what's the concern? they will elevate privileges differently | 16:12 |
devster31 | no concern, I'm curious, if I have for example local::lib perl variables with sudo -i they won't be passed | 16:24 |
lunaphyte | i have a server with an nfs filesystem in fstab. the filesystem fails to mount at boot, but mounts just fine with mount -a after boot. so far, i've not found much in the way of logging. how can i troubleshoot this further? the os is 14.04.4 | 16:29 |
RoyK | lunaphyte: try adding _netdev to the options | 16:30 |
RoyK | with the underscore | 16:30 |
lunaphyte | i did try that, but it doesn't seem to have an effect | 16:31 |
lunaphyte | here's the current fstab entry: | 16:31 |
lunaphyte | 10.128.35.251:/home/home/example.comnfsauto,_netdev,rw,hard,intr00 | 16:31 |
=== InfoTest1 is now known as InfoTest | ||
dasjoe | So, I'm playing with lxd on 16.04 for a bit. "lxc-ls" shows no defined containers, "lxc list" shows the ones I'm running but its output is not easily parseable. Am I missing something? I'd like to feed the output into lxc-destroy (or should I use "lxc delete"?) | 17:44 |
DvLnme | hello everyone | 17:46 |
=== King is now known as hiwhiteboy | ||
=== _thumper_ is now known as thumper | ||
=== Monthrect is now known as Piper-Off | ||
punkoivan | hi guys. | 22:31 |
punkoivan | have some problem with ssh. when I don't use ssh-session for few minutes I got "broken pipe" | 22:32 |
punkoivan | in sshd_config fix timeout 120 to 0, but it's not fix. | 22:33 |
punkoivan | It's no problem to reconnect, but realy irritabel | 22:34 |
patdk-lap | enable keepalives :) | 22:45 |
tdelam | hey, how do I upgrade apache from Apache/2.4.7 (Ubuntu) to 2.4.16 via apt? We're on 12.04 LTS. | 22:50 |
bekks | sudo apt update; sudo apt full-upgrade; | 22:51 |
tdelam | trying to find some info online but it's bee tricky finding documentation to upgrading to a specific version | 22:51 |
tdelam | a full upgrade? | 22:51 |
bekks | tdelam: Sure. | 22:51 |
rbasak | tdelam: we only maintain one version per Ubuntu release. | 22:51 |
tdelam | Oh | 22:52 |
tdelam | 2.4.16 is in the most recent? | 22:52 |
rbasak | 2.4.7 in Trusty, 2.4.12 in Wily. | 22:52 |
rbasak | Wily is the most recent Ubuntu release. | 22:52 |
tdelam | ah | 22:52 |
rbasak | Xenial is on 2.4.18. | 22:52 |
rbasak | (but not released yet) | 22:52 |
tdelam | damn | 22:52 |
tdelam | I might have to do this from source :/ | 22:52 |
rbasak | If there's a specific bugfix you need, we can backport a fix depending on what it is. | 22:53 |
tdelam | PCI scan is calling specifically for 2.4.16 | 22:53 |
rbasak | If it's a security thing, we quite likely already have backported the fix to 2.4.7. | 22:53 |
rbasak | Get a better PCI scan. | 22:54 |
tdelam | heh | 22:54 |
tdelam | if it were only that easy | 22:54 |
tdelam | https://www.dropbox.com/s/v7sj60f87yadcqj/Screenshot%202016-03-20%2018.54.07.png?dl=0 | 22:54 |
rbasak | Doing it yourself from source is clearly worse for security. | 22:54 |
rbasak | Unless you want to also pay a security team to keep it up to date. | 22:54 |
tdelam | yep | 22:55 |
tdelam | that's not efficient | 22:55 |
rbasak | You can look up CVEs at http://people.canonical.com/~ubuntu-security/cve/ | 22:56 |
rbasak | For example your first CVE is fixed in the version in Trusty. | 22:56 |
rbasak | No need to update to anything else. | 22:56 |
tdelam | oh wow | 22:56 |
tdelam | this will be good, I can show them it's resolved in 2.4.7 | 22:57 |
tdelam | looks like their scan is checking version, not pen testing any of this. | 22:57 |
rbasak | If your scan says you're vulnerable and you have the latest package installed, then your scan is wrong. | 22:57 |
rbasak | Right | 22:57 |
tdelam | petty dumb pci scanner | 22:57 |
tdelam | thx a ton rbasak, ill check that url | 22:57 |
rbasak | No problem. | 22:57 |
tdelam | rbasak: sorry, https://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0231.html the green "released" text depicts that it was patched in those releases? | 22:59 |
rbasak | Right. And the version in brackets tells you the package version it was fixed in. Make sure you have that version (or higher) installed. | 23:00 |
tdelam | gotcha, thanks! | 23:00 |
tdelam | gorgeous! all the issues listed in their scan threat is resolved in my version. | 23:02 |
tdelam | thankscience! | 23:02 |
rbasak | nacc_: FYI, https://www.stewright.me/2016/03/upgrade-php-7-0-ubuntu/ | 23:07 |
rbasak | Oh, he's using Ondrej's PPA | 23:07 |
rbasak | Never mind! | 23:07 |
nacc | rbasak: yep, that's on 14.04 | 23:22 |
rbasak | Sorry. I assumed it was talking about 16.04 without reading further. | 23:22 |
rbasak | How's it going BTW? Near the finish line yet? | 23:23 |
rbasak | I haven't been following because you seemed to have a very good handle on it. | 23:23 |
nacc | rbasak: php7 progress is good, it's the removal of php5 that's going slowly | 23:23 |
nacc | we finally got symfony updated last week | 23:24 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!