=== King is now known as hiwhiteboy
=== hiwhiteboy is now known as King
=== King is now known as hiwhiteboy
lordievaderGood morning.09:05
=== fayyaz is now known as Ather
=== Ather is now known as ather
=== ather is now known as ather_
devster31how can I login as root from a ssh session? I have ssh root disabled, but I can sudo su -, however the old login session stays open if I do this, and I can't change usernames with the old user session still open13:37
bekksdevster31: Login as user, and dont use sudo su - (which is nonsense), but just sudo -i13:38
bekksAnd for changing usernames, you need to create another user capable of using sudo -i, login as the new user, and change the username of the old user.13:38
bekksNo need for unlocking the root account, no need for enabling ssh as root.13:39
devster31so the only way to rename a user is to create a new one with root privileges and log in as this one?13:41
patdk-lapis there some way I can audit all access in apparmor?14:49
patdk-lapI cannot seem to locate the correct path to block access for a file14:49
Slingpatdk-lap: you can set it in learning mode14:55
Slingsee https://help.ubuntu.com/lts/serverguide/apparmor.html14:55
Sling(see aa-genprof)14:56
patdk-lapya, but that only works if a something matches14:56
patdk-lapthe problem is, I can't get anything to match14:56
patdk-lapatleast for the folder I am concerned about14:56
patdk-lapfor other folders, works fine14:56
patdk-lapnothing was captured by aa-genprof :(15:04
patdk-lapis there a way I can show what profile I'm running in, to confirm it's actually matching?15:05
patdk-lapah, na, it's not matching the program15:06
patdk-lapok, so the path to the program itself is also messed up15:07
devster31bekks: why is sudo su - nonsense? doesn't it login as root?15:17
=== hiwhiteboy is now known as King
snowgogglesdevster31: ?15:44
devster31he said: Login as user, and dont use sudo su - (which is nonsense), but just sudo -i15:49
ogra_sudo su - messes up the environment, sudo -i gives you a proper one15:53
ogra_(and "sudo su" generally starts extra subshells which is pointless)15:54
devster31but sudo resets the entire env, only some variables are passed right?16:08
snowgogglesdevster31: what's the concern? they will elevate privileges differently16:12
devster31no concern, I'm curious, if I have for example local::lib perl variables with sudo -i they won't be passed16:24
lunaphytei have a server with an nfs filesystem in fstab.  the filesystem fails to mount at boot, but mounts just fine with mount -a after boot.  so far, i've not found much in the way of logging.  how can i troubleshoot this further?  the os is 14.04.416:29
RoyKlunaphyte: try adding _netdev to the options16:30
RoyKwith the underscore16:30
lunaphytei did try that, but it doesn't seem to have an effect16:31
lunaphytehere's the current fstab entry:16:31
=== InfoTest1 is now known as InfoTest
dasjoeSo, I'm playing with lxd on 16.04 for a bit. "lxc-ls" shows no defined containers, "lxc list" shows the ones I'm running but its output is not easily parseable. Am I missing something? I'd like to feed the output into lxc-destroy (or should I use "lxc delete"?)17:44
DvLnmehello everyone17:46
=== King is now known as hiwhiteboy
=== _thumper_ is now known as thumper
=== Monthrect is now known as Piper-Off
punkoivanhi guys.22:31
punkoivanhave some problem with ssh. when I don't use ssh-session for few minutes I got "broken pipe"22:32
punkoivanin sshd_config fix timeout 120 to 0, but it's not fix.22:33
punkoivanIt's no problem to reconnect, but realy irritabel22:34
patdk-lapenable keepalives :)22:45
tdelamhey, how do I upgrade apache from Apache/2.4.7 (Ubuntu) to 2.4.16 via apt? We're on 12.04 LTS.22:50
bekkssudo apt update; sudo apt full-upgrade;22:51
tdelamtrying to find some info online but it's bee tricky finding documentation to upgrading to a specific version22:51
tdelama full upgrade?22:51
bekkstdelam: Sure.22:51
rbasaktdelam: we only maintain one version per Ubuntu release.22:51
tdelam2.4.16 is in the most recent?22:52
rbasak2.4.7 in Trusty, 2.4.12 in Wily.22:52
rbasakWily is the most recent Ubuntu release.22:52
rbasakXenial is on
rbasak(but not released yet)22:52
tdelamI might have to do this from source :/22:52
rbasakIf there's a specific bugfix you need, we can backport a fix depending on what it is.22:53
tdelamPCI scan is calling specifically for 2.4.1622:53
rbasakIf it's a security thing, we quite likely already have backported the fix to
rbasakGet a better PCI scan.22:54
tdelamif it were only that easy22:54
rbasakDoing it yourself from source is clearly worse for security.22:54
rbasakUnless you want to also pay a security team to keep it up to date.22:54
tdelamthat's not efficient22:55
rbasakYou can look up CVEs at http://people.canonical.com/~ubuntu-security/cve/22:56
rbasakFor example your first CVE is fixed in the version in Trusty.22:56
rbasakNo need to update to anything else.22:56
tdelamoh wow22:56
tdelamthis will be good, I can show them it's resolved in 2.4.722:57
tdelamlooks like their scan is checking version, not pen testing any of this.22:57
rbasakIf your scan says you're vulnerable and you have the latest package installed, then your scan is wrong.22:57
tdelampetty dumb pci scanner22:57
tdelamthx a ton rbasak, ill check that url22:57
rbasakNo problem.22:57
tdelamrbasak: sorry, https://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0231.html the green "released" text depicts that it was patched in those releases?22:59
rbasakRight. And the version in brackets tells you the package version it was fixed in. Make sure you have that version (or higher) installed.23:00
tdelamgotcha, thanks!23:00
tdelamgorgeous! all the issues listed in their scan threat is resolved in my version.23:02
rbasaknacc_: FYI, https://www.stewright.me/2016/03/upgrade-php-7-0-ubuntu/23:07
rbasakOh, he's using Ondrej's PPA23:07
rbasakNever mind!23:07
naccrbasak: yep, that's on 14.0423:22
rbasakSorry. I assumed it was talking about 16.04 without reading further.23:22
rbasakHow's it going BTW? Near the finish line yet?23:23
rbasakI haven't been following because you seemed to have a very good handle on it.23:23
naccrbasak: php7 progress is good, it's the removal of php5 that's going slowly23:23
naccwe finally got symfony updated last week23:24

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!