| === King is now known as hiwhiteboy | ||
| === hiwhiteboy is now known as King | ||
| === King is now known as hiwhiteboy | ||
| lordievader | Good morning. | 09:05 |
|---|---|---|
| === fayyaz is now known as Ather | ||
| === Ather is now known as ather | ||
| === ather is now known as ather_ | ||
| devster31 | how can I login as root from a ssh session? I have ssh root disabled, but I can sudo su -, however the old login session stays open if I do this, and I can't change usernames with the old user session still open | 13:37 |
| bekks | devster31: Login as user, and dont use sudo su - (which is nonsense), but just sudo -i | 13:38 |
| bekks | And for changing usernames, you need to create another user capable of using sudo -i, login as the new user, and change the username of the old user. | 13:38 |
| bekks | No need for unlocking the root account, no need for enabling ssh as root. | 13:39 |
| devster31 | so the only way to rename a user is to create a new one with root privileges and log in as this one? | 13:41 |
| bekks | Correct. | 13:41 |
| patdk-lap | is there some way I can audit all access in apparmor? | 14:49 |
| patdk-lap | I cannot seem to locate the correct path to block access for a file | 14:49 |
| Sling | patdk-lap: you can set it in learning mode | 14:55 |
| Sling | see https://help.ubuntu.com/lts/serverguide/apparmor.html | 14:55 |
| Sling | (see aa-genprof) | 14:56 |
| patdk-lap | ya, but that only works if a something matches | 14:56 |
| patdk-lap | the problem is, I can't get anything to match | 14:56 |
| patdk-lap | atleast for the folder I am concerned about | 14:56 |
| patdk-lap | for other folders, works fine | 14:56 |
| patdk-lap | nothing was captured by aa-genprof :( | 15:04 |
| patdk-lap | is there a way I can show what profile I'm running in, to confirm it's actually matching? | 15:05 |
| patdk-lap | ah, na, it's not matching the program | 15:06 |
| patdk-lap | ok, so the path to the program itself is also messed up | 15:07 |
| devster31 | bekks: why is sudo su - nonsense? doesn't it login as root? | 15:17 |
| === hiwhiteboy is now known as King | ||
| snowgoggles | devster31: ? | 15:44 |
| devster31 | he said: Login as user, and dont use sudo su - (which is nonsense), but just sudo -i | 15:49 |
| ogra_ | sudo su - messes up the environment, sudo -i gives you a proper one | 15:53 |
| ogra_ | (and "sudo su" generally starts extra subshells which is pointless) | 15:54 |
| devster31 | but sudo resets the entire env, only some variables are passed right? | 16:08 |
| snowgoggles | devster31: what's the concern? they will elevate privileges differently | 16:12 |
| devster31 | no concern, I'm curious, if I have for example local::lib perl variables with sudo -i they won't be passed | 16:24 |
| lunaphyte | i have a server with an nfs filesystem in fstab. the filesystem fails to mount at boot, but mounts just fine with mount -a after boot. so far, i've not found much in the way of logging. how can i troubleshoot this further? the os is 14.04.4 | 16:29 |
| RoyK | lunaphyte: try adding _netdev to the options | 16:30 |
| RoyK | with the underscore | 16:30 |
| lunaphyte | i did try that, but it doesn't seem to have an effect | 16:31 |
| lunaphyte | here's the current fstab entry: | 16:31 |
| lunaphyte | 10.128.35.251:/home/home/example.comnfsauto,_netdev,rw,hard,intr00 | 16:31 |
| === InfoTest1 is now known as InfoTest | ||
| dasjoe | So, I'm playing with lxd on 16.04 for a bit. "lxc-ls" shows no defined containers, "lxc list" shows the ones I'm running but its output is not easily parseable. Am I missing something? I'd like to feed the output into lxc-destroy (or should I use "lxc delete"?) | 17:44 |
| DvLnme | hello everyone | 17:46 |
| === King is now known as hiwhiteboy | ||
| === _thumper_ is now known as thumper | ||
| === Monthrect is now known as Piper-Off | ||
| punkoivan | hi guys. | 22:31 |
| punkoivan | have some problem with ssh. when I don't use ssh-session for few minutes I got "broken pipe" | 22:32 |
| punkoivan | in sshd_config fix timeout 120 to 0, but it's not fix. | 22:33 |
| punkoivan | It's no problem to reconnect, but realy irritabel | 22:34 |
| patdk-lap | enable keepalives :) | 22:45 |
| tdelam | hey, how do I upgrade apache from Apache/2.4.7 (Ubuntu) to 2.4.16 via apt? We're on 12.04 LTS. | 22:50 |
| bekks | sudo apt update; sudo apt full-upgrade; | 22:51 |
| tdelam | trying to find some info online but it's bee tricky finding documentation to upgrading to a specific version | 22:51 |
| tdelam | a full upgrade? | 22:51 |
| bekks | tdelam: Sure. | 22:51 |
| rbasak | tdelam: we only maintain one version per Ubuntu release. | 22:51 |
| tdelam | Oh | 22:52 |
| tdelam | 2.4.16 is in the most recent? | 22:52 |
| rbasak | 2.4.7 in Trusty, 2.4.12 in Wily. | 22:52 |
| rbasak | Wily is the most recent Ubuntu release. | 22:52 |
| tdelam | ah | 22:52 |
| rbasak | Xenial is on 2.4.18. | 22:52 |
| rbasak | (but not released yet) | 22:52 |
| tdelam | damn | 22:52 |
| tdelam | I might have to do this from source :/ | 22:52 |
| rbasak | If there's a specific bugfix you need, we can backport a fix depending on what it is. | 22:53 |
| tdelam | PCI scan is calling specifically for 2.4.16 | 22:53 |
| rbasak | If it's a security thing, we quite likely already have backported the fix to 2.4.7. | 22:53 |
| rbasak | Get a better PCI scan. | 22:54 |
| tdelam | heh | 22:54 |
| tdelam | if it were only that easy | 22:54 |
| tdelam | https://www.dropbox.com/s/v7sj60f87yadcqj/Screenshot%202016-03-20%2018.54.07.png?dl=0 | 22:54 |
| rbasak | Doing it yourself from source is clearly worse for security. | 22:54 |
| rbasak | Unless you want to also pay a security team to keep it up to date. | 22:54 |
| tdelam | yep | 22:55 |
| tdelam | that's not efficient | 22:55 |
| rbasak | You can look up CVEs at http://people.canonical.com/~ubuntu-security/cve/ | 22:56 |
| rbasak | For example your first CVE is fixed in the version in Trusty. | 22:56 |
| rbasak | No need to update to anything else. | 22:56 |
| tdelam | oh wow | 22:56 |
| tdelam | this will be good, I can show them it's resolved in 2.4.7 | 22:57 |
| tdelam | looks like their scan is checking version, not pen testing any of this. | 22:57 |
| rbasak | If your scan says you're vulnerable and you have the latest package installed, then your scan is wrong. | 22:57 |
| rbasak | Right | 22:57 |
| tdelam | petty dumb pci scanner | 22:57 |
| tdelam | thx a ton rbasak, ill check that url | 22:57 |
| rbasak | No problem. | 22:57 |
| tdelam | rbasak: sorry, https://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0231.html the green "released" text depicts that it was patched in those releases? | 22:59 |
| rbasak | Right. And the version in brackets tells you the package version it was fixed in. Make sure you have that version (or higher) installed. | 23:00 |
| tdelam | gotcha, thanks! | 23:00 |
| tdelam | gorgeous! all the issues listed in their scan threat is resolved in my version. | 23:02 |
| tdelam | thankscience! | 23:02 |
| rbasak | nacc_: FYI, https://www.stewright.me/2016/03/upgrade-php-7-0-ubuntu/ | 23:07 |
| rbasak | Oh, he's using Ondrej's PPA | 23:07 |
| rbasak | Never mind! | 23:07 |
| nacc | rbasak: yep, that's on 14.04 | 23:22 |
| rbasak | Sorry. I assumed it was talking about 16.04 without reading further. | 23:22 |
| rbasak | How's it going BTW? Near the finish line yet? | 23:23 |
| rbasak | I haven't been following because you seemed to have a very good handle on it. | 23:23 |
| nacc | rbasak: php7 progress is good, it's the removal of php5 that's going slowly | 23:23 |
| nacc | we finally got symfony updated last week | 23:24 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!
