[09:05] <lordievader> Good morning.
[13:37] <devster31> how can I login as root from a ssh session? I have ssh root disabled, but I can sudo su -, however the old login session stays open if I do this, and I can't change usernames with the old user session still open
[13:38] <bekks> devster31: Login as user, and dont use sudo su - (which is nonsense), but just sudo -i
[13:38] <bekks> And for changing usernames, you need to create another user capable of using sudo -i, login as the new user, and change the username of the old user.
[13:39] <bekks> No need for unlocking the root account, no need for enabling ssh as root.
[13:41] <devster31> so the only way to rename a user is to create a new one with root privileges and log in as this one?
[13:41] <bekks> Correct.
[14:49] <patdk-lap> is there some way I can audit all access in apparmor?
[14:49] <patdk-lap> I cannot seem to locate the correct path to block access for a file
[14:55] <Sling> patdk-lap: you can set it in learning mode
[14:55] <Sling> see https://help.ubuntu.com/lts/serverguide/apparmor.html
[14:56] <Sling> (see aa-genprof)
[14:56] <patdk-lap> ya, but that only works if a something matches
[14:56] <patdk-lap> the problem is, I can't get anything to match
[14:56] <patdk-lap> atleast for the folder I am concerned about
[14:56] <patdk-lap> for other folders, works fine
[15:04] <patdk-lap> nothing was captured by aa-genprof :(
[15:05] <patdk-lap> is there a way I can show what profile I'm running in, to confirm it's actually matching?
[15:06] <patdk-lap> ah, na, it's not matching the program
[15:07] <patdk-lap> ok, so the path to the program itself is also messed up
[15:17] <devster31> bekks: why is sudo su - nonsense? doesn't it login as root?
[15:44] <snowgoggles> devster31: ?
[15:49] <devster31> he said: Login as user, and dont use sudo su - (which is nonsense), but just sudo -i
[15:53] <ogra_> sudo su - messes up the environment, sudo -i gives you a proper one
[15:54] <ogra_> (and "sudo su" generally starts extra subshells which is pointless)
[16:08] <devster31> but sudo resets the entire env, only some variables are passed right?
[16:12] <snowgoggles> devster31: what's the concern? they will elevate privileges differently
[16:24] <devster31> no concern, I'm curious, if I have for example local::lib perl variables with sudo -i they won't be passed
[16:29] <lunaphyte> i have a server with an nfs filesystem in fstab.  the filesystem fails to mount at boot, but mounts just fine with mount -a after boot.  so far, i've not found much in the way of logging.  how can i troubleshoot this further?  the os is 14.04.4
[16:30] <RoyK> lunaphyte: try adding _netdev to the options
[16:30] <RoyK> with the underscore
[16:31] <lunaphyte> i did try that, but it doesn't seem to have an effect
[16:31] <lunaphyte> here's the current fstab entry:
[16:31] <lunaphyte> 10.128.35.251:/home	/home/example.com	nfs	auto,_netdev,rw,hard,intr	0	0
[17:44] <dasjoe> So, I'm playing with lxd on 16.04 for a bit. "lxc-ls" shows no defined containers, "lxc list" shows the ones I'm running but its output is not easily parseable. Am I missing something? I'd like to feed the output into lxc-destroy (or should I use "lxc delete"?)
[17:46] <DvLnme> hello everyone
[22:31] <punkoivan> hi guys.
[22:32] <punkoivan> have some problem with ssh. when I don't use ssh-session for few minutes I got "broken pipe"
[22:33] <punkoivan> in sshd_config fix timeout 120 to 0, but it's not fix.
[22:34] <punkoivan> It's no problem to reconnect, but realy irritabel
[22:45] <patdk-lap> enable keepalives :)
[22:50] <tdelam> hey, how do I upgrade apache from Apache/2.4.7 (Ubuntu) to 2.4.16 via apt? We're on 12.04 LTS.
[22:51] <bekks> sudo apt update; sudo apt full-upgrade;
[22:51] <tdelam> trying to find some info online but it's bee tricky finding documentation to upgrading to a specific version
[22:51] <tdelam> a full upgrade?
[22:51] <bekks> tdelam: Sure.
[22:51] <rbasak> tdelam: we only maintain one version per Ubuntu release.
[22:52] <tdelam> Oh
[22:52] <tdelam> 2.4.16 is in the most recent?
[22:52] <rbasak> 2.4.7 in Trusty, 2.4.12 in Wily.
[22:52] <rbasak> Wily is the most recent Ubuntu release.
[22:52] <tdelam> ah
[22:52] <rbasak> Xenial is on 2.4.18.
[22:52] <rbasak> (but not released yet)
[22:52] <tdelam> damn
[22:52] <tdelam> I might have to do this from source :/
[22:53] <rbasak> If there's a specific bugfix you need, we can backport a fix depending on what it is.
[22:53] <tdelam> PCI scan is calling specifically for 2.4.16
[22:53] <rbasak> If it's a security thing, we quite likely already have backported the fix to 2.4.7.
[22:54] <rbasak> Get a better PCI scan.
[22:54] <tdelam> heh
[22:54] <tdelam> if it were only that easy
[22:54] <tdelam> https://www.dropbox.com/s/v7sj60f87yadcqj/Screenshot%202016-03-20%2018.54.07.png?dl=0
[22:54] <rbasak> Doing it yourself from source is clearly worse for security.
[22:54] <rbasak> Unless you want to also pay a security team to keep it up to date.
[22:55] <tdelam> yep
[22:55] <tdelam> that's not efficient
[22:56] <rbasak> You can look up CVEs at http://people.canonical.com/~ubuntu-security/cve/
[22:56] <rbasak> For example your first CVE is fixed in the version in Trusty.
[22:56] <rbasak> No need to update to anything else.
[22:56] <tdelam> oh wow
[22:57] <tdelam> this will be good, I can show them it's resolved in 2.4.7
[22:57] <tdelam> looks like their scan is checking version, not pen testing any of this.
[22:57] <rbasak> If your scan says you're vulnerable and you have the latest package installed, then your scan is wrong.
[22:57] <rbasak> Right
[22:57] <tdelam> petty dumb pci scanner
[22:57] <tdelam> thx a ton rbasak, ill check that url
[22:57] <rbasak> No problem.
[22:59] <tdelam> rbasak: sorry, https://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0231.html the green "released" text depicts that it was patched in those releases?
[23:00] <rbasak> Right. And the version in brackets tells you the package version it was fixed in. Make sure you have that version (or higher) installed.
[23:00] <tdelam> gotcha, thanks!
[23:02] <tdelam> gorgeous! all the issues listed in their scan threat is resolved in my version.
[23:02] <tdelam> thankscience!
[23:07] <rbasak> nacc_: FYI, https://www.stewright.me/2016/03/upgrade-php-7-0-ubuntu/
[23:07] <rbasak> Oh, he's using Ondrej's PPA
[23:07] <rbasak> Never mind!
[23:22] <nacc> rbasak: yep, that's on 14.04
[23:22] <rbasak> Sorry. I assumed it was talking about 16.04 without reading further.
[23:23] <rbasak> How's it going BTW? Near the finish line yet?
[23:23] <rbasak> I haven't been following because you seemed to have a very good handle on it.
[23:23] <nacc> rbasak: php7 progress is good, it's the removal of php5 that's going slowly
[23:24] <nacc> we finally got symfony updated last week