/srv/irclogs.ubuntu.com/2016/04/02/#ubuntu+1.txt

recon_lapgetent group sudo ; returns sudo:x:27:00:02
TJ-recon_lap: wow, it has actually edited the system!?00:02
TJ-recon_lap: besides the standard Ubuntu repositories, have you added any 3rd party repos to apt?00:03
TJ-recon_lap: I'm wondering about a malicious program00:03
recon_lapgetent group adm ; returns adm:x:4:syslog00:03
TJ-for 'getent group sudo' I see "sudo:x:27:tj,root"00:03
TJ-recon_lap: was this a standard installation of ubuntu-desktop ?00:04
recon_lapmalicious program not very likely I'd think. seems much more likely something blew up00:04
recon_lapTJ-: yes, standard desktop install, the most exotic thing I've installed is the lamp stack00:06
TJ-to remove the logged-in user from a group is almost impossible - for the same reason when you add a user to a group the user needs to re-log in. The security context is in memory00:06
recon_lapwell, apachy2 does start off as root00:07
TJ-recon_lap: the only scenario I can imagine to do what you describe is if your user was actually removed from the sudo group during a *previous* log-in session and you only noticed it after this current log-in prevented sudo actions00:07
recon_lapTJ-: I did reboot, but the issues was there before I did that00:08
TJ-recon_lap: check /var/log/auth.log ... you may need to reboot and go into Recovery mode to be 'root' at start-up to view that file00:08
recon_lapdont seem to be able to get into recovery mode? just press shift while booting?00:13
TJ-yes00:16
TJ-hold it down early whilst still in the firmware POST else GRUB may start before you press it00:16
recon_lapok,got is , had to use f12 and going EFI00:17
recon_lapgot auth.log, it's a big file00:21
TJ-yes, work backwards through it or grep00:24
TJ-not sure what you could search for though so best to read backward00:24
recon_lappolkitd(authority=local): Registered Auth Agent for unix-process:16282:5514607 system bus name :1.123 [/usr/bin/pkttyagent --notify-fd 4 --fallback] object path /org/freedesktop/policykit1/authenticationAgent, locale en_IE.UTF-8) , is the line where is appears to start going wrong00:36
looodgreyWhat are reasons why base-installer/kernel/image  wouldn't find any valid kernels installed? I'm trying out to preseed xenial and its erroring about not finding a kernel. I've tried setting it to linux-image,linux-image-generic but errors.00:38
recon_lapone of the reboot messages is lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pan_kwallet.so: cannot open shared object file: No such file or directory , normal?00:43
recon_lapwell, this auth.log is pretty much double dutch to me, and cant think of anyway to get it online for you to look at00:48
TJ-recon_lap: the pam_kwallet.so message is expected, no-fatal, just a reminder00:50
TJ-recon_lap: auth.log records all 'sudo' initiated commands. try find the last occassion such was logged; that will narrow down the time window for when this issue begain00:51
recon_lapTJ-: I found when it started, 00:17:07 approx00:53
TJ-recon_lap: what is your current local time ?00:53
recon_lap01:54:0000:54
TJ-ahhh, you're UK like me then.00:54
TJ-OK, now correlate that time to package actions in /var/log/apt/history.log00:54
TJ-recon_lap: now you've got a timeframe to search from, you can look at logs to determine if there are clues.00:55
recon_lapthe previous comand was /usr/sbin/a2enmod php500:55
TJ-recon_lap: for very specific apt activity look in /var/log/apt/term.log00:56
TJ-recon_lap: ok, so this looks to have happened *after* the packages were installed, and possibly related to the invokation of a2enmod ?00:56
recon_lapTJ-: look that way to me, the a2enmod root session closed ok, then next command sudo service apachy2 restart bombed00:57
=== cyphase_ is now known as Guest56642
TJ-recon_lap: now check that a2enmod is not a malicious tool: " pushd /; grep usr/sbin/a2enmod /var/lib/dpkg/info/apache2.md5sums | md5sum -c; popd  "00:59
TJ-recon_lap: also check 'sudo' itself: " pushd /; grep usr/bin/sudo /var/lib/dpkg/info/sudo.md5sums | md5sum -c; popd "01:00
recon_lapthere was one error in the php5 install log "Error: PHP7.0 module already enabled, not enabling php5 , Setting up php5-readline (5.6.17+dfsg-3ubuntu1)01:02
=== flocculant_ is now known as flocculant
recon_lapgetting no properly formatted MD5 checksum found from the a2enmod check, sudo checks out ok01:10
TJ-recon_lap: hmmm, really?01:12
TJ-let's follow that up then01:12
TJ-check the md5sums file looks ok manually: "grep sbin/a2enmod /var/lib/dpkg/info/apache2.md5sums"01:13
recon_lapTJ-: nevermind, I'd left the s off sbin , opps01:15
TJ-hahaha01:16
recon_lapusr/sbin/a2enmod: ok01:16
recon_lapTJ: there is an odd one in the auth log, "polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action org.freedesktop.systemd1.manage-units for system-bus-name::1.124 [systemctl restart apache2.service] (owned by unix-user:mec)01:25
recon_lapand I had recently entered the "ServerName localhost" into /etc/apache2/conf-available/fqdn.conf01:27
TJ-recon_lap: that auth log message, decoded, says to me that due to your user 'mec' losing sudo privs polkitd reports the systemd dbus service refusing service01:32
TJ-recon_lap: so, that seems to confirm that something happened before you tried to restart the apache service, but after installing the package01:32
TJ-so, you've now got a very narrow time window to work with, which helps01:33
recon_lapsudo a2enmod php501:33
TJ-recon_lap: without having access to that PC its hard to take this further; it certainly appears on the face of it to be a security issue that needs solving to prove there's nothing wrong/dangerous with the packages themselves01:35
bandit-ledany one having issues with tty and latest nvidia?01:37
recon_lapTJ-: I really dont know, But I've a feeling it more like I found an interesting way to blow up the sudo file rather than anything malicious.01:38
TJ-well that's Denial of Service of a rather severe kind; not something we escaping, especially because apache/php is deployed on remote servers where access to physical console may be impossible01:39
recon_lapTJ-: the box was firewalled, no incoming connections01:41
recon_lapnot that that is proof of anything :)01:41
recon_lapanyways, it's late, I'll have to have a go at fixing it tomorrow. thx for the help TJ- , pity we did not find anything concrete. Though you'd be interested in here as it's a rather nasty issue01:46
recon_lapok, re adding myself to the sudoers file was stupidly easy01:51
recon_lapTJ-: www.pastebin.com/a714JqYR  auth.log02:03
TJ-recon_lap: how about this... something in the installed PHP web application code you've got there managed to do this when apache started? the fact  you said that apache2 server itself 'blew up' might indicate a vulnerability exploit02:07
=== cyphase_ is now known as Guest77481
recon_lapTJ-: trying to look at the apachy2 logs now. having some issues getting to the apachy dir !!02:10
recon_lapnothing in the apache2 logs other than the crash at  00:17 , it still segfaulting when I try start it now though.02:21
recon_lapuninstalling libapache2-mod-php5 fixes apachy02:24
recon_lapand g'night02:26
=== ren0v0_ is now known as ren0v0
lordievaderGood morning.09:13
Mathisenhello this morning when im trying to " sudo apt update " i get hash sum missmatch ???10:04
Mathisenwhat is going on10:04
Mathisenusing se.archive.ubuntu10:05
Mathisenand how do i fix this ?10:05
Mathisenchange mirror ?10:06
pesariMathisen: you could ask at #ubuntu-mirrors10:07
Mathisenwill do10:07
zxdI have Intel Corporation Mobile 945GM/GMS, 943/940GML Express Integrated Graphics Controller (rev 03) , using xubuntu 16 beta  When X loads I get corrupted display if I goto console ctrl+alt+f1  and back alt+f7  the screen becomes clean again11:10
zxdwhy does this happen?11:10
BluesKajHiyas all13:36
petrovichHi there15:23
petrovichis it me, or no one cannot upgrade his ubuntu?15:24
nicomachuspetrovich: what do you mean?15:26
petrovichsystemd package is corrupted15:26
petrovichUnpacking systemd (229-3ubuntu2) over (229-3ubuntu1) ... dpkg-deb (subprocess): decompressing archive member: lzma error: compressed data is corrupt15:26
nicomachusthat would be just you.15:26
xothedHi I have problem with pipelight ppa. Added repo15:26
xothedbut sudo apt-get update doesnt fetch15:26
xothedpackage15:26
xothedand I cant install it15:27
nicomachusxothed: which ppa are you using? ppa:pipelight/stable or ppa:mqchael/pipelight?15:27
xothedpipelight/stable15:28
nicomachusxothed: one sec, let me try here.15:29
xothedi see when doing update.. but package is not downloaded  http://ppa.launchpad.net/pipelight/stable/ubuntu xenial InRelease15:29
BluesKajxothed, did you add any keys?15:29
xothedyes15:30
xothed http://ppa.launchpad.net/pipelight/stable/ubuntu xenial InRelease15:30
xothedsudo apt-add-repository ppa:pipelight/stable15:30
jshusky_26Hi guys, I installed a 16.04 alpha a few weeks ago. I do sudo apt-get update/upgrade every time I boot to get up to speed. Today I checked uname -r and saw 4.4.0-15. I expected to see 4.4.5/6 that I understood the final beta to be at. Question is this; is there something special I should be doing that I may not be doing in order to keep a dev-version current?15:30
xothedpress enter to add keys15:30
xothedbut nothing is fetched15:31
nicomachusjshusky_26: are you doing dist-upgrade?15:31
xothednicomachus, did you try?15:32
jshusky_26...nope, does that mean I'm still on the alpha I installed?15:33
xothednicomachus ?15:35
nicomachusjshusky_26: I'm still on 4.4.0-1215:35
xothedBluesKaj, any idea why it doesnt work15:35
nicomachusxothed: one sec, just got into my home box.15:35
xothedok15:35
jshusky_26looks like there are upgrades to be had with dist-upgrade though to 4.4.0-16. --if you're still on 4.4.0, I must be mistaken15:36
nicomachusxothed: I'm having issues installing that as well. You may need to contact the PPA maintainer.15:37
jshusky_26I'm hoping to stop with the dev-releases once 16.04 is released and stay there. Should I be doing the dist-upgrade until that happens?15:37
nicomachusjshusky_26: you should always do dist-upgrades to make sure the kernel is up to date.15:38
xothednicomachus, ugh15:39
nicomachusxothed: I know, sorry. That's what happens with beta releases.15:39
nicomachus¯\_(ツ)_/¯15:39
xotheddaily-build is still beta ?15:41
nicomachusyes.15:41
jshusky_26nicomachus: oh...15:41
jshusky_26good to know15:41
xothedwhen offical release is expteced ?15:41
BluesKajI'm totally up to date and it looks like the pipelight /stable ppa doesn't have the packages ..tried the ppa myself and it shows up in the update but no packages available, xothed15:43
nicomachusApril 21st15:43
nicomachusHmmm.... Chrome still can't get their crap together? https://paste.ubuntu.com/15589524/15:43
xothedBluesKaj, I have the same issue15:43
nicomachusme too15:44
xothedbut its weird, because page shows that something should be able to be fetched15:44
xothedhttps://launchpad.net/~pipelight/+archive/ubuntu/stable?field.series_filter=xenial15:44
nicomachusxothed: yea, there's an issue with the package. As I said earlier, you'll have to contact the dev.15:45
xothedbtw there is any difference for using Intel drivers for Skylake HD 530 or build in kernel, other than support ?15:46
xothedi see in drivers option to chose Intel microcode15:46
Bluefoxicyhas anyone actually tried removing transitional dummy packages?18:18
Bluefoxicydamn18:44
BluefoxicyUbuntu really doesn't support wine18:44
Bluefoxicycurrent stable 1.8.1, ubuntu has 1.6 and 1.418:44
recon_lapwell, I think this install of 16.04 is toast and has to be reinstalled18:46
recon_lapsomehow my admin account got removed from all privileged groups and it's nothing but issues now.18:47
=== StaffUnicorn is now known as nhandler
recon_lapwell, ok, maybe not toast, re adding my self has seemed to fix current issues18:55
Madhumper69is there somewhere where i can find the latest kernel information and changes for ubuntu? i cant seem to find anything only new kernel 4.4.6 install information? is this the latest kernel?18:57
Bluefoxicyyes it's the latest kernel18:58
BluefoxicyI wish they'd publish a -ck kernel too but oh well.18:58
Madhumper69installed it and works great, im 1month new to ubuntu and learned alot, i resolved and learned so much in a month.18:58
Madhumper69hosting webpages and mounting a ntfs drive to share on the network was a tricky one lol18:59
Madhumper69-ck kernel?19:01
echeese_Hey there, trying out 16.04 and I get a black screen shortly after boot when I start up without nomodeset19:51
echeese_any ideas?19:51
recon_lapecheese_: find the bug report for the blank screen at boot up and see if it's fixed yet, thats an old one as far as i can remember20:02
rud0lfhello21:49
rud0lfcan i turn old-fashioned (14.04) window sliders back on?21:49
rud0lfthe new are too small for my clumsy hand :[21:49
rud0lfor scrollbars, not sure  the name21:51
rud0lfgsettings set com.canonical.desktop.interface scrollbar-mode says 'overlay-auto'21:53
rud0lf(get, not set, pardon)21:53

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!