| tdelam | Hey, I am running Ubuntu Server 14.04 LTS, we require Apache version > 2.4.10 current in apt I only get 2.4.7-1ubuntu4.9. How can I install Apache>2.4.10 via apt? or is this not possible? | 00:14 |
|---|---|---|
| tarpman | tdelam: is there a specific 2.4.10 feature you require? | 00:15 |
| sdeziel | tdelam: 16.04 ships with Apache 2.4.18 | 00:15 |
| tdelam | tarpman: PCI compliance :/ | 00:16 |
| tdelam | mv compliance annoyance | 00:16 |
| tdelam | sdeziel: oh? | 00:16 |
| sdeziel | tdelam: out of curiosity, why is PCI requiring a specific version for Apache? | 00:16 |
| tdelam | sdeziel: I've been through this already, they're idiots, sorry, but it's frustrating. I showed them all CVE's for the current Apache and how their concerns are already patched in this current version | 00:17 |
| tdelam | in one ear and out the other. | 00:17 |
| sdeziel | oh | 00:17 |
| tdelam | yep. | 00:18 |
| tdelam | is it safe to go from 14.04 to 16.04/ | 00:18 |
| tdelam | ?* | 00:18 |
| sdeziel | last time I had to mess with PCI, they were asking for TLS 1.2 but they didn't care about software versions | 00:18 |
| tdelam | yea, quite annoying | 00:18 |
| sdeziel | tdelam: the distro upgrade isn't yet offered/supported but you can do a fresh install if that's feasible | 00:19 |
| sdeziel | 16.04 is pretty new (got released yesterday) but I've been happily running it since months and love it | 00:19 |
| tdelam | I'd have to reconfigure the server, took a lot to get to the current state and passing PCI. This recently came up so I am trying to do this upgrade | 00:20 |
| sdeziel | tdelam: how do those PCI auditors deal with RHEL boxen? those ship ancient apache (httpd) versions | 00:20 |
| tdelam | It sounds like I'll need to reinstall apache from source if I can't find a repository for it. | 00:20 |
| tdelam | sdeziel: I don't know, heh.. they'll be lost | 00:21 |
| sdeziel | tdelam: maybe switching to nginx would be an easy out? | 00:21 |
| tdelam | no, this is a bandaid solution. This server is actually a proxy server with mod_security rules configured specifically for this site, which was built in 1996 and neglected... It's a bandaid while we rebuild a new one. | 00:23 |
| tdelam | Funny thing is, the company is absolutely massive, how it ever got this state we'll never know. =/ | 00:23 |
| sdeziel | tdelam: Ondřej Surý has a PPA with fresh Apache: https://launchpad.net/~ondrej/+archive/ubuntu/apache2?field.series_filter=trusty | 00:25 |
| tdelam | :o | 00:27 |
| tdelam | this may be what I need! | 00:28 |
| sdeziel | as always with PPA, be careful :) | 00:29 |
| sarnold | tdelam: maybe your auditors can be convinced with this instead? http://people.canonical.com/~ubuntu-security/cve/pkg/apache2.html | 00:29 |
| tarpman | ondrej is decently trustworthy, as ppas go | 00:29 |
| sdeziel | I trust Ondřej but I never tested this PPA personally | 00:29 |
| sarnold | tdelam: .. and out of curiosity, do they perchance also sell services to keep self-compiled apache up to date? :) | 00:30 |
| tdelam | sarnold: I tried :( | 00:30 |
| tdelam | sarnold: hah no, only internet, tv, phone, mobility, etc | 00:30 |
| sarnold | hah | 00:30 |
| sarnold | I've got a feeling the only people who run self-compiled apache are (a) clients of pci compliance firms (b) apache developers | 00:31 |
| tdelam | yea, if this doesn't work then I'll be doing that next, rebuilding all modules too, probably a pain | 00:32 |
| maxb | I run lots of self-compiled apache at work. If you actually care about tracking the latest version, it's a pretty easy thing to script the usual configure-make-install for it | 00:32 |
| maxb | Less so if you depend on more than one or two separate modules, granted | 00:33 |
| sdeziel | feels a bit like Gentoo at this point ;) | 00:33 |
| tdelam | heh | 00:33 |
| sarnold | heh okay (a) clients of pci firms (b) apache devs (c) maxb :D | 00:34 |
| sdeziel | tdelam: looking at the 2.4.10 changelog, I'm not sure what they want specifically? The ability to use large DH params? | 00:37 |
| tdelam | sdeziel: nope, not feature specfic either, just version; nothing more... it makes no sense, I have pleaded my case and provided many CVE's that clearly show that our current Apache version addresses ALL their issues. | 00:40 |
| tdelam | they rather spend more money on us upgrading to the latest than reading the CVE's provided | 00:41 |
| tdelam | like the old saying goes; more money than brains. | 00:41 |
| sdeziel | oh well | 00:41 |
| sarnold | I wonder, sometimes you hear about pci firms that can be convinced "running most recent packaged version" is sufficient; maybe we ought to go to some effort to promote them and publicly chastise the ones that want you to compile and run the webserver yourself | 00:41 |
| tdelam | sdeziel: thanks, this solved the problem. I now have 2.4.20 installed | 00:43 |
| tdelam | sarnold: yea, I don't even know either. | 00:43 |
| sdeziel | tdelam: thank Ondřej then :) | 00:43 |
| tdelam | it's bonkers. Why would a PCI place want you to run non-stable software when clearly the stable version consists of the patches that they're concerned about. | 00:44 |
| sarnold | I mean, all due respect to ondrej, but you've just gone from running a package that's potentially reviewed by millions to a package potentially reviewed by hundreds; and from "ubuntu security team fixes bugs" to "ondrej fixes bugs" | 00:44 |
| sdeziel | trying to understand their logic is probably drive you insane | 00:44 |
| tdelam | sdeziel: I will donate some money to him, he has a link on the link you gave me. | 00:44 |
| sarnold | indeed | 00:44 |
| tdelam | sarnold: exactly my point :/ so weird | 00:45 |
| tdelam | they're so enamoured with a version number that they're probably not even considering the fact that 2.4.20 might have issues, unknown security issues. | 00:46 |
| sdeziel | the safest way might be to patch the Ubuntu sources to s/2.4.7/2.4.10/ | 00:46 |
| sdeziel | but I wouldn't risk cheating like that | 00:47 |
| tdelam | yea, I am ok with this, 2.4.20. Fine by me, if they want to downgrade yet again they'll send thousands our way again and mayb realize the stupidty with this | 00:48 |
| tdelam | restore from an image, and rinse repeat. | 00:48 |
| tdelam | so silly. | 00:48 |
| tdelam | . | 00:50 |
| tdelam | woops | 00:50 |
| tdelam | hmmm https://deb.sury.org/pages/ No such thing as that, sorry Page Not Found. I can't donate :/ | 00:51 |
| tdelam | found it | 00:52 |
| tdelam | thanks for all your help guys | 00:54 |
| sdeziel | you are welcome | 00:54 |
| tjbenator | Anyone having a problem with Ubuntu Server 16.04 booting to a blank screen? I can manually switch to tty[1-6], but it would be nice if it would boot to one of them | 02:38 |
| FarhaadN | how to disbale apt-check? | 04:18 |
| FarhaadN | no response? | 04:21 |
| FarhaadN | 483 people and anyone know about that? | 04:33 |
| === athairus is now known as afkthairus | ||
| SupaYoshi | I have a VPS with Ubuntu Server, and am running a few websites on it. The host says I exceed theyre CPU load policy / CPU abuse, according to them the values are as following: We allow a CPU load average of no more than 0.9 constant and bursts up to 2. You regularly exceed this. | 08:38 |
| SupaYoshi | Should I switch to another VPS? or offload some websites of this VPS to anothre VPS? | 08:38 |
| SupaYoshi | Also, how can I determine which website is causing the high cpu load most likely? | 08:38 |
| SupaYoshi | 11:07:34 up 20:30, 1 user, load average: 8.07, 7.52, 7.25 | 09:09 |
| SupaYoshi | Im obviously doing somthing wrong, but not sure what processes are causing such an high cpu load | 09:09 |
| SupaYoshi | my apache seems to be always on top of the list in process usage | 09:10 |
| fm76_italy_ba | Ciao a tutti from Italy. I installed on my ubuntu mate apache2 but i cannot create a folder or a document in the var/www folder. can anybody help me? thank you ... grazie | 11:27 |
| vbotka | fm76_italy_ba, apache2 is running with UID www-data; you might want to check the permissions | 12:05 |
| fm76_italy_ba | I'm a newbie about linux are you willing to help me step by step? also in PM | 12:09 |
| === Piper-Off is now known as Monthrect | ||
| devster31 | so I have USERGROUPS enabled in login defs, the default umask is 022 which gets relaxed to 002, however when I sudo -i the umask for root is still 022, why is that? | 15:12 |
| === afkthairus is now known as athairus | ||
| === JanC_ is now known as JanC | ||
| kurt_ | When using conjure-up to deploy openstack on a single node, it keep telling me lxd is not configured when using a created bridge (`br0`) and launching `sudo lxd init` like in this blog post: https://insights.ubuntu.com/2015/11/10/converting-eth0-to-br0-and-getting-all-your-lxc-or-lxd-onto-your-lan/ | 17:52 |
| kurt_ | Anyone having done something similar at home? | 17:53 |
| m-hussain | I am from an SME in the Maldives. I want to deploy a Ubuntu-OpenStack setup with 5 x virtual nodes for openStack components, 5 x physcal nodes for compute (nova) and 2 x HP iSCSI storage. So, will the Ubuntu Advantage **Essentials** subscription allow me to do this? | 17:57 |
| Aison | how do I use php fpm?!? what do I have to add to my VirtualHost section in apache2 | 18:57 |
| inyourgroove | h | 19:21 |
| inyourgroove | hello folks | 19:21 |
| inyourgroove | are there known issues with the phpmyadmin package on 16.04? | 19:21 |
| === KnownSyntax_ is now known as KnownSyntax | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!