/srv/irclogs.ubuntu.com/2016/05/09/#ubuntu-server.txt

=== rodlogic is now known as Guest90697
=== Guest460 is now known as mfisch
=== mfisch is now known as Guest81704
=== rodlogic is now known as Guest28228
=== Guest81704 is now known as mfisch
=== mfisch is now known as Guest30018
Odd_Blokewolflarson_: I don't know anything specific, but I do know that there was a major version change of PHP in 16.04.09:54
yossarianuk Hi - I am going to be using KVM for VM's  (16.04_- I tried creating the network bridge using network-manager I can see the following constantly  the following messages in dmesg10:49
yossarianuk br0: port 1(enp3s0f1) received tcn bpdu - br0: topology change detected, propagating10:50
yossarianukhowwever if I add the bridge by the old method - i.e editing /etc/network/interfaces manually I do not10:50
yossarianukhowever I want to use network manager to easly change network profiles and vpn links.10:50
yossarianukanyone know how to prevent this - stp was enabled in nm and the interfaces file10:51
yossarianuksorry rebooted11:22
yossarianukcan anyone say why I get the following in dsmeg when I setup a network bridge using network-manager (for bridge br0)11:22
yossarianuk[ 1271.540537] br0: port 1(enp3s0f1) received tcn bpdu11:22
yossarianuk[ 1271.540548] br0: topology change detected, propagating11:22
yossarianukwith stp enabled?11:22
yossarianuk> however if I add the bridge just by editing /etc/network/interfaces (old ubuntu method) I do not see anyh messages11:22
yossarianuk i.e - if I use this method (and enable stp) I do not see the messages -> https://wiki.ubuntu.com/KvmWithBridge11:22
yossarianukhowever I want to use network-manager do easily change netowrk profiles11:23
marsjeHi. I'm running 2 machines with Ubuntu 14.04.4 LTS and kernel 4.2.0-35-generic (x86_64). On both machines there is a python script running that is copying files to the cloud. Only one machine uploads 2-5 times slower than the other11:37
marsjeis there any way I can debug this?11:37
marsjeI already switched the cables and that doesn't make a difference11:37
marsjethe NIC are Intel 10-Gigabit X540-AT2 (on 1 Gbit switch)11:40
yossarianukI have made a forum post here -> http://ubuntuforums.org/showthread.php?t=2323900&p=13486188#post1348618811:47
marsjeboth machines have the same driver ixgbe 4.0.1-k11:48
jamespageddellav, hey - hows the testing looking for bug 156950212:23
jamespage?12:23
ubottubug 1569502 in Ubuntu Cloud Archive liberty "[SRU] liberty point releases" [High,Fix committed] https://launchpad.net/bugs/156950212:23
caribouHi, do you people think it's a good idea to use ~ubuntu-server-dev to host the ubuntu-specific makedumpfile source git tree ?12:25
caribouusually, I keep it in sync with upstream debian, but sometimes there are delta that I wish I could host on Launchpad12:25
caribouFYI makedumpfile source contains the kdump-tools + makedumpfile binaries12:26
rbasakcaribou: I have no objection. I wonder if there's a better team, but maybe it's better to put it whether other trees are.12:27
caribourbasak: the only other think I could think of was foundation but I don't think they have a specific userspace12:28
caribouI'll ask in #ubuntu-devel12:29
rbasakcaribou: sorry, what I mean is that perhaps ~ubuntu-server-dev is a good place because it's where other trees are.12:30
caribourbasak: that's what I think also12:30
caribourbasak: most of the time it is a straight sync from debian so there shouldn't be much delta but yet I think that this is the most coherent place12:31
caribouI'll put it there & I can always move it away if needed later12:31
rbasakcaribou: sure. nacc's work on an importer should be showing up soon, too.12:31
cariboucool12:32
caribouIf someone has a minute to review this very simple merge request so I don't do it for myself : https://code.launchpad.net/~louis-bouchard/ubuntu/+source/makedumpfile/+git/makedumpfile/+ref/fix_lp157159012:51
rbasakcaribou: lgtm13:01
=== rodlogic is now known as Guest30270
caribourbasak: thanks!13:01
jonahhi can anyone help. I've just had a nasty accident with chmod on my server and now I can't run any commands. I was trying to chmod a directory but accidently did the root!13:05
rbasakjonah: best to restore permissions from a backup.13:09
jonahrbasak: hi thanks, I do have backups but just not sure how to actually restore them13:10
jonahrbasak: I managed to stop the command when it was running but now I can't run ls or apt or other commands as I get a 'Permission denied' error13:10
Slingjonah: can you still run cp?13:11
jonahrbasak: also all my apache sites are showing internal server error13:11
cariboujonah: was it a recursive chmod ? (-R)13:11
jonahcaribou: yes it was the owncloud permission fix script! but it ran from the root / dir instead of the directory I should of been in!13:11
jonahhttps://doc.owncloud.org/server/8.0/admin_manual/installation/installation_wizard.html#strong-perms-label13:11
jonahso where ocpath is, I accidently just had it as /13:12
jonahinstead of the right path which should of just been empty and not a forward slash!!13:12
jonahSling: no cp also giving permission denied13:12
Slingjonah: mount the disk in another linux system then13:12
Slingand at least restore permissions to all the binaries in PATH13:13
jonahSling: ah ok so if I run a live usb flash drive on the server13:13
cariboujonah: yeah, you need to boot off the USB flash & mount your server's HD13:14
jonahSling: what permissions/ownerships do I then set from the live cd13:14
jonahcaribou: ok I'll dig out a live usb, would any of you be kind enough to help me out if I can try load it up now?13:14
Slingjonah: ideally you would boot/mount it from the same ubuntu version13:15
jonahSling: ok I'll download a unetbootin now and try load it up...13:15
Slingthen restore permissions based on that13:15
Slingtip: getfacl/setfacl can be used to make dumps/imports of filesystem permissions13:16
jonahSling: ok how do I shut down the server so I can boot the livecd safely?13:16
Slingalt-sysrq r e i s u b13:17
Slingwith a few secs inbetween each letter13:17
Slinghttps://en.wikipedia.org/wiki/Magic_SysRq_key#Uses13:18
jonahSling: hi again, sorry just on a different laptop13:24
jonahSling: found my original ubuntu server install usb flash drive but when i load it up there is no live environment, it has the installer and boot into rescue mode. is there any way to boot into a live shell?13:24
jonahSling: ubuntu server 14.10 lts is what I'm using...13:25
Pici14.10 wasn't an LTS...13:25
Slingjonah: the install cd should have an option 'try ubuntu without...'13:26
jonahSling: i think because it's server edition it doesn't have that. shall i just download desktop edition?13:27
Slingsure13:27
jonahSling: if I can mount the disks using the livecd is there anyway to see what the permissions used to be?13:36
=== rodlogic is now known as Guest93463
jonahHi can anyone help. I'm trying to restore some accidently changed chmods and permissions on my server which locked me out. I've booted a livecd and managed to mount the raid array. does anyone know how I now get the permissions back?13:49
ddellavjamespage coreycb kicked off the testing, im not sure how to look up the status and he's on swap today.13:54
jamespageddellav, I'm sure beisner would be delighted to show you around that side of SRU's13:54
maswanjonah: it depends on what was changed. if it was a recursive one on / or /etc, you're probably out of luck13:54
ddellavjamespage ack, i will inquire13:55
beisnero/ ddellav :-)13:55
ddellavbeisner on top of it as usual :)13:55
maswanjonah: if it is just your homedir, 755 on directories and 644 on files will likely be sufficient, assuming you have no private data there (thne you'd not want world readable)13:55
jonahmaswan: hi thanks I ran this but it ran from / rather than the directory I meant it to run from!13:57
jonahmaswan: https://doc.owncloud.org/server/8.0/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions13:57
beisnerjamespage, ddellav - looks like we'll need to re-test those, after resolving some issues @ stable bundles for wily-liberty.  ie. we don't currently have a good baseline, though i suspect those are not pkg or charm issues.  pxc in o-c-t bundles appears to still be wonky.  i'll pong in a bit.13:58
ddellavbeisner ack, let me know if i need to debug any breakages.13:59
beisnerddellav, we're still settling a few corners on the mysql-->pxc switches in the full deploy test bundles.  i suspect i've got something to adjust here re: that.14:00
maswanjonah: Ok, I'll recommend a reinstall14:02
beisnerddellav, thx will do14:02
ddellavbeisner :)14:03
jonahmaswan: what do you think the script has changed? currently I can't run any commands or I get permission denied? would rather save the system than reinstall if possible?14:04
maswanjonah: the permissions of pretty much all files14:05
jonahmaswan: i have a backup but I will lose loads of work from the last couple of days. is there anyway to set back some of the main permissions to at least see if we can get something working again? I did hit ctrl C as soon as I realised the script was running in the wrong place and it had already given out quite a lot of "file not founds" for things it was trying to adjust14:07
spidernik84hey there. Any idea of when the "predictable interface names" feature has been introduced, officially? I have installed a couple of 14.04 servers in a period of 3 months. The first one still has the ethX format. I wonder what differs between the twos and if this change has been introduced recently14:09
maswanjonah: this will make some commands work, but you are very unlikely to get a sound system again: chmod +x /usr/bin/* /usr/sbin/*14:09
jonahmaswan: Is there any commands that can pull up what was last modified on the raid and all the ones that match I could go through trying to chown/chmod perhaps?14:10
=== rodlogic is now known as Guest80695
ducasseI need to set up a few containers for various services at home. Should I be learning LXC or LXD?14:24
patdk-wkthere is a difference?14:28
jonahHi can anyone please help with some permission problems14:33
jonahmaswan: when I run ls -lRt I can't see any files really that have been updated today at the time it happened... So I don't think it would take too much to repair if I knew what to fix or change the permission back to. I have different partitions. Do you know where this script would start https://doc.owncloud.org/server/8.0/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions14:35
jonahmaswan: if you ran it from /14:35
jonahmaswan: I remember a lot of errors popping up saying can't find //certain-file can't find // does not exist etc14:36
jonahcan anyone help study that script to see what might have been altered if ran from /14:36
jonahor at least changed first...14:36
sdezielducasse: lxd is a daemon. You can use the lxc command to interact with it14:38
sdezielducasse: https://linuxcontainers.org/lxd/introduction/14:38
ducassesdeziel: ok, thanks. I just noticed that the tools that come in the lxd package don't seem to 'see' the containers created with the lxc tools.14:40
sdezielducasse: correct. The lxc tools are ~legacy14:41
ducassesdeziel: ok, but will they still be developed/maintained?14:42
jonahhi could anyone please help with restoring some broken permissions or chowns... I've ran a script from root by mistake and it's locked me out, the thing is it sprung a lot of erros up for "directory doesn't exist" etc when I ran the script and I quickly hit ctrl-c so I don't think much has been altered, but just trying to track down how to put it right again if anyone can please help me?14:42
sdezielducasse: https://linuxcontainers.org/lxc/introduction/: "LXC 1.0 will be supported until June 1st 2019 and LXC 2.0 until June 1st 2021."14:43
ducassesdeziel: ok, thanks. I should have noticed that when I was reading.14:44
sdezielducasse: np. I can only recommend trying lxd at some point, it's worth the detour14:46
ducassesdeziel: thanks, I guess I'll migrate what I have now before I've invested a lot of time in lxc.14:47
EmilienMcoreycb, jamespage: hi! any ETA on newton packaging?14:50
naccrbasak: ping?14:51
jamespageEmilienM, will probably open the UCA archive this week, but probably no initial packages until first milestone14:51
EmilienMjamespage: ok, cool.14:51
jamespagemight be earlier but we'll see how that goes :-)14:51
rbasaknacc: o/14:52
rbasaknacc: sorry I missed you on Friday. I have a DMB meeting in 8 minutes though :(14:52
EmilienMjamespage: we already gate on Newton, thanks to RDO repos. Let me know when I can do the same with UCA14:55
naccrbasak: np, would you be free after that?14:56
rbasaknacc: yes. Shall I ping you then?14:57
naccrbasak: perfect, thanks!14:57
=== Guest30018 is now known as mfisch
=== mfisch is now known as Guest56459
spidernik84ducasse, although they are different technologies I'd say go with LXD, which leverages LXC heavily. It is a future proof approach to containers: unprivileged containers by default, complete restful api, distributed. And it works pretty neatly I'd say. We are using it in prod and we're very happy.15:04
spidernik84keep in mind that LXC is more supported by automation tools like Ansible and the likes, since LXD final (2.0) has only been released a couple of weeks ago.15:06
=== rodlogic is now known as Guest20915
ducassespidernik84: thanks! yes, I'll start migrating what little I already have - fortunately I had just started migrating stuff out of kvm guests.15:11
=== ejat is now known as fenris-
=== fenris- is now known as ejat
=== ejat is now known as fenris-
=== fenris- is now known as ejat
=== rodlogic is now known as Guest12850
jeeves_mosshey guys, what is the best/easiest way to make my own repo?  I have a bunch of dev systems in VMs, and I'm getting kinda sick of updating from the net.16:46
beisnerddellav, ok, *-liberty test reruns have completed and are ready to review.  holler with any ?s16:47
=== rodlogic is now known as Guest15218
Slashmanhello, is there a list of all default system user uid somewhere? when updating from willy to xenial, the updater is telling me that the uid 26 (from the postgres user) may be in conflict with a default uid, but it doesn't tell me which system user would use this uid...17:13
bekksSlashman: It is a warning, not a "that will happen".17:19
bekksSlashman: For being sure there is no conflict, investigate your /etc/passwd and /etc/groups files.17:19
Slashmanthis won't tell me if the uid 26 is used for an other system user by a package for ubuntu17:20
sarnoldSlashman: I think this is the list of hard-coded http://sources.debian.net/src/base-passwd/3.5.39/passwd.master/17:35
Slashmansarnold: that's the basic list on anew system :p17:38
sarnoldSlashman: yes :) all others are dynamically allocated in postinst or similar17:38
SlashmanI'm looking for "which package use the uid 26"17:38
sarnoldhttps://www.debian.org/doc/debian-policy/ch-files.html17:38
Slashmansarnold: if system uid are dynamically allocated, then the warning is simply wrong ^^17:39
sarnoldSlashman: it may be :)17:40
dasjoeOh there is passwd.master17:41
dasjoeI was looking for how it gets generated a few days ago17:41
Slashmandasjoe: bekks linked it, there is only the default system uid, or did you find an other one?17:42
dasjoeSlashman: no, sarnold linked. Anyway, rlaager was updating his Xenial on ZFS-HOWTO, so we were looking for the default UIDs17:43
Slashmanoh yes, sorry, was sarnold17:43
Slashmanbut nothing at uid 26 on it17:44
bekksSlashman: As the warning states, it is a warning only.17:44
bekksIts purpose is to warn you, to check correct functionality of a specific service after updating.17:44
Slashmanbekks: well, a wrong warning that advice to remove the current user (in this case postgres) with a default choice at "yes" seems dangerous17:45
SlashmanI did not follow it, but I guess someone will17:45
bekksSlashman: There is not a single word about removing.17:45
bekksAt least you didnt tell us until now.17:46
Slashmansorry, my bad, here is the message : http://apaste.info/7vA17:46
Slashmanthere is link to a doc lol, did not see it at first17:47
bekksThat message is totally different frmo what you told us until now.17:47
Slashmanwell, I was just asking to see the default list of uid on ubuntu...17:48
Slashmanso I could see which was uid 2617:48
sarnoldhah, nice README17:48
bekksYou have problem X but asked about problem Y.17:48
Slashmanwell, asking to see if uid 26 is somewhere in a package seems relevant here17:49
bekksIt isnt, unfortunately. Your problem isnt uid 26, but the mentioned difference between your system accounts and the current defaults, as stated in the first sentence.17:50
sarnoldnow the question is, -why- is it reporting this difference? feels odd.17:51
Slashmanbeardface: yes, I see it now, I didn't read it properly at first, sorry about that17:51
Slashmanwrong highlight, oh well17:51
sdezielSlashman: I check on a couple of systems and it seems that system accounts are dynamically allocated with UID >= 100 (and < 1000)17:53
bekksSlashman: How about starting your current /etc/passwd? :)17:54
beardfacesdeziel: good17:55
Slashmanbekks: http://apaste.info/UaP (uid 1000 hidden)17:56
SlashmanI'm looking at an other ubuntu box and postgres uid is > 100 indeed, dunno what happened on this box, didn't do anything special17:58
=== rodlogic is now known as Guest1573
kpettitI've got a customer that had some CC stolen.  Some sort of exploit on their PHP app so I was asked to take a look.  Any good tools or CLI commands for finding CC numbers in files?  I've got a good one for grep in text files.  But not sure about word and pdf type files.18:50
bekksgrep18:50
kpettitBad thing is it's not just plain text type of files but I have to deal with PDF and Word docs that are on the server as well.18:50
bekksSince word and pdf files arent text files, you'll have noc chance.18:50
kpettitI know I can do pdf2text or tools like that, but not sure anything that's a little more automatic18:51
tewardkpettit: I'll give you an almost guarantee they're not stored in files anymore18:51
bekksAnd most like thse tools will remove the content you are looking for.18:51
kpettitis there a way to say "find/grep" only plain text and not binary files like PDF and doc type stuff?18:51
tewardkpettit: keep in mind if it's a PHP application that's been breached, the application could have transmitted the data, not stored it18:52
kpettitteward: any ideas of where to look?  I know they had a PHP shell and lots of junk PHP files.  We got rid of those.18:52
tewardand if they're stored in binary-form or encoded-form you're out of luck18:52
bekkskpettit: So you deleted the files you want to search in.18:52
kpettitBut not sure how they were getting CC info since it's never stored in database or in files (that we know of )18:52
tewardkpettit: if you've deleted the junk files you've already lost18:52
tewardyour recovery option is NUke From Orbit and start over18:53
tewardand your customer has to call the CC company and have their cards frozen, and reissued due to the theft18:53
kpettitteward: I've still got the shell files.  But there was no CC in the shell files.  That was just a PHP exploit to upload new files and port scan.  It was actually pretty damn impressive.  But no CC in the PHP file.18:53
tewardkpettit: you missed my information18:53
teward[2016-05-09 14:51:46] <teward> kpettit: I'll give you an almost guarantee they're not stored in files anymore18:53
teward[2016-05-09 14:52:13] <teward> kpettit: keep in mind if it's a PHP application that's been breached, the application could have transmitted the data, not stored it18:53
tewardkpettit: I will bet money at some point that the exploit breached the system, and injected some type of code which would then store the data offsite or transmit it offsite18:54
kpettityeah that's what I was thinking.  I'm just trying to nail down the method18:54
kpettitwe know the range, and the initial exploit.  But that's as far as Iv'e got18:54
bekkskpettit: Then you have to analyze the code you got.18:54
teward^ that18:54
tewardkpettit: as well as take the exploited *system* offline and load a replacement in its place18:55
kpettityeah we did all that.18:55
kpettitJust tryint to nail down how it happend so it doesn't happen again18:55
tewardkpettit: you said you know the initial exploit method18:55
tewardthat's your attack vector18:55
tewardmitigate that vector18:55
tewardif impossible, determine if 'Acceptable Risk' can be done with the application as is18:55
tewardif the risk is not acceptable, then they have to start looking for a different application solution that doesn't have this attack vector as a risk18:56
tewardsecondly, if there's an update for the PHP application that patches against this risk, update.18:56
kpettityeah I've already got it locked down hwo they initially got it.  Just tyring to dig more18:56
kpettitit's a homegrown app which makes it more painful.18:56
tewardthis is why i keep all PHP applications updated, and ROUTINELY run a full powered Nessus scan that checks everything on my servers that's webfacing18:56
kpettitit's a total front to back home grown PHP thing18:56
tewardkpettit: then you have to run the code analysis yourself18:57
kpettityeah that's going to be fun.18:57
tewardif you've locked down how they got in in the first place, you are now beyond the protection/mitigation phase and 'exploit analysis'18:57
tewardsince it's home grown only you can do that18:57
tewardand this channel can't really help much more than that18:57
kpettitI'm more trying to figure out how to search/find if any text sort of file still has CC info.  The grep's I've been using having been matching well with my tests18:58
kpettitthis is what I've been using.  http://kudithipudi.org/2011/08/17/how-to-use-grep-to-search-for-credit-card-numbers/18:58
tewardkpettit: i'm going to give you a suggestion: if they're .doc and .pdf you never will18:58
tewardand chances are things aren't plain text18:58
tewardand if they are they're encrypted or encoded18:59
tewardor, already transmitted and rm -rf'd18:59
kpettitthat's fine.  If I can rule out text files for now that gets me farther18:59
kpettitfor sure.  that's a good suggestion.18:59
kpettittrying trying to get a better grep command for now.18:59
bekksI guess randomly grepping gets you nowhere, not farther.18:59
JanCsearching .doc & (some) .pdf isn't so hard18:59
JanCnot sure why they would put CC in those though19:00
kpettitmy guess is it was transmitting CC as things processed, but I don't know for sure19:00
kpettitIm just trying to rule out them being stored and if I can do a quick grep that helps.19:01
hallynarges: smb: zul: should i wait on you guys to take a look at the libvirt yakkety merge, or just push when i think i'm happy?19:01
hallynmy main concern is once i start the package-rename game, we can't turn back :)19:01
tewardkpettit: i'll bet you a dollar they were in an 'intercept-and-transmit'19:01
tewardkpettit: that's how I see most of those types of exploits, at least that i've observed19:01
kpettitteward: that's my guess too19:01
tewardkpettit: in which case you'll have to examine your home grown application, and note any discrepancies from the last-good copy19:02
kpettityeah, it's always fun for sure.  thanks for the advise19:04
tewardkpettit: you're welcome.  unfortuantely though I can't give any more insights than that19:05
kpettitno worries.  Just seeing if there was something obvious I was missing to check on.19:06
tewardkpettit: I've learned that there's never anything obvious with these types of breaches19:07
teward'obvious' can only be observed if it's a well known breach of a well known software19:07
kpettitfor sure it's looking that way19:07
tewardsince you're working on a home grown solution, that's not an option19:07
kpettitthe PHP shells were obvious at least.  Beyond that...19:07
kpettityeah.  I'm so impressed with those PHP shells though.  They'd make great little admin tools.  Might hack one up and protect it to use it that way.  Great little utilities in some of them19:08
=== rodlogic is now known as Guest97418
zorbsoneIf I want people to be able to access a folder called "school" from my Ubuntu-Server /var/www//html/ directory, it should simply be: sudo chmod 755 -R /var/www/html/school -- or is that not correct? the file permissions are set to:  4 drwxr-xr-x 3 root root    4096 May  9 15:20 school19:26
c00lbardzorbsone: Access it from what?19:29
zorbsoneI want other users to be able to access the directory from the web.19:30
c00lbardzorbsone: Then the above permissions should work fine19:31
SierraKomodoAnyone happen to know if there's a way to setup a web interface for iptables/ufw on ubuntu that can be set to only accept localhost connections?19:40
JanCsure, why not?19:42
=== rodlogic is now known as Guest56148
rbasaknacc: I guess my publishing history traversal algorighm fails unless you store highest_series_seen between invocations.20:16
naccrbasak: yeah, that's the advantage of the generator function, though, the state is saved :)20:17
=== Guest56459 is now known as mfisch
=== mfisch is now known as Guest87085
=== Guest87085 is now known as mfisch
=== rodlogic is now known as Guest3957
=== magicalChicken_ is now known as magicalChicken

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!