=== rodlogic is now known as Guest90697 === Guest460 is now known as mfisch === mfisch is now known as Guest81704 === rodlogic is now known as Guest28228 === Guest81704 is now known as mfisch === mfisch is now known as Guest30018 [09:54] wolflarson_: I don't know anything specific, but I do know that there was a major version change of PHP in 16.04. [10:49] Hi - I am going to be using KVM for VM's (16.04_- I tried creating the network bridge using network-manager I can see the following constantly the following messages in dmesg [10:50] br0: port 1(enp3s0f1) received tcn bpdu - br0: topology change detected, propagating [10:50] howwever if I add the bridge by the old method - i.e editing /etc/network/interfaces manually I do not [10:50] however I want to use network manager to easly change network profiles and vpn links. [10:51] anyone know how to prevent this - stp was enabled in nm and the interfaces file [11:22] sorry rebooted [11:22] can anyone say why I get the following in dsmeg when I setup a network bridge using network-manager (for bridge br0) [11:22] [ 1271.540537] br0: port 1(enp3s0f1) received tcn bpdu [11:22] [ 1271.540548] br0: topology change detected, propagating [11:22] with stp enabled? [11:22] > however if I add the bridge just by editing /etc/network/interfaces (old ubuntu method) I do not see anyh messages [11:22] i.e - if I use this method (and enable stp) I do not see the messages -> https://wiki.ubuntu.com/KvmWithBridge [11:23] however I want to use network-manager do easily change netowrk profiles [11:37] Hi. I'm running 2 machines with Ubuntu 14.04.4 LTS and kernel 4.2.0-35-generic (x86_64). On both machines there is a python script running that is copying files to the cloud. Only one machine uploads 2-5 times slower than the other [11:37] is there any way I can debug this? [11:37] I already switched the cables and that doesn't make a difference [11:40] the NIC are Intel 10-Gigabit X540-AT2 (on 1 Gbit switch) [11:47] I have made a forum post here -> http://ubuntuforums.org/showthread.php?t=2323900&p=13486188#post13486188 [11:48] both machines have the same driver ixgbe 4.0.1-k [12:23] ddellav, hey - hows the testing looking for bug 1569502 [12:23] ? [12:23] bug 1569502 in Ubuntu Cloud Archive liberty "[SRU] liberty point releases" [High,Fix committed] https://launchpad.net/bugs/1569502 [12:25] Hi, do you people think it's a good idea to use ~ubuntu-server-dev to host the ubuntu-specific makedumpfile source git tree ? [12:25] usually, I keep it in sync with upstream debian, but sometimes there are delta that I wish I could host on Launchpad [12:26] FYI makedumpfile source contains the kdump-tools + makedumpfile binaries [12:27] caribou: I have no objection. I wonder if there's a better team, but maybe it's better to put it whether other trees are. [12:28] rbasak: the only other think I could think of was foundation but I don't think they have a specific userspace [12:29] I'll ask in #ubuntu-devel [12:30] caribou: sorry, what I mean is that perhaps ~ubuntu-server-dev is a good place because it's where other trees are. [12:30] rbasak: that's what I think also [12:31] rbasak: most of the time it is a straight sync from debian so there shouldn't be much delta but yet I think that this is the most coherent place [12:31] I'll put it there & I can always move it away if needed later [12:31] caribou: sure. nacc's work on an importer should be showing up soon, too. [12:32] cool [12:51] If someone has a minute to review this very simple merge request so I don't do it for myself : https://code.launchpad.net/~louis-bouchard/ubuntu/+source/makedumpfile/+git/makedumpfile/+ref/fix_lp1571590 [13:01] caribou: lgtm === rodlogic is now known as Guest30270 [13:01] rbasak: thanks! [13:05] hi can anyone help. I've just had a nasty accident with chmod on my server and now I can't run any commands. I was trying to chmod a directory but accidently did the root! [13:09] jonah: best to restore permissions from a backup. [13:10] rbasak: hi thanks, I do have backups but just not sure how to actually restore them [13:10] rbasak: I managed to stop the command when it was running but now I can't run ls or apt or other commands as I get a 'Permission denied' error [13:11] jonah: can you still run cp? [13:11] rbasak: also all my apache sites are showing internal server error [13:11] jonah: was it a recursive chmod ? (-R) [13:11] caribou: yes it was the owncloud permission fix script! but it ran from the root / dir instead of the directory I should of been in! [13:11] https://doc.owncloud.org/server/8.0/admin_manual/installation/installation_wizard.html#strong-perms-label [13:12] so where ocpath is, I accidently just had it as / [13:12] instead of the right path which should of just been empty and not a forward slash!! [13:12] Sling: no cp also giving permission denied [13:12] jonah: mount the disk in another linux system then [13:13] and at least restore permissions to all the binaries in PATH [13:13] Sling: ah ok so if I run a live usb flash drive on the server [13:14] jonah: yeah, you need to boot off the USB flash & mount your server's HD [13:14] Sling: what permissions/ownerships do I then set from the live cd [13:14] caribou: ok I'll dig out a live usb, would any of you be kind enough to help me out if I can try load it up now? [13:15] jonah: ideally you would boot/mount it from the same ubuntu version [13:15] Sling: ok I'll download a unetbootin now and try load it up... [13:15] then restore permissions based on that [13:16] tip: getfacl/setfacl can be used to make dumps/imports of filesystem permissions [13:16] Sling: ok how do I shut down the server so I can boot the livecd safely? [13:17] alt-sysrq r e i s u b [13:17] with a few secs inbetween each letter [13:18] https://en.wikipedia.org/wiki/Magic_SysRq_key#Uses [13:24] Sling: hi again, sorry just on a different laptop [13:24] Sling: found my original ubuntu server install usb flash drive but when i load it up there is no live environment, it has the installer and boot into rescue mode. is there any way to boot into a live shell? [13:25] Sling: ubuntu server 14.10 lts is what I'm using... [13:25] 14.10 wasn't an LTS... [13:26] jonah: the install cd should have an option 'try ubuntu without...' [13:27] Sling: i think because it's server edition it doesn't have that. shall i just download desktop edition? [13:27] sure [13:36] Sling: if I can mount the disks using the livecd is there anyway to see what the permissions used to be? === rodlogic is now known as Guest93463 [13:49] Hi can anyone help. I'm trying to restore some accidently changed chmods and permissions on my server which locked me out. I've booted a livecd and managed to mount the raid array. does anyone know how I now get the permissions back? [13:54] jamespage coreycb kicked off the testing, im not sure how to look up the status and he's on swap today. [13:54] ddellav, I'm sure beisner would be delighted to show you around that side of SRU's [13:54] jonah: it depends on what was changed. if it was a recursive one on / or /etc, you're probably out of luck [13:55] jamespage ack, i will inquire [13:55] o/ ddellav :-) [13:55] beisner on top of it as usual :) [13:55] jonah: if it is just your homedir, 755 on directories and 644 on files will likely be sufficient, assuming you have no private data there (thne you'd not want world readable) [13:57] maswan: hi thanks I ran this but it ran from / rather than the directory I meant it to run from! [13:57] maswan: https://doc.owncloud.org/server/8.0/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions [13:58] jamespage, ddellav - looks like we'll need to re-test those, after resolving some issues @ stable bundles for wily-liberty. ie. we don't currently have a good baseline, though i suspect those are not pkg or charm issues. pxc in o-c-t bundles appears to still be wonky. i'll pong in a bit. [13:59] beisner ack, let me know if i need to debug any breakages. [14:00] ddellav, we're still settling a few corners on the mysql-->pxc switches in the full deploy test bundles. i suspect i've got something to adjust here re: that. [14:02] jonah: Ok, I'll recommend a reinstall [14:02] ddellav, thx will do [14:03] beisner :) [14:04] maswan: what do you think the script has changed? currently I can't run any commands or I get permission denied? would rather save the system than reinstall if possible? [14:05] jonah: the permissions of pretty much all files [14:07] maswan: i have a backup but I will lose loads of work from the last couple of days. is there anyway to set back some of the main permissions to at least see if we can get something working again? I did hit ctrl C as soon as I realised the script was running in the wrong place and it had already given out quite a lot of "file not founds" for things it was trying to adjust [14:09] hey there. Any idea of when the "predictable interface names" feature has been introduced, officially? I have installed a couple of 14.04 servers in a period of 3 months. The first one still has the ethX format. I wonder what differs between the twos and if this change has been introduced recently [14:09] jonah: this will make some commands work, but you are very unlikely to get a sound system again: chmod +x /usr/bin/* /usr/sbin/* [14:10] maswan: Is there any commands that can pull up what was last modified on the raid and all the ones that match I could go through trying to chown/chmod perhaps? === rodlogic is now known as Guest80695 [14:24] I need to set up a few containers for various services at home. Should I be learning LXC or LXD? [14:28] there is a difference? [14:33] Hi can anyone please help with some permission problems [14:35] maswan: when I run ls -lRt I can't see any files really that have been updated today at the time it happened... So I don't think it would take too much to repair if I knew what to fix or change the permission back to. I have different partitions. Do you know where this script would start https://doc.owncloud.org/server/8.0/admin_manual/installation/installation_wizard.html#setting-strong-directory-permissions [14:35] maswan: if you ran it from / [14:36] maswan: I remember a lot of errors popping up saying can't find //certain-file can't find // does not exist etc [14:36] can anyone help study that script to see what might have been altered if ran from / [14:36] or at least changed first... [14:38] ducasse: lxd is a daemon. You can use the lxc command to interact with it [14:38] ducasse: https://linuxcontainers.org/lxd/introduction/ [14:40] sdeziel: ok, thanks. I just noticed that the tools that come in the lxd package don't seem to 'see' the containers created with the lxc tools. [14:41] ducasse: correct. The lxc tools are ~legacy [14:42] sdeziel: ok, but will they still be developed/maintained? [14:42] hi could anyone please help with restoring some broken permissions or chowns... I've ran a script from root by mistake and it's locked me out, the thing is it sprung a lot of erros up for "directory doesn't exist" etc when I ran the script and I quickly hit ctrl-c so I don't think much has been altered, but just trying to track down how to put it right again if anyone can please help me? [14:43] ducasse: https://linuxcontainers.org/lxc/introduction/: "LXC 1.0 will be supported until June 1st 2019 and LXC 2.0 until June 1st 2021." [14:44] sdeziel: ok, thanks. I should have noticed that when I was reading. [14:46] ducasse: np. I can only recommend trying lxd at some point, it's worth the detour [14:47] sdeziel: thanks, I guess I'll migrate what I have now before I've invested a lot of time in lxc. [14:50] coreycb, jamespage: hi! any ETA on newton packaging? [14:51] rbasak: ping? [14:51] EmilienM, will probably open the UCA archive this week, but probably no initial packages until first milestone [14:51] jamespage: ok, cool. [14:51] might be earlier but we'll see how that goes :-) [14:52] nacc: o/ [14:52] nacc: sorry I missed you on Friday. I have a DMB meeting in 8 minutes though :( [14:55] jamespage: we already gate on Newton, thanks to RDO repos. Let me know when I can do the same with UCA [14:56] rbasak: np, would you be free after that? [14:57] nacc: yes. Shall I ping you then? [14:57] rbasak: perfect, thanks! === Guest30018 is now known as mfisch === mfisch is now known as Guest56459 [15:04] ducasse, although they are different technologies I'd say go with LXD, which leverages LXC heavily. It is a future proof approach to containers: unprivileged containers by default, complete restful api, distributed. And it works pretty neatly I'd say. We are using it in prod and we're very happy. [15:06] keep in mind that LXC is more supported by automation tools like Ansible and the likes, since LXD final (2.0) has only been released a couple of weeks ago. === rodlogic is now known as Guest20915 [15:11] spidernik84: thanks! yes, I'll start migrating what little I already have - fortunately I had just started migrating stuff out of kvm guests. === ejat is now known as fenris- === fenris- is now known as ejat === ejat is now known as fenris- === fenris- is now known as ejat === rodlogic is now known as Guest12850 [16:46] hey guys, what is the best/easiest way to make my own repo? I have a bunch of dev systems in VMs, and I'm getting kinda sick of updating from the net. [16:47] ddellav, ok, *-liberty test reruns have completed and are ready to review. holler with any ?s === rodlogic is now known as Guest15218 [17:13] hello, is there a list of all default system user uid somewhere? when updating from willy to xenial, the updater is telling me that the uid 26 (from the postgres user) may be in conflict with a default uid, but it doesn't tell me which system user would use this uid... [17:19] Slashman: It is a warning, not a "that will happen". [17:19] Slashman: For being sure there is no conflict, investigate your /etc/passwd and /etc/groups files. [17:20] this won't tell me if the uid 26 is used for an other system user by a package for ubuntu [17:35] Slashman: I think this is the list of hard-coded http://sources.debian.net/src/base-passwd/3.5.39/passwd.master/ [17:38] sarnold: that's the basic list on anew system :p [17:38] Slashman: yes :) all others are dynamically allocated in postinst or similar [17:38] I'm looking for "which package use the uid 26" [17:38] https://www.debian.org/doc/debian-policy/ch-files.html [17:39] sarnold: if system uid are dynamically allocated, then the warning is simply wrong ^^ [17:40] Slashman: it may be :) [17:41] Oh there is passwd.master [17:41] I was looking for how it gets generated a few days ago [17:42] dasjoe: bekks linked it, there is only the default system uid, or did you find an other one? [17:43] Slashman: no, sarnold linked. Anyway, rlaager was updating his Xenial on ZFS-HOWTO, so we were looking for the default UIDs [17:43] oh yes, sorry, was sarnold [17:44] but nothing at uid 26 on it [17:44] Slashman: As the warning states, it is a warning only. [17:44] Its purpose is to warn you, to check correct functionality of a specific service after updating. [17:45] bekks: well, a wrong warning that advice to remove the current user (in this case postgres) with a default choice at "yes" seems dangerous [17:45] I did not follow it, but I guess someone will [17:45] Slashman: There is not a single word about removing. [17:46] At least you didnt tell us until now. [17:46] sorry, my bad, here is the message : http://apaste.info/7vA [17:47] there is link to a doc lol, did not see it at first [17:47] That message is totally different frmo what you told us until now. [17:48] well, I was just asking to see the default list of uid on ubuntu... [17:48] so I could see which was uid 26 [17:48] hah, nice README [17:48] You have problem X but asked about problem Y. [17:49] well, asking to see if uid 26 is somewhere in a package seems relevant here [17:50] It isnt, unfortunately. Your problem isnt uid 26, but the mentioned difference between your system accounts and the current defaults, as stated in the first sentence. [17:51] now the question is, -why- is it reporting this difference? feels odd. [17:51] beardface: yes, I see it now, I didn't read it properly at first, sorry about that [17:51] wrong highlight, oh well [17:53] Slashman: I check on a couple of systems and it seems that system accounts are dynamically allocated with UID >= 100 (and < 1000) [17:54] Slashman: How about starting your current /etc/passwd? :) [17:55] sdeziel: good [17:56] bekks: http://apaste.info/UaP (uid 1000 hidden) [17:58] I'm looking at an other ubuntu box and postgres uid is > 100 indeed, dunno what happened on this box, didn't do anything special === rodlogic is now known as Guest1573 [18:50] I've got a customer that had some CC stolen. Some sort of exploit on their PHP app so I was asked to take a look. Any good tools or CLI commands for finding CC numbers in files? I've got a good one for grep in text files. But not sure about word and pdf type files. [18:50] grep [18:50] Bad thing is it's not just plain text type of files but I have to deal with PDF and Word docs that are on the server as well. [18:50] Since word and pdf files arent text files, you'll have noc chance. [18:51] I know I can do pdf2text or tools like that, but not sure anything that's a little more automatic [18:51] kpettit: I'll give you an almost guarantee they're not stored in files anymore [18:51] And most like thse tools will remove the content you are looking for. [18:51] is there a way to say "find/grep" only plain text and not binary files like PDF and doc type stuff? [18:52] kpettit: keep in mind if it's a PHP application that's been breached, the application could have transmitted the data, not stored it [18:52] teward: any ideas of where to look? I know they had a PHP shell and lots of junk PHP files. We got rid of those. [18:52] and if they're stored in binary-form or encoded-form you're out of luck [18:52] kpettit: So you deleted the files you want to search in. [18:52] But not sure how they were getting CC info since it's never stored in database or in files (that we know of ) [18:52] kpettit: if you've deleted the junk files you've already lost [18:53] your recovery option is NUke From Orbit and start over [18:53] and your customer has to call the CC company and have their cards frozen, and reissued due to the theft [18:53] teward: I've still got the shell files. But there was no CC in the shell files. That was just a PHP exploit to upload new files and port scan. It was actually pretty damn impressive. But no CC in the PHP file. [18:53] kpettit: you missed my information [18:53] [2016-05-09 14:51:46] <teward> kpettit: I'll give you an almost guarantee they're not stored in files anymore [18:53] [2016-05-09 14:52:13] <teward> kpettit: keep in mind if it's a PHP application that's been breached, the application could have transmitted the data, not stored it [18:54] kpettit: I will bet money at some point that the exploit breached the system, and injected some type of code which would then store the data offsite or transmit it offsite [18:54] yeah that's what I was thinking. I'm just trying to nail down the method [18:54] we know the range, and the initial exploit. But that's as far as Iv'e got [18:54] kpettit: Then you have to analyze the code you got. [18:54] ^ that [18:55] kpettit: as well as take the exploited *system* offline and load a replacement in its place [18:55] yeah we did all that. [18:55] Just tryint to nail down how it happend so it doesn't happen again [18:55] kpettit: you said you know the initial exploit method [18:55] that's your attack vector [18:55] mitigate that vector [18:55] if impossible, determine if 'Acceptable Risk' can be done with the application as is [18:56] if the risk is not acceptable, then they have to start looking for a different application solution that doesn't have this attack vector as a risk [18:56] secondly, if there's an update for the PHP application that patches against this risk, update. [18:56] yeah I've already got it locked down hwo they initially got it. Just tyring to dig more [18:56] it's a homegrown app which makes it more painful. [18:56] this is why i keep all PHP applications updated, and ROUTINELY run a full powered Nessus scan that checks everything on my servers that's webfacing [18:56] it's a total front to back home grown PHP thing [18:57] kpettit: then you have to run the code analysis yourself [18:57] yeah that's going to be fun. [18:57] if you've locked down how they got in in the first place, you are now beyond the protection/mitigation phase and 'exploit analysis' [18:57] since it's home grown only you can do that [18:57] and this channel can't really help much more than that [18:58] I'm more trying to figure out how to search/find if any text sort of file still has CC info. The grep's I've been using having been matching well with my tests [18:58] this is what I've been using. http://kudithipudi.org/2011/08/17/how-to-use-grep-to-search-for-credit-card-numbers/ [18:58] kpettit: i'm going to give you a suggestion: if they're .doc and .pdf you never will [18:58] and chances are things aren't plain text [18:59] and if they are they're encrypted or encoded [18:59] or, already transmitted and rm -rf'd [18:59] that's fine. If I can rule out text files for now that gets me farther [18:59] for sure. that's a good suggestion. [18:59] trying trying to get a better grep command for now. [18:59] I guess randomly grepping gets you nowhere, not farther. [18:59] searching .doc & (some) .pdf isn't so hard [19:00] not sure why they would put CC in those though [19:00] my guess is it was transmitting CC as things processed, but I don't know for sure [19:01] Im just trying to rule out them being stored and if I can do a quick grep that helps. [19:01] arges: smb: zul: should i wait on you guys to take a look at the libvirt yakkety merge, or just push when i think i'm happy? [19:01] my main concern is once i start the package-rename game, we can't turn back :) [19:01] kpettit: i'll bet you a dollar they were in an 'intercept-and-transmit' [19:01] kpettit: that's how I see most of those types of exploits, at least that i've observed [19:01] teward: that's my guess too [19:02] kpettit: in which case you'll have to examine your home grown application, and note any discrepancies from the last-good copy [19:04] yeah, it's always fun for sure. thanks for the advise [19:05] kpettit: you're welcome. unfortuantely though I can't give any more insights than that [19:06] no worries. Just seeing if there was something obvious I was missing to check on. [19:07] kpettit: I've learned that there's never anything obvious with these types of breaches [19:07] 'obvious' can only be observed if it's a well known breach of a well known software [19:07] for sure it's looking that way [19:07] since you're working on a home grown solution, that's not an option [19:07] the PHP shells were obvious at least. Beyond that... [19:08] yeah. I'm so impressed with those PHP shells though. They'd make great little admin tools. Might hack one up and protect it to use it that way. Great little utilities in some of them === rodlogic is now known as Guest97418 [19:26] If I want people to be able to access a folder called "school" from my Ubuntu-Server /var/www//html/ directory, it should simply be: sudo chmod 755 -R /var/www/html/school -- or is that not correct? the file permissions are set to: 4 drwxr-xr-x 3 root root 4096 May 9 15:20 school [19:29] zorbsone: Access it from what? [19:30] I want other users to be able to access the directory from the web. [19:31] zorbsone: Then the above permissions should work fine [19:40] Anyone happen to know if there's a way to setup a web interface for iptables/ufw on ubuntu that can be set to only accept localhost connections? [19:42] sure, why not? === rodlogic is now known as Guest56148 [20:16] nacc: I guess my publishing history traversal algorighm fails unless you store highest_series_seen between invocations. [20:17] rbasak: yeah, that's the advantage of the generator function, though, the state is saved :) === Guest56459 is now known as mfisch === mfisch is now known as Guest87085 === Guest87085 is now known as mfisch === rodlogic is now known as Guest3957 === magicalChicken_ is now known as magicalChicken