| JanC | if you can get on IRC, then what is the problem? | 00:23 |
|---|---|---|
| === ShaRose_ is now known as ShaRose | ||
| === rodlogic is now known as Guest56353 | ||
| === rodlogic is now known as Guest26905 | ||
| === athairus is now known as afkthairus | ||
| thekrynn_ | trying to setup a usb ethernet dongle for an extra iface, but not showing up at all.. any ideas? | 06:31 |
| g3org3s | Hi - would this be applicable on 16.04 ? https://www.digitalocean.com/community/tutorials/how-to-configure-a-mail-server-using-postfix-dovecot-mysql-and-spamassassin | 09:41 |
| somix | hello | 10:12 |
| somix | how install openstack or juju in vmware workstation | 10:13 |
| somix | whay | 10:14 |
| somix | how | 10:14 |
| somix | whaaaaaaaat | 10:15 |
| somix | hhh | 10:16 |
| somix | thaaanx | 10:16 |
| somix | $ sudo apt install conjure-up | 10:16 |
| g3org3s | Can I install mail ina box on 16.04 ? | 11:26 |
| g3org3s | or still not supported ? | 11:26 |
| === sexytime is now known as habibi | ||
| === rodlogic is now known as Guest21887 | ||
| devster31 | hi guys, what could be the reason I can lsusb and lshw an usb hard drive but I can't lsblk it and therefore cannot mount it? | 13:20 |
| RoyK | devster31: dead disk? | 14:26 |
| devster31 | it works fine on windows | 14:27 |
| devster31 | and on OSX | 14:27 |
| RoyK | devster31: what's in dmesg? | 14:37 |
| RoyK | please !pastebin that | 14:38 |
| RoyK | !pastebin | 14:38 |
| ubottu | For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic. | 14:38 |
| devster31 | http://paste.ubuntu.com/16439404/ there's lshw and lsusb too | 14:40 |
| devster31 | it seems to know exactly what's plugged in but doesn't know it's a hard drive | 14:41 |
| RoyK | weird | 14:42 |
| eatingthenight | anyone have any recommended software for managing a small setup of 3 machines running KVM? | 17:09 |
| synchronet | why use KVM, what you using the box for? | 17:10 |
| eatingthenight | nothing at the moment all i really want is a low cost way to manage a small VM cluster | 17:14 |
| === habibi is now known as punisher | ||
| eatingthenight | esxi does what I want but I have to pay 1k a year for it otherwise it imposes limits on what kind of resources I can allocate. | 17:15 |
| synchronet | ok, but for running what? Websites! | 17:15 |
| synchronet | if so Virtualmin GPL will do you fine | 17:17 |
| synchronet | Nice install script as well | 17:18 |
| synchronet | Needs a clean install of OS tho, I would go 14.04 | 17:19 |
| synchronet | and a good FQDN | 17:20 |
| dasjoe | eatingthenight: define "cluster". Do you need automatic, managed failover? | 17:20 |
| === punisher is now known as GitGud | ||
| dasjoe | eatingthenight: I stuck with libvirt, neither Ganeti, nor ovirt delivered what I needed | 17:21 |
| eatingthenight | yeah i guess cluster is a bad word. Downtime is completely fine. | 17:21 |
| eatingthenight | looking at virtualmin gpl now | 17:21 |
| synchronet | Try Virtualmin you might be surprised what it can do | 17:22 |
| synchronet | I use it a lot | 17:22 |
| synchronet | but just websites | 17:22 |
| synchronet | nothing fancy | 17:22 |
| synchronet | backup and restore module is second to none | 17:22 |
| === GitGud is now known as habibi | ||
| eatingthenight | hmmm, yeah i need a few more abilities then just website management, I think what I'll end up doing is just managing it from the commandline and then write my own web interface for it once I see what I all need. unfortunately I can't find anything in between apache openstack and cli that is halfway decent | 17:24 |
| dasjoe | eatingthenight: https://help.ubuntu.com/lts/serverguide/libvirt.html | 17:25 |
| eatingthenight | dasjoe: this looks like it will work for me, thanks! | 17:43 |
| Goug | Hi - I think I messed up smth while isntalling mysql - how can I reset it to a fresh installation ? | 18:37 |
| Goug | nevermind - got it to work again | 18:38 |
| bekks | Goug: Why do you thing you messed up something? | 18:39 |
| bekks | Reinstalling will not fix it. | 18:40 |
| Goug | I couldnnt login to the database - acces denied - the I restarted the service - now its working again | 18:40 |
| habibi | the app that i am going to be running will run as a certain user whos setuid and setgid permissions shall be stripped. but this app still needs to have the ability to open ports > 1024. will this work? | 19:45 |
| habibi | because i have read somewhere long ago that to open sockets the computer sets id to root, opens the socket. then sets id back to user | 19:46 |
| === afkthairus is now known as athairus | ||
| tarpman | habibi: you don't need any special permissions to open ports > 1024; did you mean < 1024? | 19:50 |
| tarpman | habibi: either way: yes, what you are describing (start as root; perform privileged actions; drop permissions permanently) is standard practice | 19:51 |
| habibi | tarpman, no i meant > 1024. i know that that is not allowed. i had like 1 link that showed the easier command that removes all perms from a particular user. but i lost it. do you know what is the easiest but safest way to do this ? | 19:53 |
| tarpman | habibi: easiest and safest way IMO is to arrange for the init system to start your daemon as a unprivileged user (ideally, a user dedicated to that daemon) | 19:57 |
| tarpman | habibi: or, if does need root privileges during startup for some reason, then man 2 setuid and man 2 setgid | 19:58 |
| habibi | tarpman, and the security friendly way (just to check with you) would be to take off all the unnecessary perms of the scripts of that user in the bin folder yeah? | 19:59 |
| habibi | or are there any other folder i have to think about as well? | 19:59 |
| tarpman | I don't understand the question, sorry | 19:59 |
| tarpman | habibi: if you want to go even further with restricting what your program is allowed to do, look into apparmor: https://wiki.ubuntu.com/AppArmor | 20:01 |
| bekks | habibi: Which kind of permissions are you trying to strip off of that user? | 20:01 |
| habibi | i need to find that link. one second let me try this | 20:02 |
| habibi | ok i found it bekks and tarpman : http://linux-audit.com/finding-setuid-binaries-on-linux-and-bsd/ | 20:04 |
| bekks | habibi: And why do you want to tinker around with setuid for a specific user? | 20:04 |
| bekks | habibi: Do you know what setuid is for? | 20:05 |
| habibi | the idea was that i make a spearate user for a daemon. then i strip that user of access to all the scripts in bin folder. so that no hacker can get into this user through the daemon and on the off chance that they can. then they cannot use the gid and uid to trick the computer to give them root access | 20:05 |
| bekks | habibi: that nonsense, actually. | 20:06 |
| bekks | habibi: Do you know what setuid is for? | 20:06 |
| habibi | bekks, some guy on ##security said it was a good idea. setuid is defined like this: Binaries with the setuid bit enabled, are being executed as if they were running under the context of the root user. This enables normal (non-privileged) users to use special privileges, like opening sockets. | 20:07 |
| bekks | habibi: Do you understand what setuid is for? | 20:07 |
| habibi | bekks, bro i just told you | 20:07 |
| bekks | habibi: No you told me what someone else told you. | 20:07 |
| habibi | Binaries with the setuid bit enabled, are being executed as if they are running under the context of the root user | 20:08 |
| bekks | Which doesnt mean YOU understand what setuid is for. | 20:08 |
| habibi | i understand what that line means | 20:08 |
| bekks | And do you know why setuid is set for those specific binaries? | 20:08 |
| habibi | because those specific binaries need some type of root access in their functioning | 20:08 |
| bekks | Correct. | 20:09 |
| bekks | So if you unset setuid, you will break those binaries and/or their functionality. | 20:10 |
| habibi | yes bekks but i would argue that my user thats running that daemon may not need ALL those binaries. so removing their setuid may not be a good thing | 20:10 |
| bekks | Which just have something to do with messing up your system, and not with securing it. | 20:10 |
| bekks | If you dont want your user to have access to specific files, use ACL and disallow access. | 20:11 |
| === Goug_ is now known as g3org3s | ||
| habibi | since thats just going to be one daemon | 20:13 |
| habibi | bekks, and if my user is not running ALL those binaries. then removing them would be a good idea because then there is less things that a potential hacker could trick to give them root access | 20:13 |
| habibi | to this understanding, i have set out to change the setuid and setgid values for the bin folder. and was asking if there are other binaries i want to change that could be tricked, but not really necessary for the running of my daemon | 20:13 |
| bekks | Do you understand that removing setuid isnt possible for a specific user, but globally only? | 20:13 |
| habibi | bekks, that part i did not actually know. but was going to look around for | 20:14 |
| habibi | ACL hmm ok | 20:14 |
| habibi | i'll look into that one | 20:14 |
| habibi | i only want to give that user access to activities needed for its daemon. namely opening sockets > 1024. reading to its home directory. and writing to its home directory | 20:15 |
| habibi | everything else i want to restrict. using ACL or AppArmor or w.e there is | 20:15 |
| bekks | So do it. No need to mess up your system. | 20:15 |
| habibi | alright awesome. thanks for the heads up bekks | 20:15 |
| g3org3s | Hi - mysql issue - it's weird - I can login from the server console - I can also login from phpmyadmin - but when I use it in my php file - database connection unsuccseful - am I missing something in the config ? | 20:24 |
| bekks | g3org3s: How are you trying to connect, using PHP? | 20:31 |
| g3org3s | bekks, it's a user managemetn framerware - during setup they ask the database to connect to | 20:31 |
| bekks | And what are you entering? | 20:31 |
| g3org3s | Databasr host = IP , database user and pass - the ones I am successfully using to login via shell on server or phpmyadmin - Database name : Database I created in phpmyadmin for this project | 20:33 |
| bekks | g3org3s: So did you configure your mysql server to accept connections on the IP? And why dont you use 127.0.0.1? | 20:34 |
| g3org3s | bekks, it's working now - I thought it was requesting the remote access of that server - I completly forgot that it is local! my bad ; many thank | 20:36 |
| bekks | you're welcome :) | 20:36 |
| === habibi is now known as punisher | ||
| === punisher is now known as sexytime | ||
| === sexytime is now known as punisher | ||
| newbsie | New to systemd coming from upstart/14.04. Where do I place the conf file for systemd for gunicorn? In /etc/systemd/system with my own naminc scheme? | 22:20 |
| xnox | newbsie, yes, more or less. Also note https://wiki.ubuntu.com/SystemdForUpstartUsers | 22:30 |
| newbsie | xnox: If I need to run different processes of gunicorn for different websites, do they each go in their own conf file? | 22:31 |
| xnox | read systemd units documentation on template units | 22:34 |
| === ToneKnee_ is now known as ToneKnee | ||
| conrmahr | Is there any chat logs saved somewhere? I had someone help me re-image a disk but didn't write it down. | 23:26 |
| RoyK | depends on the client | 23:27 |
| conrmahr | limechat? | 23:28 |
| RoyK | l | 23:30 |
| RoyK | no idea - sorry | 23:30 |
| teward | maybe ask #limechat ? | 23:31 |
| teward | conrmahr: ^ | 23:31 |
| conrmahr | How about I ask for help on re-imaging a secondary disk | 23:32 |
| conrmahr | Can some one help remove all partitions on a WD Red 4GB harddrive that has RAID array on it? | 23:48 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!