/srv/irclogs.ubuntu.com/2016/10/25/#ubuntu-server.txt

fooCan 16.04 use upstart if I install it?00:42
RoyKfoo: why would you want upstart?00:52
fooRoyK: Thank you. Trying to set up nginx + upstart + python script. I had this working in 14.04, but 16.04 seems different somewhere. I use upstart to start my init script that launches gunicorn for my app00:52
fooRoyK: I'm open to another way, this is just how I did it initially, so I just start/stop my app with start / stop myapp00:53
RoyKfoo: Xenial uses systemd, get used to t01:10
RoyKfoo: Xenial uses systemd, get used to it01:10
fooRoyK: alrighty, I'll remove upstart. Thanks01:12
UbuntuDudeCouple of months ago someone here gave a good info and url I added it to my bookmarks ... BUT I've forgot the whole thing :(01:14
UbuntuDudeI think it was about images for ubuntu server distro(s) that optimized and ready for production ... the topic I was asking about back then about programs to control linux web server like cpanle01:15
UbuntuDudeI remember finding ubuntu server iso image by amazon01:16
RoyKUbuntuDude: I'd recommend using an official image, not something on amazon unless you're using them as your VPS provider01:55
UbuntuDudeRoyK: I'm just learning linux server02:03
UbuntuDudebut I forgot what was the images they told me about here ...02:03
RoyKUbuntuDude: use the images from ubuntu.com - nothing else - the others may have been tapered with02:58
fishcookeri tried to remove old kernel when /boot 100%(scarse disk) hit... yes it's only 200MB with automatic security update without kernel blacklist but i've got https://bpaste.net/show/a957a4d9e824 when try the old one to release some space to upgrade to the latest kernel03:48
fishcookeris there any to remove the old kernel manually03:49
sbeattiefishcooker: apt-get purge linux-image-3.13.0-48-generic linux-headers-3.13.0-4803:50
=== ideopathic_ is now known as ideopathic
RoyKfishcooker: rhel/centos has this feature of just keeping the last few kernels - not sure if that exists on debian/ubuntu04:01
=== ideopathic_ is now known as ideopathic
=== berglh_ is now known as berglh
=== ideopathic_ is now known as ideopathic
=== ideopathic_ is now known as ideopathic
=== ideopathic__ is now known as ideopathic
markchi, is there any way to get dpkg-reconfigure to acknowlege altered debconf settings so I can script re-setting a fresh server install?07:38
markcfor the life of me I cannot get any variation of debconf-set-selections to change, for instance, the timezone for tzdata07:40
markcit may be that debconf only works on initial install of a package but in the case of tzdata it's not possible to remove it then reinstall it just so it picks up new debconf settings07:41
=== ideopathic__ is now known as ideopathic
markcit used to work with 100% with wily07:43
=== Countess_Bathory is now known as BloodCountess
=== BloodCountess is now known as Countess_Bathory
=== _degorenko|afk is now known as degorenko
=== pitastrudl_ is now known as pitastrudl
=== leavd is now known as kicksled
=== Guest95404 is now known as ahasenack
=== ahasenack is now known as Guest59736
=== Ussat is now known as WeAreSCrewed2016
=== WeAreSCrewed2016 is now known as WeAreScrewed2016
theGoatanyone here handy with syslog-ng?13:07
ikoniayou'll do better to just ask the real question13:12
theGoati am trying to spin up TLS, from the docs i have been reading, i have the certificates in place, and the config done correctly, but when i do a netstat -nl i don't see it listening on the IP and port i have chosen.  nothing in the logs.  not sure where to go from here13:13
ikoniais it listening on the port would be the first check13:14
ikoniacan you atually connect to "something" listening on the port13:14
ikoniawhat does the startup of it look like13:14
ikoniawhat happens if you manually start it with the same argumennts in the foreground13:15
theGoatyeah i have tried to telnet on the port, and won't connect.  when started it in the forground, i don't see anything related to TLS in there13:17
ikoniaforget tls for the minute13:18
ikoniait's not even starting up13:19
theGoatyes, and it's listening fine, and receiving events13:19
ikoniayou need to look at why it's not starting up13:19
ikonianetstat's not showing it as listening13:19
ikoniaand you can't connec to it13:19
theGoatnetstat is showing on port 514, but not 1514 which i have defined for TLS13:19
ikoniaahh, so it is runing on 514, ok13:19
ikoniasorry, I thought you where saying it's not running at all13:20
ikoniabreak the tls config on purpose, see if it complains13:21
ikoniathat should give you an idea if it's trying to process it or not13:21
ikoniaup the debug level too,13:21
theGoatwhen i initally configured it, i had the paths to the certs wrong, and it still came up without barking13:22
theGoati installed it with apt-get....wondering if i should build it from scratch13:23
=== tyhicks` is now known as tyhicks
ikoniawhy would you build it from scratch ?13:34
ikoniawhat's that going to acomplish ?13:34
RoyKtheGoat: using letsencrypt?13:35
theGoatno.13:35
RoyKtheGoat: where did you get the certificates?13:36
theGoatikonia:  i thought it may be possible the version was missing something for TLS support.13:36
theGoatRoyK:  from our own internal CA13:36
RoyKok13:36
ikoniatheGoat: you should be able to see what it's linked against to see if it supports TLS13:36
ikoniaI'd be surprised if it didn't13:36
theGoatRoyK:  we don't want to use self signed certs13:37
RoyKletsencrypt != self-signed :P13:37
theGoatikonia:  how do i check that?13:37
ikonialook at the package dpeends13:37
ikoniadepends13:37
theGoat3.5.6-2.1 - syslog-ng-core (2 3.5.6) syslog-ng-mod-sql (0 (null)) syslog-ng-mod-mongodb (0 (null)) syslog-ng-mod-json (0 (null)) syslog-ng-mod-smtp (0 (null)) syslog-ng-mod-amqp (0 (null)) syslog-ng-mod-geoip (0 (null)) syslog-ng-mod-redis (0 (null)) syslog-ng-mod-stomp (0 (null))13:38
theGoatProvides:13:38
theGoat3.5.6-2.1 -13:38
ikoniatheGoat: ldd the binary13:40
theGoathttp://pastebin.com/caaaqHum13:42
RoyKno openssl/tls there13:43
ikoniais there an optional depdency for it13:44
theGoati didn't see one.  i just built it from src, and it says it's in there now13:50
ikoniathat doesn't seem a good approach to me13:50
ikoniathe package was rsyslog-gnutls13:51
ikoniaoops, thats the old one13:51
ikoniais syslog-ng the default in ubuntu13:52
theGoatikonia: no rsyslog is14:04
ikoniagood, thought I was losing my mind a bit on that then14:05
=== TREllis_ is now known as TREllis
=== Malediction_ is now known as Malediciton
=== pavlushka is now known as pavlushka_
=== pavlushka_ is now known as pavlushka
=== lordievader_b is now known as lordievader
=== Logos01_ is now known as Logos01
=== bekks_ is now known as bekks
=== iberezovskiy|off is now known as iberezovskiy
=== jelly-home is now known as jelly
rbasakpowersj: FYI, I triaged bug 1635491. I can reproduce it in Yakkety and in Debian, so I sent it up.15:47
ubottubug 1635491 in samba (Ubuntu) "nmbd hangs on service start if only the loopback interface is configured" [High,Triaged] https://launchpad.net/bugs/163549115:47
powersjrbasak: thanks for following up on that one!15:47
=== degorenko is now known as _degorenko|afk
powersjrbasak: bug 1636583 I'll build package after I go eat17:42
ubottubug 1636583 in debootstrap (Ubuntu) "SRU: Add zesty series link" [High,In progress] https://launchpad.net/bugs/163658317:42
=== iberezovskiy is now known as iberezovskiy|off
=== thib is now known as thiba
=== thiba is now known as thib
ktosiekhi! What's up with the last USN? I can't find any specifics, and the description sounds like an RCE20:21
ktosiekI'm talking about this one: https://www.ubuntu.com/usn/usn-3114-1/20:21
tewardktosiek: priv. escalation20:25
teward"The system could be made to run programs as an administrator."20:25
tewardktosiek: one-liner summary in here: http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1247.html20:26
tewardwith a little more data.20:26
ktosiekohhh20:36
ktosiekthat's not so bad ^_^20:36
ktosiekteward: thank you very much, I was panicking a bit20:36
=== m1dnight2 is now known as m1dnight_
tewardktosiek: never hurts to ask.  That said, the USN has a link to the CVE tracker data too20:47
tewardunder the References section20:48
tewardfor the future, in case you want to check other ones for more info and such :)20:48
ktosiekyeah, it was broken the last I checked :-P20:48
tewardit probably hadn't been updated yet (not "broken", just "out of sync")20:48
ktosiekwait, no20:48
ktosiekthat one to mitre.org is OK, but useless (reserved CVE). I might have missed the description under the ~ubuntu-security link20:50
ktosiekstill, thanks for pointing that out, and I'll pay more attention to the ~ubuntu-security pages20:51
tewardyep *goes back to lurking*20:51
=== m1dnight2 is now known as m1dnight_

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!