[00:42] <foo> Can 16.04 use upstart if I install it?
[00:52] <RoyK> foo: why would you want upstart?
[00:52] <foo> RoyK: Thank you. Trying to set up nginx + upstart + python script. I had this working in 14.04, but 16.04 seems different somewhere. I use upstart to start my init script that launches gunicorn for my app
[00:53] <foo> RoyK: I'm open to another way, this is just how I did it initially, so I just start/stop my app with start / stop myapp
[01:10] <RoyK> foo: Xenial uses systemd, get used to t
[01:10] <RoyK> foo: Xenial uses systemd, get used to it
[01:12] <foo> RoyK: alrighty, I'll remove upstart. Thanks
[01:14] <UbuntuDude> Couple of months ago someone here gave a good info and url I added it to my bookmarks ... BUT I've forgot the whole thing :(
[01:15] <UbuntuDude> I think it was about images for ubuntu server distro(s) that optimized and ready for production ... the topic I was asking about back then about programs to control linux web server like cpanle
[01:16] <UbuntuDude> I remember finding ubuntu server iso image by amazon
[01:55] <RoyK> UbuntuDude: I'd recommend using an official image, not something on amazon unless you're using them as your VPS provider
[02:03] <UbuntuDude> RoyK: I'm just learning linux server
[02:03] <UbuntuDude> but I forgot what was the images they told me about here ...
[02:58] <RoyK> UbuntuDude: use the images from ubuntu.com - nothing else - the others may have been tapered with
[03:48] <fishcooker> i tried to remove old kernel when /boot 100%(scarse disk) hit... yes it's only 200MB with automatic security update without kernel blacklist but i've got https://bpaste.net/show/a957a4d9e824 when try the old one to release some space to upgrade to the latest kernel
[03:49] <fishcooker> is there any to remove the old kernel manually
[03:50] <sbeattie> fishcooker: apt-get purge linux-image-3.13.0-48-generic linux-headers-3.13.0-48
[04:01] <RoyK> fishcooker: rhel/centos has this feature of just keeping the last few kernels - not sure if that exists on debian/ubuntu
[07:38] <markc> hi, is there any way to get dpkg-reconfigure to acknowlege altered debconf settings so I can script re-setting a fresh server install?
[07:40] <markc> for the life of me I cannot get any variation of debconf-set-selections to change, for instance, the timezone for tzdata
[07:41] <markc> it may be that debconf only works on initial install of a package but in the case of tzdata it's not possible to remove it then reinstall it just so it picks up new debconf settings
[07:43] <markc> it used to work with 100% with wily
[13:07] <theGoat> anyone here handy with syslog-ng?
[13:12] <ikonia> you'll do better to just ask the real question
[13:13] <theGoat> i am trying to spin up TLS, from the docs i have been reading, i have the certificates in place, and the config done correctly, but when i do a netstat -nl i don't see it listening on the IP and port i have chosen.  nothing in the logs.  not sure where to go from here
[13:14] <ikonia> is it listening on the port would be the first check
[13:14] <ikonia> can you atually connect to "something" listening on the port
[13:14] <ikonia> what does the startup of it look like
[13:15] <ikonia> what happens if you manually start it with the same argumennts in the foreground
[13:17] <theGoat> yeah i have tried to telnet on the port, and won't connect.  when started it in the forground, i don't see anything related to TLS in there
[13:18] <ikonia> forget tls for the minute
[13:19] <ikonia> it's not even starting up
[13:19] <theGoat> yes, and it's listening fine, and receiving events
[13:19] <ikonia> you need to look at why it's not starting up
[13:19] <ikonia> netstat's not showing it as listening
[13:19] <ikonia> and you can't connec to it
[13:19] <theGoat> netstat is showing on port 514, but not 1514 which i have defined for TLS
[13:19] <ikonia> ahh, so it is runing on 514, ok
[13:20] <ikonia> sorry, I thought you where saying it's not running at all
[13:21] <ikonia> break the tls config on purpose, see if it complains
[13:21] <ikonia> that should give you an idea if it's trying to process it or not
[13:21] <ikonia> up the debug level too,
[13:22] <theGoat> when i initally configured it, i had the paths to the certs wrong, and it still came up without barking
[13:23] <theGoat> i installed it with apt-get....wondering if i should build it from scratch
[13:34] <ikonia> why would you build it from scratch ?
[13:34] <ikonia> what's that going to acomplish ?
[13:35] <RoyK> theGoat: using letsencrypt?
[13:35] <theGoat> no.
[13:36] <RoyK> theGoat: where did you get the certificates?
[13:36] <theGoat> ikonia:  i thought it may be possible the version was missing something for TLS support.
[13:36] <theGoat> RoyK:  from our own internal CA
[13:36] <RoyK> ok
[13:36] <ikonia> theGoat: you should be able to see what it's linked against to see if it supports TLS
[13:36] <ikonia> I'd be surprised if it didn't
[13:37] <theGoat> RoyK:  we don't want to use self signed certs
[13:37] <RoyK> letsencrypt != self-signed :P
[13:37] <theGoat> ikonia:  how do i check that?
[13:37] <ikonia> look at the package dpeends
[13:37] <ikonia> depends
[13:38] <theGoat> 3.5.6-2.1 - syslog-ng-core (2 3.5.6) syslog-ng-mod-sql (0 (null)) syslog-ng-mod-mongodb (0 (null)) syslog-ng-mod-json (0 (null)) syslog-ng-mod-smtp (0 (null)) syslog-ng-mod-amqp (0 (null)) syslog-ng-mod-geoip (0 (null)) syslog-ng-mod-redis (0 (null)) syslog-ng-mod-stomp (0 (null))
[13:38] <theGoat> Provides:
[13:38] <theGoat> 3.5.6-2.1 -
[13:40] <ikonia> theGoat: ldd the binary
[13:42] <theGoat> http://pastebin.com/caaaqHum
[13:43] <RoyK> no openssl/tls there
[13:44] <ikonia> is there an optional depdency for it
[13:50] <theGoat> i didn't see one.  i just built it from src, and it says it's in there now
[13:50] <ikonia> that doesn't seem a good approach to me
[13:51] <ikonia> the package was rsyslog-gnutls
[13:51] <ikonia> oops, thats the old one
[13:52] <ikonia> is syslog-ng the default in ubuntu
[14:04] <theGoat> ikonia: no rsyslog is
[14:05] <ikonia> good, thought I was losing my mind a bit on that then
[15:47] <rbasak> powersj: FYI, I triaged bug 1635491. I can reproduce it in Yakkety and in Debian, so I sent it up.
[15:47] <powersj> rbasak: thanks for following up on that one!
[17:42] <powersj> rbasak: bug 1636583 I'll build package after I go eat
[20:21] <ktosiek> hi! What's up with the last USN? I can't find any specifics, and the description sounds like an RCE
[20:21] <ktosiek> I'm talking about this one: https://www.ubuntu.com/usn/usn-3114-1/
[20:25] <teward> ktosiek: priv. escalation
[20:25] <teward> "The system could be made to run programs as an administrator."
[20:26] <teward> ktosiek: one-liner summary in here: http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1247.html
[20:26] <teward> with a little more data.
[20:36] <ktosiek> ohhh
[20:36] <ktosiek> that's not so bad ^_^
[20:36] <ktosiek> teward: thank you very much, I was panicking a bit
[20:47] <teward> ktosiek: never hurts to ask.  That said, the USN has a link to the CVE tracker data too
[20:48] <teward> under the References section
[20:48] <teward> for the future, in case you want to check other ones for more info and such :)
[20:48] <ktosiek> yeah, it was broken the last I checked :-P
[20:48] <teward> it probably hadn't been updated yet (not "broken", just "out of sync")
[20:48] <ktosiek> wait, no
[20:50] <ktosiek> that one to mitre.org is OK, but useless (reserved CVE). I might have missed the description under the ~ubuntu-security link
[20:51] <ktosiek> still, thanks for pointing that out, and I'll pay more attention to the ~ubuntu-security pages
[20:51] <teward> yep *goes back to lurking*