| === MCMXI is now known as nineteeneleven | ||
| === nineteeneleven is now known as MCMXI | ||
| === JanC_ is now known as JanC | ||
| c0mrade | What's the fix for the DCCP exploit Linux Kernal 4.4.0 for Ubuntu 16.04.2 LTS? I just downloaded the latest version and apparently it's vulnerable to that! :D | 09:31 |
|---|---|---|
| ikonia | c0mrade: the ubuntu maintainers will patch and maintain the kernel | 09:32 |
| ikonia | you don't need to worry about that | 09:32 |
| ikonia | and based on the fact that you are opening up your host to attack from everyone and then wondering why it's crashing all the time, I suggest you adjust your approach to security | 09:32 |
| c0mrade | ikonia: It's not crashing all the time... | 09:33 |
| c0mrade | Once you execute the exploit it does. | 09:33 |
| c0mrade | Which means the latest available version for ubuntu-server available for people online is vulnerable to this attack. | 09:34 |
| ikonia | c0mrade> Who's crashing it for real? | 09:34 |
| ikonia | c0mrade: bottom line - just trust the ubuntu maintainers to patch and maintain the kernel, they know much better than you | 09:34 |
| c0mrade | ikonia: I gave access to my box and am willing to give again, "stryngs" from ##security spent like an hour and couldn't get root or compromise the network. | 09:35 |
| c0mrade | I mean is there a fix available online? | 09:35 |
| ikonia | fix available on line....what are you talking about | 09:35 |
| c0mrade | fix for this issue? like an update... | 09:35 |
| c0mrade | ? | 09:35 |
| ikonia | c0mrade: the ubuntu developers and maintainers will patch and maintain the kernel for you | 09:36 |
| ikonia | updates will be pushed by the ubuntu maintainers, they know and understand bugs better than you | 09:36 |
| c0mrade | ikonia: When, how? Will someone from them login to my system and do it? Or will I have to wait until further notice. | 09:36 |
| ikonia | c0mrade: the updates are released to the ubuntu pakage repos | 09:37 |
| ikonia | have you actually checked if the ubuntu kernel has that vunerablilty ? | 09:37 |
| c0mrade | Are they already released? This issue has been for a while and it's a server edition distro, severity and impact should be as 'critical'. | 09:37 |
| ikonia | have you actually checked if the ubuntu kernel has that vunerablilty ? | 09:37 |
| c0mrade | ikonia: Yeah it does and it the exploit crashed the system, I have to manually reboot it, it freezes. | 09:38 |
| ikonia | how do you know ? | 09:38 |
| c0mrade | Because the exploit is in the home directory, being put by someone and ran by him, evertime he ran it, the system crashes and I can see all the kernel messages on the screen... | 09:38 |
| ikonia | c0mrade: you're giving access to your host to strangers on the internet who are crashing your box...and thats how you maintain security | 09:39 |
| ikonia | actually look yourself | 09:39 |
| ikonia | look at the CVE - look if it impacts the ubuntu kernel you are using, find the CVE bug in launchpad and look at the fix status | 09:39 |
| ikonia | your attitude to security is unacceptable and your expectation is unrealistic | 09:40 |
| c0mrade | ikonia: It's a simple exploit, am talking about something else, dont worry about me and my insecurity. I'll handle that myself. My question is that ubuntu latest distro proved to be susceptible to a known exploit. It crashes the os. | 09:40 |
| ikonia | c0mrade: you have no idea of that | 09:40 |
| ikonia | and you're not asking a question - you're making a statement that may or may not be true as you've not really checked it | 09:40 |
| c0mrade | ikonia: I have 100% confirmed it now. | 09:43 |
| ikonia | how | 09:43 |
| c0mrade | I ran the exploit and my system crashed. | 09:43 |
| ikonia | how | 09:43 |
| c0mrade | How what? | 09:43 |
| ikonia | how did you run the exploit | 09:44 |
| c0mrade | ./a.out | 09:44 |
| c0mrade | It's a c file | 09:44 |
| ikonia | what does a.out do | 09:44 |
| ikonia | where did you get it ? | 09:44 |
| c0mrade | I gcc compiled it | 09:44 |
| ikonia | where did you get the source | 09:44 |
| c0mrade | Someone uploaded it to my box. | 09:44 |
| ikonia | unacceptable | 09:44 |
| ikonia | again - you're letting random strangers put software on your box | 09:44 |
| ikonia | that is not how you judge security threats | 09:44 |
| ikonia | and this channel will not respond to security issues verified in this way | 09:45 |
| c0mrade | ikonia: That's not what our concern is now. Again don't worry about my security. I'll burn in hell why would you care? Again my concern is elsewhere now. | 09:45 |
| ikonia | your "report" is not an acceptable test | 09:45 |
| ikonia | I've told you how to verify the vunerability and risk | 09:45 |
| ikonia | and you're just trusting random strangers on the net to give you random code to run on your host - unacceptable way to test | 09:46 |
| c0mrade | ikonia: That's the exact real way for testing... | 09:46 |
| c0mrade | It's the real world. | 09:46 |
| ikonia | no it's not | 09:46 |
| ikonia | and that is so far from the real worl - it's un true | 09:46 |
| c0mrade | In the real world there's no one caring about how would you test the system, how would you report an issue, a 0day is developed and tested.. That was a real world scenario. | 09:48 |
| ikonia | in the real world people do controlled verified tests | 09:48 |
| ikonia | not asking random strangers to upload code to their box | 09:48 |
| c0mrade | ikonia: Not if it was a real attack. | 09:48 |
| ikonia | enought | 09:48 |
| ikonia | enough | 09:48 |
| ikonia | I've told you how to verify the bug / risk | 09:48 |
| ikonia | do that - or do not ask again | 09:49 |
| c0mrade | ikonia: Okay :) | 09:49 |
| c0mrade | Um it's not intended to crash the kernel but to gain root, but the system crashes instead... https://www.exploit-db.com/exploits/41458/ | 09:51 |
| ikonia | c0mrade: not what I said to do | 09:56 |
| ikonia | do that - or do not discuss it again | 09:56 |
| c0mrade | Here's the fix for it, how do I install that... | 10:03 |
| c0mrade | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 | 10:03 |
| c0mrade | What's the most stable kernel for ubuntu 16.04.2 | 10:15 |
| c0mrade | I've got 4.4.0-62-generic | 10:16 |
| c0mrade | Is 4.8 the one? | 10:16 |
| c0mrade | Looking to run this: "sudo apt-get install linux-generic-hwe-16.04" the problem is that it wants to install some WiFi packages and thermald | 10:22 |
| c0mrade | Would it on a server edition? | 10:23 |
| andol | c0mrade: linux-virtual-hwe-16.04 is also an option | 10:42 |
| c0mrade | andol: What about the link I provided up above? | 10:44 |
| c0mrade | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 | 10:44 |
| c0mrade | I just download it, unzip it and install it? | 10:45 |
| andol | c0mrade: The link regarding CVE-2017-6074? | 10:53 |
| c0mrade | Yeah | 10:55 |
| c0mrade | I've posted it again above. | 10:55 |
| c0mrade | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 | 10:55 |
| andol | Yeah, but from what I can see it is already patched in the Ubuntu 16.04 kernel packages. | 10:56 |
| andol | https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6074.html | 10:57 |
| c0mrade | I've already downloaded the file, what's the next step? | 10:57 |
| * andol has no idea what c0mrade is trying to accomplish | 10:58 | |
| c0mrade | andol: read this | 10:58 |
| c0mrade | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 | 10:58 |
| c0mrade | see you can download a file there. | 10:58 |
| c0mrade | what does that file do when I download it, shouldn't it fix that bug? | 10:58 |
| c0mrade | If it should, how do I install that thing | 10:58 |
| andol | Yeah, you could use that patch to build a new kernel, but I have no idea why you would want that, since the regular Ubuntu kernels have already been patched for you. | 10:59 |
| c0mrade | if they've already been patched for me, what should I do now? | 11:00 |
| c0mrade | what command should I issue to fix that | 11:00 |
| andol | The same you would do for any other (kernel) security upgrade | 11:01 |
| andol | apt-get update | 11:01 |
| andol | apt-get dist-upgrade | 11:01 |
| andol | reboot | 11:01 |
| c0mrade | apt-get update already done | 11:01 |
| c0mrade | so apt-get dist-upgrade left | 11:01 |
| ikonia | c0mrade: I told you what to do | 11:01 |
| ikonia | and I told you not to talk about it until you have done it | 11:02 |
| c0mrade | ikonia: I am updating the system! | 11:02 |
| c0mrade | What am I doing wrong......... | 11:02 |
| * andol reads a bit more backlog... | 11:02 | |
| ikonia | I told you to check if a.) that vunerablility had impacted the ubuntu kernel via the CVE reference and inclusion in the ubuntu kernel package b.) see if a fix had already been applied | 11:02 |
| ikonia | you keep just doing / saying random things | 11:03 |
| ikonia | you're whole basis for this conversation is because you let a stranger from the internet have full access to your machine and he gave you code that crashes your machine | 11:03 |
| ikonia | this means NOTHING and is not a valid test | 11:03 |
| c0mrade | ikonia: Full access? It was standard user! | 11:03 |
| ikonia | map the CVE to the ubuntu package, then map any possible fix to an update included in the repos | 11:03 |
| ikonia | until you have done this - please stop discussing it | 11:04 |
| c0mrade | There's no way I will give root. | 11:04 |
| c0mrade | It's a standard unprivileged user. | 11:04 |
| ikonia | please stop discussing it | 11:04 |
| ikonia | you let a stranger onto your machine and upload code and thats how you are now claiming this exploit | 11:04 |
| ikonia | verify it how I told you - or stop discussing it | 11:04 |
| c0mrade | ikonia: I am updating the system nevertheless, you can ignore my comment about the validity about this exploit. I want my system up to date, once am done I'll test that thing again and see. | 11:05 |
| ikonia | c0mrade: I told you at the start of your claim - the ubuntu maintainers will patch and maintain the kernel for you, they know better than you and updates will appear in the ubuntu repos | 11:06 |
| ikonia | why is your machine not up to date when I told you this at the very start of your exploit claims | 11:06 |
| c0mrade | ikonia: Okay. | 11:06 |
| c0mrade | ikonia: I've downloaded the ubuntu 16.04.2 lts from the official ubuntu website like a week ago and I thought it'll already have all the updates. | 11:07 |
| ikonia | c0mrade: no, as I TOLD YOU at the start, they will maintain it and push out packages to the reps | 11:07 |
| ikonia | repos | 11:07 |
| ikonia | c0mrade: if you want to continue to use this channel - pay attention and stop with this silly time wasting attitude | 11:08 |
| c0mrade | Ok. | 11:08 |
| ikonia | c0mrade: there will be no more warnings or discussion on your channel interactions, use the channel properly, with real problems and pay attention to the information given to you, or don't use it | 11:09 |
| c0mrade | ikonia: Ok. | 11:10 |
| [1]c0mrade | . | 11:34 |
| === [1]c0mrade is now known as c0mrade | ||
| c0mrade | . | 11:34 |
| tomreyn | c0mrade: with most irc clients, you can use the /ping command to ensure you are connected to an irc server / network | 11:39 |
| c0mrade | tomreyn: I wasn't making sure of that. | 11:43 |
| c0mrade | I just regained my nickname. | 11:43 |
| tomreyn | i see. | 11:47 |
| hanna | I have a machine that's running out of RAM and swapping, even though absolutely nothing seems to be using that memory.. the only clue I've gotten at all so far is that dmesg was full of NVRM: RmInitAdapter failed spam | 13:10 |
| hanna | I already unloaded the nvidia modules but the memory is still gone, apart from a hard reboot is there anything I can do to reclaim it? | 13:10 |
| hanna | I just rebooted it, I exhausted all ideas I had | 13:16 |
| tomreyn | hanna: capture 'vmstat -s' and 'free -m' outputs when it happens again. | 13:25 |
| tomreyn | also "cat /proc/swaps" | 13:26 |
| tomreyn | hanna: you can already check this now: cat /proc/sys/vm/swappiness | 13:27 |
| tomreyn | can we assume that you are running an fully patched system with an up to date kernel (not just installed but also running)? | 13:28 |
| tomreyn | also, which ubuntu release is this | 13:29 |
| php | Hey! One of my clients is having an issue with their server (Ubuntu 14.04). It boots but no longer accepts any SSH connections (Connection Refused). | 14:07 |
| php | We booted into their rescue OS (it's an OVH server, we used rescue-pro), mounted /dev/sda2 to /mnt, chrooted to that, then allowed port 22 via ufw. We also used update-rc.d to start SSH on boot. | 14:08 |
| php | When we went back to the OS, SSH still wasn't accepting connections. | 14:08 |
| php | If anyone here has any ideas what could be the issue, please let me know. It's quite weird. | 14:09 |
| dannysantos | I have a home web server that is using freedns.afraid.org service for dynamic dns. Imagine my dns is alex.website.net and that is pointing to my home server. Does the traffic that goes to test.alex.website.net also reaches my home server? | 14:47 |
| andol | dannysantos: Not unless you explicitly configure it that way. | 14:53 |
| dannysantos | ok, thank you andol | 15:03 |
| drab | php: from the chroot you should have had acess to syslog from the previous run, ddi you check that? | 15:59 |
| drab | antyhing in there about ssh | 15:59 |
| tomreyn | syslog but also auth.log | 16:02 |
| tomreyn | php: ^ | 16:02 |
| php | drab, damnit, forgot syslog | 16:03 |
| tomreyn | also make sure your client doesn't run a newer version which default to secure encryption / hashing mechanisms which old servers may no support, yet. | 16:03 |
| tomreyn | php: if you have OOB access to the server you can still access the log while the server is running | 16:04 |
| tomreyn | php: is it an OVH branded or soyoustart / kimsufi system? | 16:04 |
| php | tomreyn, kimsufi | 16:05 |
| tomreyn | oh, most likely no OOB then | 16:05 |
| php | None of their services (ssh/apache/others I think) are listening on boot, which is strange. | 16:06 |
| php | Waiting for rescue-pro again so I can check syslog | 16:06 |
| tomreyn | you or your customer are doing things wrong if you use those systems for business | 16:06 |
| drab | php: ok then the problem is much deeper than ssh | 16:07 |
| tomreyn | could be a firewall issue | 16:07 |
| php | tomreyn, I uninstalled iptables and it still wasn't working | 16:14 |
| tomreyn | okay, it was just a guess | 16:15 |
| php | Also, they're using this for personal use. Not a business-related server. | 16:15 |
| tomreyn | "sudo lsof -i :22" to ensure sshd is running / listening on port 22 | 16:15 |
| php | I can't get into the server to run commands like that | 16:16 |
| tomreyn | right, sorry, i forgot you dont have oob | 16:16 |
| php | Which would be way easier if they picked SYS. SYS offers 24h/1w KVM | 16:17 |
| tomreyn | as a costly add-on, which to install, can take a while, increasing your downtime. but i guess it wont matter for this system. | 16:18 |
| php | Had they been able to get KVM, I would've had to charge them less and waste less of both of our time. :P | 16:18 |
| php | I just wanna play games on the weekend :( | 16:18 |
| tomreyn | thanks for reminding me - gonna play a gam enow ;) | 16:19 |
| drab | what's this game thing you speak of? :( | 16:20 |
| drab | just finished building a new server and fans are spinning like crazy, don't get why | 16:20 |
| drab | same build as the others | 16:20 |
| php | drab, games are weird things that has mathematical stuff going in the background to draw "pick-sells" or something to my screen? | 16:21 |
| drab | ewww maths | 16:25 |
| php | tomreyn, https://gist.github.com/1DC/83e305aaa458c0168fd2c4671f1876a1 syslogs | 16:31 |
| php | https://gist.github.com/1DC/960a66dd0c949cade567586eb9eb5418 boot.log | 16:32 |
| php | ^ potentially has the issue | 16:32 |
| php | askubuntu says not to worry about that one | 16:33 |
| CarlFK | php: what is rtm? | 16:34 |
| php | No idea. | 16:34 |
| drab | a more polite invite to reading the manual? | 16:34 |
| php | I have my Google open, hold on. :P | 16:35 |
| drab | php: where's the ssytem boot log part? | 16:35 |
| php | drab, hmm? | 16:35 |
| CarlFK | my quick guess is the box has been hacked. so shut it down, build a new one, restore backups, hope you don't put the exploit back in place. | 16:36 |
| php | I might've found an issue! | 16:36 |
| php | http://i.imgur.com/yH9LOB1.png | 16:36 |
| php | Gonna remove that from fstab and see if it boots | 16:37 |
| drab | php: that part of the log you pasted seems about right now | 16:39 |
| drab | since you're saying that services aren't starting at boot what you should be pasting/looking at is the boot log part | 16:39 |
| drab | to see what happebned then, which maybe also has a hint about the fstab | 16:40 |
| drab | the boot log saying everything OK is weird tho | 16:40 |
| drab | since everything does not seem to be ok | 16:40 |
| php | Issue fixed | 16:47 |
| php | It was their /dev/sda3 | 16:47 |
| drab | cool beans | 16:54 |
| drab | I wish my issue was fixed too... | 16:54 |
| tomreyn | 'rtm' is OVH (the dedicated server hosting company's) 'real time monitor' https://github.com/wodim/ovh-rtm | 16:55 |
| tomreyn | drab: the game i played is in my host mask ( i don't want to advertise it here) | 16:57 |
| CarlFK | tomreyn: thanks. kind like an back door. maybe a back window ;) | 16:57 |
| drab | with qemu, should I dance the hugepages dance? I'm not clear if it's important/recommend to set up hugepages at this point | 18:32 |
| drab | most stuff I've read about qemu don't have it listed as steps/tunings on the host, but it seems to make quite a bit of sense | 18:32 |
| drab | altho I'm unclear if it really makes most sense when you start to run a larger amount of instances Vs just one or two (my case since I'm mostly on lxd) | 18:33 |
| drab | sarnold: fwiw the other benefit I found of virtio-scsi is device naming, which are consistent with what you'd expect, ie /dev/sda | 18:40 |
| drab | this makes stuff like preseeding qemu and pre-selecting devices a lot easier without having to maintain differences with qemu installs and using vdX | 18:40 |
| CarlFK | http://cdimage.ubuntu.com/releases/zesty/release/ "There are three images available, each for a different type of computer: arm, ppc and s390x IBM System z | 18:47 |
| CarlFK | um.. where is x86_64? | 18:48 |
| CarlFK | I am looking for the zesty version of http://cdimage.debian.org/cdimage/stretch_di_rc3/amd64/iso-cd | 18:50 |
| JanC | CarlFK: http://releases.ubuntu.com/zesty/ | 19:05 |
| CarlFK | JanC: thanks | 19:06 |
| JanC | CarlFK: that server has the official/supported releases; cdimage.u.c has "non-official" CD images | 19:09 |
| ShaRose | anyone here use lxd with raw.idmap? It's not liking me very much at the moment. | 19:30 |
| runelind_q | which package contains lxc-attach? | 23:08 |
| sarnold | lxc1 | 23:08 |
| Poster | runelind_q: You can go to http://packages.ubuntu.com/, go down to the section that allows you to search the contents of a package and enter your file name of interest | 23:08 |
| sarnold | or install apt-file; no webpages :) | 23:09 |
| Poster | There's that too ;D | 23:09 |
| runelind_q | hrm, I wonder what value it is looking for with lxc-attach --name. When I use the name in lxc list it says container not defined. | 23:14 |
| sarnold | "lxc list" is probably using lxd instead, in which case "lxc attach" may work better | 23:18 |
| runelind_q | hah, apparently it is a bug | 23:18 |
| runelind_q | attach is not an option of lxc | 23:18 |
| runelind_q | I have a CentOS container that won't let me ssh into it anymore. | 23:20 |
| runelind_q | restarting doesn't fix it either. it was after I upgraded openssh | 23:21 |
| rbasak | "lxc exec foo bash" | 23:31 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!
