[02:12] <drab> hi
[02:12] <drab> I'm trying to practice and document a host swap/hd replacement in case of failure
[02:13] <drab> as I have it, I run lssci to get the list of devices with the wwn (which is labeled on the tray)
[02:13] <drab> make sure it matches which device and then run " echo 1 > /sys/block/$dev/device/delete"
[02:14] <drab> which I was under the impression was sufficient to tell the kernel that device was gonna and therefore could be removed from the machine safely
[02:14] <drab> however tailing syslog and pulling the drive after the above results in some stacktracer and quite a few angry messages
[02:14] <drab> I get the same messages if I skip the echo 1 /device deletion btw
[02:15] <drab> what gives? is there a better way under which the kernel isn't going to be angry at me or is the above "correct"?
[02:15] <drab> after the echo the device was gone from lsscsi btw and not seen by the system
[02:15] <nacc> drab: probably worth pastebining the exact messages after the delete and then the errors you see later
[02:19] <drab> nacc: yeah, thought of that, here it goes: http://dpaste.com/31EAD5R
[02:22] <nacc> drab: is this an actualy hotpluggable device (using kernel level hotplug)?
[02:22] <nacc> drab: if so, then you might need to use the right interface to hotunplug it
[02:23] <nacc> drab: it seems like the sas layer is still doing something when you pulled the disk
[02:23] <nacc> drab: done for the day, but i can help debug tmrw, maybe
[02:24] <sarnold> I'd sort of expect an mdadm command of some sort, similar to zpool replace or zpool offline
[02:34] <drab> sarnold: yeah, there's offline/detach
[02:34] <drab> but those disks aren't in the pool yet
[02:35] <drab> nacc: thanks man, was reading through some google pages, will ping you again tmoz if I don't figure it out before I fall off
[02:35] <drab> this is a hotswap tray on a server with a HGST drive that should support that no problem, plugged into a SAS backplane
[02:36] <drab> not sure about kernel level hotplug
[02:36] <sarnold> drab: do report back what you find out. I haven't tried pulling any my drives yet. :)
[02:36] <drab> that said tho, these drives aren't part of the pool yet, just dealing with the basics first, then will repeat in ZFS
[02:36] <sarnold> until today I've always assumed zpool replace or zpool offline would do the trick, hehe
[02:37] <drab> was trying to get a baseline for drives going in and out before doing it with zfs
[02:38] <drab> sarnold: yeah that I simulated actually, I had found a link where the guy was testing all of that with 5 USB keys in a raidz2, which is what I have
[02:38] <drab> but in that case I just yanked the keys out :P
[02:38] <drab> the good news is that it all worked fine
[02:38] <drab> but I didn't want to risk as much on actual data/disks
[02:38] <drab> so was trying to do it properly telling the kernel about it etc
[02:38] <sarnold> :)
[02:39] <drab> so far it's still mad at me...
[02:47] <drab> sarnold: my understanding is that the simple replace is ok if you have spare bays and the new drive is already in, the replace will resilver the new drive and then remove the damaged one
[02:48] <drab> however in a situation like mine, with 4 bays all taken, afaics you need to offline and detach the drive first, put the new drive in and attach that to the pool and the resilver will kick off
[02:48] <drab> no replace command
[02:48] <drab> but I'll confirm once I'm through
[05:38] <cpaelzer> good morning
[05:42] <cpaelzer> nacc: updated the page, thanks for starting it
[05:43] <roelof> Hello, I wanted to filter my mail on the mailserver. So I followed this tutorial : https://help.ubuntu.com/lts/serverguide/mail-filtering.html
[05:44] <roelof> but when I send a mail I do not see the spam and viruschecking headers
[05:45] <roelof> here is my amavis/15-content-filter :  http://paste.ubuntu/24452485
[05:45] <cpaelzer> missing a .com I think http://paste.ubuntu.com/24452485/
[05:45] <roelof> and here is my amavis/20-debian-defaults
[05:46] <roelof> and here is my amavis/20-debian-defaults : http://paste.ubuntu.com/24452489
[05:47] <roelof> and here is my amavis/50-users : http://paste.ubuntu.com/24452492
[05:48] <roelof> and my master.cf from postfix :  http://paste.ubuntu.com/24452500
[05:48] <roelof> my hostname is ubuntu
[05:49] <roelof> and my mailname is example.com
[05:49] <roelof> anyone a idea why the spam and virusheaders are not included
[05:50] <roelof> cpaelzer:  thanks, I forget that part
[05:51] <cpaelzer> roelof: I'm clearly not an expert on this, but two questions to hopefully slightly help
[05:51] <cpaelzer> roelof: did you try to lower the barrier of $sa_tag_level_deflt so that mroe things are tagged
[05:51] <cpaelzer> roelof: ah also, does it not work for sending, receiving or both?
[05:52] <cpaelzer> roelof: and finally there is a troubleshooting section in your first doc link
[05:52] <roelof> cpaelzer:  I did not change the barrier
[05:52] <cpaelzer> roelof: mostly about rising verbosity and checking the logs
[05:52] <cpaelzer> roelof: so you could increase log of amavis, clamav and postfix
[05:52] <cpaelzer> roelof: then restart all services
[05:53] <cpaelzer> roelof: then drive a test and parse your logs
[05:53] <cpaelzer> I'd hope that there is some indication in there
[05:53] <roelof> cpaelzer:  I did send a testmail with the xmail package and look at the recieved mails and did not see the headers
[05:53] <cpaelzer> roelof: since you are not seeing any headers I'd especially check the logs if there was something failing when initializing
[05:54] <roelof> cpaelzer:  oke, next step finding out how to lower the barrrier and finding out how I can rise the verbosity
[05:54] <roelof> and of course reading a lot of logs
[05:55] <cpaelzer> roelof: both steps are described in the mail filtering page you linked
[05:55] <cpaelzer> roelof: it has rising amavis/clamav on the page and a link to postfix logging
[05:55] <cpaelzer> down in the troubleshooting section
[05:55] <cpaelzer> lowering the limit to be tagged is on the same page
[05:56] <cpaelzer> roelof: there are also some more hints for troubleshooting at https://help.ubuntu.com/community/PostfixAmavisNew#Troubleshooting
[05:58] <rchavik> roelof, this https://www.mail-archive.com/amavis-user@lists.sourceforge.net/msg02182.html worked for me
[05:58] <rchavik> duh, i see that cpaelzer has already pointed that out.
[06:03] <roelof> changed it , now restarting all the services
[06:03] <roelof> Does it make any difference in what order they are restarted
[06:03] <cpaelzer> roelof: yes in this case unfortunately yes
[06:03] <cpaelzer> roelof: the last troubleshooting link listed the recommended order
[06:04] <cpaelzer> roelof: I'm not sure how important it is, but since there is an order listed I'd follow for now
[06:06] <roelof> cpaelzer:  I followed all the links but I cannot find the order :(
[06:07] <roelof> found it
[06:10] <roelof> nope, increasing the limit does not do the trick
[06:10] <cpaelzer> roelof: :-/, then you are down to check the logs
[06:10] <cpaelzer> doing so now can work if there is something obvious
[06:11] <cpaelzer> if not, you can still increase the log levels
[06:11] <cpaelzer> roelof: since logs can have a lot of red herrings I'd tail -f on them and then
[06:11] <cpaelzer> roelof: step1 restart your services one by one and check if there are errors
[06:11] <cpaelzer> roelof: step2: do your testmail and see if all services at least process something
[06:12] <rchavik> i had to lower the barrier to make headers appear (not increase)
[06:12] <roelof> sorry I mean lower. the value was 2 and is now -100
[06:13] <rchavik> ok
[06:13] <roelof> When I restart the services I do not see any errrors
[06:14] <roelof> and when I send a test-email I see this : http://paste.ubuntu.com/24452583
[06:15] <roelof> so I see headers but no spam or virus headers
[06:15] <roelof> so now time to increase the log levels
[06:24] <roelof> chips. I think the problem is I think there is no text in the body
[06:24] <roelof> I use crtl-d to say that  I want to go to the next field and I see then a empty body message
[06:24] <roelof> so there is nothing to scan
[06:25] <roelof> back to the bsd-mailx function how to solve this one
[06:28] <roelof> nope, also making a body does not solve it
[06:34] <roelof> when I look at the mail.log both seems to be working. I see some things about amavis and about spamassassin
[06:36] <roelof> the only thing that bothers me is that it looks like the body is still empty :  using 353/353 'body-0' compliled rules
[06:38] <roelof> nothing wierd in the logs except the body-0 compiled rules thing
[06:38] <roelof> cpaelzer:  can it be a problem that the hostname is different from the mail-name ?
[06:53] <roelof> Logging does not help to solve this one :(
[07:02] <roelof> anyone a idea how to solve this ?
[07:03] <sarnold> when logs don't work my next took is strace
[07:04] <sarnold> strace -f -o /tmp/logs -p `pidof whatever` -- and then you've got fun reading
[07:04] <roelof> sarnold:  strace with mail sending ?
[07:04] <sarnold> I didn't say it's _fun_ :)
[07:05] <sarnold> but the only way anything gets done is by interacting with system calls. so you've got something to work with when logs fail you.
[07:05] <roelof> first I have to find the pid of postfix, spamassisin and amavis
[07:58] <lordievader> Good morning
[08:09] <mynameistrevor> ph.archive.ubuntu.com is not working right now
[10:11] <mynameistrevor> can someone help me, ph.archive.ubuntu.com is down
[10:20] <TafThorne> mynameistrevor: ph.archive.ubuntu.com is up for me.  What is your problem?
[10:22] <TafThorne> I mean that in the sense of what error message are you seeing from what application, not in the sense of being sarky.
[10:26] <mynameistrevor> yesterday, when i'm updating the apt cache, update process stuck when it attempts to get updates from ph.archive.ubuntu.com, which is hosted by pregi.net. i tried to ping it but it dosen't respond at that time, then i pinged their ftp server and nothing happens. i've also tried to email them, but gmail said that the server isn't responding
[10:29] <ikonia> ping is not a test
[10:29] <ikonia> view the repo in a browser, see if it's aailable
[10:29] <ikonia> available
[10:30] <ikonia> looks like it's responding fine
[10:30] <ikonia> so you've sent someone an email saying it's not working, when it is
[10:34] <mynameistrevor> i send an email to pregi.net and gmail sent me an email that their email servers is not responding
[10:35] <ikonia> what ?
[10:36] <mybalzitch> mynameistrevor: so find a new mirror
[10:36] <mynameistrevor> mybalzitch: i tried to switch to the main servers
[10:37] <TafThorne> So does `apt-get update` work after you changed to the main servers, rather than the cache?
[10:37] <mynameistrevor> yes
[10:38] <TafThorne> So does this solve your issue?
[10:38] <mynameistrevor> yes
[10:40] <ikonia> the mirror is working fine
[10:40] <ikonia> there is no need to change
[10:44] <mynameistrevor> ikonia: as of now, philippine servers are now up; they're down yesterday
[10:44] <ikonia> so why are you telling us about it
[10:45] <ikonia> they went down, they are back, what's the problem
[10:47] <steven> morning guys, is there a way to configure autoremove's amount of kept kernels?
[10:47] <steven> my u1604 keeps 3 kernels atm which bloats /boot and breaks my updates when a new kernel ships.
[10:48] <steven> so I'd  rather set the number of kept kernels to two than resizing partitions
[10:51] <ikonia> how big is /boot ?
[10:59] <steven> 236M  153M   71M  69% /boot
[11:00] <steven> so 236mib
[11:00] <ikonia> 236 meg is quite small in general
[11:00] <steven> I didnt change it tbh, I just went with stock recommendations on this machine
[11:00] <steven> which was a silly idea in hinsight lol
[11:01] <ikonia> not at all
[11:01] <ikonia> if in doubt you'd assume the installer will guide you
[11:01] <steven> well it was, cos now my sys breaks on updates (well it doesnt really break, but I'll have to manually fix it)
[11:02] <steven> but yeah, setting the kept kernels to only 2 would fix it
[11:02] <steven> I just can't find the confiugration file and /etc/apt/conf.d/autoremove-kernels is a autogenerated file so I shouldnt touch it either
[11:02] <ikonia> to be honest, I thought ubuntu got rid of the n+2 kernel model and just assumed autoclean would do it
[11:03] <steven> maybe they did post 1604 :D
[11:04] <ikonia> I don't know - I assumed to be honest based on some of the behaviour I'd seen
[11:05] <steven> I dont have snap either
[11:05] <steven> which was introduced in 1604, too. right?
[11:06] <ikonia> I don't use snap
[11:07] <ikonia> I don't agree with the concept
[11:07] <steven> I dont either but canonical ofc forces you to use it
[11:08] <steven> until they realize that no one wants it and discontinue it again. but thats not for another 5 years
[11:08] <ikonia> canonical don't force you to use snap
[11:08] <steven> ah yeah? then try to use livepatch without it :)
[11:09] <ikonia> errr that doesn't make sense
[11:09] <ikonia> of course that has to be a dependency of it
[11:09] <steven> really?
[11:09] <ikonia> you're using a process that would depend on it and complaining that you have to use it....how would you expect it to work
[11:09] <steven> how does it depend on it tho?
[11:10] <ikonia> it moves selfcontained objects
[11:10] <steven> maybe its a bit of a technical question but how does a package format of sorts is a requirement to patch my kernel?
[11:10] <steven> why can't they just allow me to install the live patch app using apt?
[11:10] <ikonia> I don't think the actual "live patch" process depends on it
[11:11] <steven> I didnt say that, but to use it I have to install the app which I can only install using snap :)
[11:12] <steven> so the only way to get this feature is for me to use snap. ofc they dont force me to use it. I could simply not use that service
[12:33] <cpaelzer> TafThorne: would you be able and willing to do the proposed verification on bug 1630516
[12:33]  * cpaelzer sounds like a flight attendent
[14:10]  * drab hopes this channel is not overbooked
[14:14] <ikonia> ?
[14:15] <drab> ikonia: bad async irc joke... i ignore parts/join so when I logged in last thing I saw was "* cpaelzer sounds like a flight attendent"
[14:15] <drab> re recent united overbooked flight and the guy dragged out
[14:36] <TafThorne> cpae;zer: I can give it a go
[14:46] <TafThorne> Right I have got things setup as per https://wiki.ubuntu.com/Testing/EnableProposed I shall now give installing the package and running over the test case a go.
[15:04] <axisys> how do I find out all the changes will be made by a package install without installing it?
[15:06] <TafThorne> -s
[15:06] <TafThorne> for Simulate?
[15:07] <TafThorne> According to `man apt-get` all commands can have:
[15:07] <TafThorne> https://wiki.ubuntu.com/Testing/EnableProposed
[15:07] <TafThorne> -s, --simulate, --just-print, --dry-run, --recon, --no-act
[15:08] <nacc> sadly, `man apt` doesn't list those ... i wonder why
[15:08] <TafThorne> so `apt-get install -s <pacakge_name>` should show you what would happen.
[15:08] <TafThorne> Because apt is a simpler tool than apt-get ?
[15:09] <TafThorne> My copies on the man page say things like `install, remove, purge (apt-get(8))` which I guess is tring to hint that if you want to know what is relaly happening read the apt-get manual.
[15:10] <nacc> TafThorne: apt is meant to be (long-term, imu) a frontend replacement for apt
[15:10] <nacc> with saner defaults, less surprise to end-user
[15:10] <TafThorne> It says at the start of the apt man page "Much like apt itself, its manpage is intended as an end user interface and as such only mentions the most used commands and options partly to not duplicate information in multiple places andpartly to avoid overwhelming readers with a cornucopia of options and details."
[15:10] <nacc> it also is possible apt supports -s or --dry-run and doesn't document it
[15:10] <nacc> sigh
[15:13] <TafThorne> So yes.  Sounds like it supports it but does not wish to confuse Mr Simple User by mentioning simulations.
[15:13] <nacc> TafThorne: ack
[15:14] <TafThorne> nacc: `$ apt install -s chromium-bsu` works for me.  Enjoy!
[15:14] <nacc> TafThorne: cool, thanks for checking
[15:15] <TafThorne> nacc: No problem.  Nice for me to have a question on here I could answer for a change.
[15:15] <nacc> TafThorne: :)
[15:16] <axisys> thanks!
[15:19] <TafThorne> axisys: You are welcome.
[16:05] <drab> hey nacc , if and when you have time and are inclined to do so, I didn't manage to figure out what to do about those disks last night
[16:05] <drab> I always get that angry kernel stacktrace
[16:06] <nacc> drab: ok
[16:25] <ahasenack> oh boy
[16:26] <nacc> drab: so ... does your SAS enclosure support hotswap? or are these directly into your mobo?
[16:56] <drab> nacc: it's a supermicro server, x9drw, with a SAS backplane powered by an LSI controller. the disks are plugged into the backplane and the whole thing is configured in AHCI
[17:02] <nacc> drab: does the backplane support hotplugging?
[17:09] <drab> nacc: don't all sas backplanes do that? from what I read all SAS/SATA basically supports hotplug these days
[17:10] <nacc> drab: probably they *should* but i'm sure vendors sucks
[17:10] <drab> as long as it's set to AHCI mode you should be able to pull out drives and back in no prob, but maybe I'm wrong
[17:10] <nacc> *suck :)
[17:10] <drab> heh
[17:10] <drab> fair enough
[17:10] <nacc> drab: i'm trying to figure out where this is happening in the kernel
[17:10] <drab> ok, I checked the manual and I don't see any specific mention of "hotplugging", but maybe there's another keyword
[17:11] <drab> http://www.supermicro.com/manuals/other/BPN-SAS-815TQ.pdf
[17:11] <drab> that's the backplan for ref
[17:12] <nacc> drab: so i think what you're seeing is two things
[17:12] <drab> nacc: ok, this suggestes it does
[17:12] <nacc> drab: delete removes the disk itself
[17:12] <drab> https://www.supermicro.com/products/chassis/1U/815/SC815TQ-R500CB
[17:12] <nacc> drab: the error you are getting is the sas driver itself noticing a device was removed
[17:12] <drab> that's a chassis which says it has hot swap bays and uses the above as a backplane
[17:13] <nacc> and of course the sysfs entry for that device is gone
[17:13] <nacc> so i think it's ano rdering thing
[17:13] <nacc> you should tell the backplane to 'offline' the device first
[17:13] <nacc> i'm looking if you can :)
[17:14] <nacc> e.g., the megaraid sas driver has a hotplug routine
[17:14] <drab> I see, I don't think I've come across instructions like that when I was researching hotswap, will google again some more
[17:16] <nacc> drab: it might be a quirk of the controller -- the only hotswapping i've ever done has either been explicit (via a hotplug driver and commands) or fully hidden from the kernel via a controller
[17:16] <nacc> drab: this appears tob e somewhere between the two :)
[17:17] <nacc> drab: you're on 16.04?
[17:18] <nacc> drab: i *think* you can suspend the lldd
[17:22] <drab> nacc: yeah I'm on xenial
[17:22] <drab> lldd?
[17:22] <drab> link level device driver?
[17:23] <nacc> drab: yeah
[17:23] <nacc> drab: have you tried the hwe kernel? (i see 4.4 in your messages earlier)
[17:25] <nacc> drab: https://patchwork.kernel.org/patch/9410939/
[17:28] <nacc> drab: fwiw, those backtraces are just warnings, i think they are non-fatal and can be ignored
[17:29] <drab> nacc: I have not tried the hwe kernel, I'll give it a gom thanks
[17:30] <nacc> drab: np, it might not be fixed there either, but looks like that discussion is relevant
[17:30] <drab> nacc: and yeah, from 1Kfeet evreything seemed to work, I didn't see data loss etc, just the stacktrace looked worrisome
[17:30] <drab> thanks for your time and support, much appreciated
[17:32] <nacc> drab: np, i agree, i think the device deletion should mean the disk is removed
[17:33] <nacc> drab: i would only be worried about queue flushing, but since you're removing the disk altogether, that shoudnl't be relevant
[17:33] <nacc> and the raid consistency checks should catch it on rebuild, presumig you're using raid
[17:35] <drab> nacc: yeah those disks are part of a zfspool
[17:35] <drab> well, some, others are in a mdadm raid6
[17:36] <nacc> drab: yeah ok, then you've got a separate data consistency assertion
[17:56] <ahasenack> rbasak: https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/1611816/comments/16 verified yakkety and added verification-done-yakkety, shall I remove verification-needed?
[17:58] <rbasak> ahasenack: KSP? I like it :)
[17:58] <ahasenack> rbasak: hah
[17:58] <rbasak> ahasenack: yes, you can remove verification-needed. Thanks!
[17:58] <rbasak> I'll follow up on my actual SRU day tomorrow :)
[17:59] <ahasenack> done
[17:59] <ahasenack> we don't add verification-done (without an ubuntu release suffix) anymore, right?
[18:00] <ahasenack> rbasak: as a brain break I might try i386 too later, just to be sure the path where the module is installed is correct
[18:01] <rbasak> we don't add verification-done> we talked about it. I'm not sure the SRU team concluded anything apart from that changing policy would be nice. But no problem if you're more specific and never use it.
[18:37] <nacc> powersj: should we have a blueprint task to get rid of src:tomcat7?
[18:37] <nacc> powersj: looks to be held by davmail
[18:37] <powersj> nacc: sure! it is just source at this point
[18:37] <nacc> powersj: there's a binary dep on another package from the same
[18:38] <powersj> ah
[18:38] <nacc> davmail depends on libservlet3.0-java
[18:39] <nacc> (syncd from debian)
[18:56] <DhizUserThou> hey
[19:04] <Aison> where do the guest-* accounts come from?!?
[19:04] <Aison> I had 10 of them
[19:05] <sarnold> the "Guest Session" button in lightdm and the little gear icon in the upper right corner
[19:16] <CodeMouse92__> Where does user-level cron log?
[19:16] <CodeMouse92__> That is, the cron if you just run 'crontab -e' as the non-root user
[19:18]  * nacc thought all cron was logged via syslog 'cron'
[19:18] <sarnold> it sends you email with stdout and stderr
[19:18] <nacc> and then there are the mails
[19:18] <CodeMouse92__> Hm, yeah, okay...so...no mail.
[19:18] <CodeMouse92__> That is, via running 'mail'
[19:19] <CodeMouse92__> And I see plenty of stuff in syslog, but nothing from the user-level cron, only the system-level cron, which is why I wonder
[19:19] <nacc> CodeMouse92__: ah you might be right
[20:23] <am55> you need to make your own log file for user cron jobs as part of the job
[20:54] <Aison> sarnold, is it possible to disable this guest session?
[21:00] <pjcrown> I need a fresh set of eyes. With ufw enabled, mailserver receives no emails, see iptables http://paste.ubuntu.com/24455883/  With ufw disabled, all works, see iptables http://paste.ubuntu.com/24455884/
[21:03] <ikonia> pjcrown: I explained this to you
[21:03] <ikonia> in #ubuntu
[21:03] <ikonia> you have an iptables rule that is dropping all mail traffic
[21:03] <ikonia> I even gave you the rule
[21:04] <pjcrown> ikonia: I didn't believe that f2b-postfix-sasl was the problem; however, I removed f2b-postfix-sasl from the rules.  Even without that rule it doesn't work.  I showed you http://paste.ubuntu.com/24456141/
[21:05] <ikonia> pjcrown: where do all these rules come from
[21:05] <pjcrown> iptables -L
[21:05] <ikonia> no, I mean who created them
[21:06] <tomreyn> f2b would point to fail2ban
[21:06] <pjcrown> fail2ban created a few; ufw creates the rest.
[21:06] <ikonia> there are some odd ones though
[21:06] <ikonia> such as drop all
[21:07] <ikonia> pjcrown: drop your firewall rules, and build them up to the ones you need
[21:07] <ikonia> there appear to be an odd source of rules there
[21:07] <pjcrown> ikonia: throwing everything out and trying to build from scratch won't work for me.
[21:08] <ikonia> why
[21:08] <ikonia> you've just said with the firewall clean it works
[21:08] <ikonia> and you've got some odd rules in there
[21:08] <ikonia> so actually just build them to the ones you need
[21:08] <ikonia> eg: do an "allow" on what you want, then a deny all
[21:08] <ikonia> rather than the complex interaction you have now
[21:09] <pjcrown> So, you are saying don't use fail2ban and ufw?
[21:09] <ikonia> no
[21:09] <ikonia> re-read what I said
[21:12] <pjcrown> I installed a clean server. I installed fail2ban and selected postfix-sasl, ssh, and dovecot-pop3imap.  I saved 5 application profiles into ufw and enabled it.  Everything worked for 2 years even through updates.  Something changed yesterday - something was updated, now it doesn't work.
[21:13] <ikonia> so build up your rules then
[21:13] <ikonia> for example, you've get netbios-ns in there - I suspect you're not running a netbios name service
[21:13] <ikonia> why is that there ?
[21:13] <ikonia> (just as an example)
[21:16] <pjcrown> ikonia: I just wanted to know if something stood out.  And, no where is netbios-ns listed in any of the tables I posted.
[21:20] <ikonia> (just as an example)ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-ns
[21:21] <ikonia> powersj: many things stand out, such as the drop all policy
[21:21] <ikonia> the "evil_ips"
[21:21] <ikonia> many things stand out as odd and possible conflicts
[21:21] <ikonia> hence why I said build up what you need rather than this odd set
[21:22] <ikonia> I don't think you've read your rules clearly or you've lost focus if you couldn't see the netbios line I used as an example
[21:24] <ikonia> ahhh missed the rage quit
[21:42] <jge> hey all, anyone recommend a good file integrity tool in ubuntu?
[21:42] <jge> I've used AIDE in the past, but not sure if that's still around/supported
[21:42] <jge> OSSEC is an option but seems a little too much for simple file checking
[21:43] <jge> someone also suggested OSQUERY but eww
[21:43] <jge> why would I turn my OS into a big relational db
[21:44] <jge> just to do file integrity checks..
[21:44] <jge> even with their FIN module loaded it's still got limitations
[22:04] <drab> jge: don
[22:04] <drab> whups
[22:04] <drab> was saying, don't do this stuff anymore, but back then my vote went to samhain
[22:05] <drab> looks like it's still maintained, last release date was april 2016, so not horrible, don't expect it to change too much anyway
[22:05] <drab> http://www.la-samhna.de/samhain
[22:05] <drab> but yeah, ime it was ossec, aide, tripware and samhain
[22:06] <drab> there's also afick
[22:06] <drab> bbl
[22:07] <sarnold> Aison: i'd expect if you removed lightdm it'd be gone
[22:10] <Aison> sarnold, i need lightdm, but maybe I can disable guest stuff :P
[22:33] <drab> Aison: you can disable the guest account if that's whta you mean (don't have backlog)
[22:34] <drab> grep guest /etc/lightdm/lightdm.conf
[22:34] <drab> allow-guest=false
[22:34] <drab> that's all there is
[23:17] <Aison> drab, thx
[23:35] <drab> can anybody confirm stuff like this: https://forums.servethehome.com/index.php?threads/sas-drives-with-high-ecc-corrected-errors.6960/
[23:36] <drab> this links is basically saying that lots of ECC errors on reads on seagate drives are ok...
[23:36] <drab> seems dubious
[23:36] <drab> Read errors corrected by ECC counter in SMART, that is what I'm looking at
[23:37] <drab> these seagate drives look ... well... not good...\
[23:42] <sarnold> seems sketchy