| === poster is now known as Poster | ||
| === JanC_ is now known as JanC | ||
| CodeMouse92__ | oooookay, so apparently etherpad-lite is NOT friends with mod_evasive or fail2ban:apache-auth | 01:41 |
|---|---|---|
| CodeMouse92__ | It just banned my entire staff from the prod server. | 01:42 |
| CodeMouse92__ | I had to fix that, so............. | 01:42 |
| sarnold | ouch ;) | 01:42 |
| CodeMouse92__ | According to access logs, etherpad-lite has an average of, I dunno, around 12 pings a minute? | 01:42 |
| CodeMouse92__ | Way above evasive's threshold of 5 | 01:42 |
| CodeMouse92__ | So...I need some advice. | 01:43 |
| CodeMouse92__ | Can I (a) adjust fail2ban:apache-auth and mod_evasive to NOT freak out with etherpad-lite being used? | 01:44 |
| CodeMouse92__ | or (b) turn OFF those mods for only the etherpad subdomain (not ideal, of course) | 01:44 |
| CodeMouse92__ | or, (c) are they just practically incompatible and I need to kick etherpad to the curve if I want to keep a secure server in any capacity? | 01:44 |
| CodeMouse92__ | I mean, is 15 a REASONABLE threshold for mod_evasive? | 01:45 |
| sarnold | CodeMouse92__: this page looks like you can also whitelist ips in mod_evasive https://www.digitalocean.com/community/tutorials/how-to-protect-against-dos-and-ddos-with-mod_evasive-for-apache-on-centos-7 | 01:46 |
| CodeMouse92__ | sarnold: Well, the trouble is, my staff is all remote. | 01:50 |
| CodeMouse92__ | Changing IPs. | 01:50 |
| CodeMouse92__ | sarnold: I think I'll raise the threshold on mod_evasive to 15 hits per page | 01:51 |
| CodeMouse92__ | per minute | 01:51 |
| CodeMouse92__ | And, actually, since nothing's authenticating on etherpad-lite, I think fail2ban:apache-auth may have been reacting to the error logs filled up by mod evasive | 01:53 |
| sarnold | CodeMouse92__: what happens with etherpad when people type? does it send every keystroke in a new packet? or does it wait a full five seconds before sending the new text? | 01:54 |
| CodeMouse92__ | sarnold: I'm not honestly sure. | 01:54 |
| CodeMouse92__ | It seems to send in packets, based on how it updates | 01:54 |
| CodeMouse92__ | large packets, that is | 01:54 |
| sarnold | I'd aim for something more like 120 requests per minute for etherpad things; most devs can touch-type quickly | 01:55 |
| CodeMouse92__ | sarnold: It's an open thing. Would you mind spam-typing on mine, just to see if you get locked out? | 01:55 |
| CodeMouse92__ | I've whitelisted local network (me) | 01:55 |
| CodeMouse92__ | sarnold: https://pad.mousepawmedia.net/p/test2 | 01:56 |
| CodeMouse92__ | sarnold: Must be working now. I've got someone trying it, no bans | 02:01 |
| Latrina | good evening everyone. not really a server related issue but I dont know where else to ask | 02:02 |
| Latrina | can a ecryptfs folder / volume be mounted without passphrase but with the only signature? | 02:02 |
| Latrina | the situation is the following, I have home fully encrypted, while the rest of the rootfs is not encrypted. passphrase key file is store in home, while signature of this mount is stored in /root/. (not crypted) | 02:03 |
| Latrina | the crypted folder in this case is found in /usr/local/ | 02:04 |
| Latrina | thanks | 02:04 |
| CodeMouse92__ | Latrina: If you *don't* get an answer here, you can try ##linux | 02:10 |
| Latrina | CodeMouse92__, thank you man | 02:13 |
| sarnold | "signature"? | 02:14 |
| Latrina | the passphrase signature? | 02:23 |
| fishcooker | i try to install "$ sudo apt search linux-generic-lts-trusty", but i couldn't find the kernel 3.13.0.117.127 listed on the menu.lst http://vpaste.net/kKRu9 | 02:41 |
| cpaelzer | good morning | 05:06 |
| lordievader | Good morning | 06:28 |
| cpaelzer | nacc: I added usd build-source to the workflow on the wiki | 09:31 |
| cpaelzer | nacc: working fine after the fix you added yesterday | 09:31 |
| === fnordahl_ is now known as fnordahl | ||
| zioproto | jamespage: any news about the refresh for nova 14.0.5 ? | 10:50 |
| === tinwood is now known as tinwood_lunch | ||
| === tinwood_lunch is now known as tinwood | ||
| === freyes__ is now known as freyes | ||
| === jgrimm is now known as jgrimm-away | ||
| compdoc | I have a server with a bad mdadm drive that rebooted this morning. now its resyncing, but I assume the bad drive is syncing to the good drive, and copying any damaged data to the good drive. | 14:53 |
| compdoc | bad, meaning it has reallocated sectors | 14:53 |
| tsglove | I was reading about apr-proxy, yet not sure if there is a newer solution? | 15:06 |
| nacc | cpaelzer: great, thanks! | 15:21 |
| nacc | rbasak: re: LP: #1686859, my reading is that should be ok to sponsor? | 15:58 |
| ubottu | Launchpad bug 1686859 in ruby-riddle (Ubuntu) "ruby-riddle tests start mysql server with unknown option --force" [Undecided,New] https://launchpad.net/bugs/1686859 | 15:58 |
| nacc | rbasak: as delta for us? since our default is still mysql 5.7? | 15:59 |
| rbasak | nacc: I believe so, though I think Lars might be working on an improvement. Would you want to wait for that? If so I can confirm with him in the bug. | 16:00 |
| nacc | rbasak: that's fine, i'm just trying to push through the php7.0 removal and that's the last build-dep to get rid of :) | 16:03 |
| jge | hey all, got a problem here. I ran some install script that installed MariaDB but it failed, now every time I install anything I get the MariaDB configuration script pop up asking me to set a root db password | 16:03 |
| jge | if I do a apt-get purge mariadb-server it looks like I don't have it installed | 16:04 |
| jge | but maria's package config keeps popping up when I install or remove anything on the box | 16:05 |
| rbasak | jge: there are other related packages, like mariadb-common and mariadb-server-10.0 (or 10.1), etc. | 16:06 |
| rbasak | jge: try "dpkg -l|grep mariadb" | 16:07 |
| rbasak | Also "dpkg -l|grep mysql" | 16:07 |
| rbasak | Note that some libraries are needed by the base system, so you can't remove everything. dpkg will stop you with an explanation if you try. | 16:07 |
| jge | ok, yeah I see them now.. let me try to remove one by one | 16:08 |
| rbasak | I'd do them all at once to avoid dependency issues between them. | 16:08 |
| jge | ok let me try | 16:08 |
| teward | rbasak: and anyone who cares, thanks to Debian and some googling I've got patches from upstream sources to patch the fail to builds i'm seeing for nginx 1.12.0, an upload is 'soon' if it builds alright in the PPA. | 16:08 |
| rbasak | teward: thanks! | 16:09 |
| jge | rbasak: that did it, thank you :) | 16:12 |
| teward | yay it built, uploading shortly lol | 16:33 |
| teward | (it also works from what I can tell in this container...) | 16:33 |
| teward | rbasak: nginx 1.12.0-0ubuntu1 uploaded to artful proposed :) | 16:44 |
| rbasak | teward: \o/ thank you! | 16:56 |
| === poster is now known as Poster | ||
| sgrover | odd mount issue. Have a tmpfs mounted directory that has run out of space. Need to remount with new space. But this is on a busy website and there is a good chance of a file/directory being created in the time between the umount command and the mount -a command. | 20:04 |
| sgrover | The mount was NOT in /etc/fstab (I've slapped the fingers already), but is now, so the remount should be done via a mount -a. Would a "mount -a -o remount" do the trick? We really need to make sure the fstab entry is working properly as well... | 20:05 |
| ThiagoCMC | Guys, how to enable libosinfo in Ocata (Ubuntu 16.04)? Under [libvirt] at the docs, there are no such "hardware_config=libosinfo" option... I have installed libosinfo-bin, but I'm still seeing: "Cannot load Libosinfo: (No module named Libosinfo)" at nova-compute.log. Any idea? | 20:06 |
| jge | hmm strange, I'm trying to use SNI to host two apache SSL sites (same IP/Port) but when I split my VirtualHost in two files I get some ProtocolERROR and when I put them on a single file it works.. anyone know why this is? | 20:18 |
| grendal_prime | has anyone here ever added spice drivers to existing windes kvm guest? | 20:47 |
| grendal_prime | sorry ... has anyone here ever added spice drivers to existing windows 7 kvm guest? | 20:48 |
| ikonia | whats the real question | 20:54 |
| ikonia | and please don't cross-post | 20:54 |
| === JanC_ is now known as JanC | ||
| bindi | sup | 23:36 |
| bindi | https://hastebin.com/owujucazoq.erl what do these mean in dmesg? | 23:36 |
| sarnold | bindi: probably something like grub-install probing disks to find out what filesystem types need to be supported.. | 23:41 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!