/srv/irclogs.ubuntu.com/2017/07/11/#ubuntu-server.txt

cpaelzerrbasak: gah yeah - all was fine except when opening the MP on LP enterd the wrong traget05:28
cpaelzerrbasak: thanks for making me aware05:29
jonahHi my csf/lfd firewall keeps giving UUIDD warnings about excessive usage. I thought I'd best check if it's safe to whitelist "/usr/sbin/uuidd --socket-activation" ?08:22
rbasakahasenack: I'm thinking about MP vs. upload tag workflow. Can you tell me what you can change the MP Status field to in https://code.launchpad.net/~ahasenack/ubuntu/+source/libapache2-mod-auth-pgsql/+git/libapache2-mod-auth-pgsql/+merge/326173 please?14:51
ahasenacksure14:52
ahasenackrbasak: work in progress, needs review, merged14:52
rbasakThanks. I also have Approved and Rejected.14:52
rbasakI think that's because I'm in ~usd-import-team and that's the merge target.14:52
ahasenackyep14:57
=== JanC is now known as Guest50617
=== JanC_ is now known as JanC
=== mike-zal is now known as mike-zal-robi-ko
=== mike-zal-robi-ko is now known as mike-robi-kolacj
=== mike-robi-kolacj is now known as mike-zal
=== Epx998- is now known as epx998
hosashow do I delete virtual network interfaces17:49
sarnoldtry ip link delete?17:50
hosasip link delete  vboxnet23 is returning "RTNETLINK answers: Operation not supported"17:50
hosassarnold: I did but I'm getting "RTNETLINK answers: Operation not supported"17:50
hosasby the way I'm using Ubuntu 16.0417:51
tewardhosas: you may want to go into the virtualbox network editor and remove the interface.17:51
tewardif you're on a GUI that is17:51
tewardif not, then you'll have to probably just *remove* virtualbox.  (It's not real useful on servers anyways, afaict)17:51
sarnoldhosas: interesting. does vbox provide nic-specific kernel modules that you could unload? or does it lump together all its virtio devices into one module?17:51
hosassarnold: that's a complex question for me- I have no Idea what you're saying lol17:52
sarnoldhosas: hehe, okay; try 'lsmod' on the guest and see if there's a huge pile of vbox* module names or just one or two17:53
gheorghe_hosas did you try removing them from etc network interfaces?17:53
sarnoldif something looks like vbox-virtio-nic or gives the strong impression that it just does NICs, try rmmod the thing :) -- noting of course that if you're ssh'd into the vm, you migh lose control over the vm17:53
hosasgheorghe_:  let me try but I don't think it work17:53
tewardsarnold: `vboxdrv` = `vboxnetadp,vboxnetflt,vboxpci` = individual lsmod items.17:54
gheorghe_hosas if you reboot .... :D17:54
tewardon 16.04 host.17:54
tewardgheorghe_: vboxnet nics aren't populated in /etc/network/interfaces I believe.17:54
tewardthey're usually part of their own drivers/services17:54
hosasthe actually issue is this: when I ran iwconfig I get a lot virtual network that I'm not using17:54
tewardlike VMware's are.17:54
hosasle t me try it and give you feedback17:55
axisyswhat is good p2v software to convert a physical to VMware VM ? vcenter convertion is failing since they are in different network. So if I could run it locally and take the image over, not sure if possible17:56
gheorghe_hosas, teward: sorry i didn't notice you use vboxnet. why not KVM ?17:56
hosasgheorghe_:  reboot didn't work. But the let try carefully state the main issue17:59
hosasafter updating from 14.04 to 16.04 about  a month ago I immediately noticed that my network-manager is show alot of: Ethernet Network () device not managed18:01
hosasbut my internet works18:01
hosasso I started googling to find a way out and the closet answer I got on the net was: someone blame it on Docker18:02
hosasthe solution given never worked for me18:02
hosassomeone suggested to state the issue here might get help18:04
hosasgui network operation manager for virtualbox is not helpful either18:05
hosassarnold: perhaps you tell me how to use  ip link delete properly (with an example). Thanks18:08
sarnoldhosas: I think I figured you're solving a different problem than I expected18:10
sarnoldhosas: I thoguht you wanted to isolate a specific VM from the network but I've now come around to thinking that you're trying to remove NICs from the vm host, not vm guests, and that'll probably just break your VMs18:11
hosassarnold: yes. But I think  ip link delete suppose to help-according to the man page18:11
hosassarnold: let me show an iwconfig18:13
sarnoldif you actually use and care about vms on this thing you should probably just leave well enough alone18:13
hosassarnold: please look at this http://paste.ubuntu.com/25069732/18:14
sarnold36mb ooof18:14
hosassarnold: sorry that was wrong look at this instead http://paste.ubuntu.com/25069737/18:16
hosas 18:16
hosassarnold: as you can see I have a lot of useless vboxnetxx just laying there: the problem is the are showing up on my gui network manager as: Ethernet Network ( ) device not managed18:19
hosasit's annoying when you have 20 of them18:20
hosasI really don't care if break a vm- I hate scrolling down just to access my network interface18:21
sarnoldthen uninstall virtualbox and be rid of them all? :)18:22
hosashahahaha18:24
hosasthat didn't work either18:24
hosasbut I did only twice18:24
hosassarnold: thanks for your time and the other 'guys' that help18:28
sarnoldhosas: removing vbox didn't work? how did you uninstall it?18:29
tewardgheorghe_: I use vmnet for VMware.  KVM is a pain to bridge things.  Though in 99% of cases stuff is for me already containerized in LXC/LXD.  Except my MacOS VM, that's in VMware.  (Free VMware Workstation 12 license through school, why not :P)18:48
hehehefolks18:51
hehehevult allows to issue vps stop via api18:51
hehehecan be used with ossec to stop it in case of someone copying db?18:51
heheheif its real time monitoring they would not be able to get it out from the server perhaps18:52
hehehedepends on how fast vultr kvm stop works18:52
heheheteward: also from time public vuln is published what it takes time wise for it to be added to ubuntu sec updates?18:53
nacchehehe: if someone is able to read your database to copy data out of it, then you're already compromised18:53
hehehenacc: they wont be able to get it out18:53
tewardhehehe: i'm a little confused by why you're highlighting me?18:53
nacchehehe: well, not compromised, but i don't undestand what security problem you think you're solving18:53
heheheteward: I was thinking you are the dude who maintains sec updates18:53
nacchehehe: shouldn't you be asking vult?18:54
hehehenope?18:54
nacchehehe: please get your facts straight.18:54
hehehehey there18:54
hehehemy facts are straight18:54
hehehe;)18:54
naccno, they are not.18:54
heheheand why not18:54
nacchehehe: you come in here periodically, it feels like, to troll18:54
hehehehow do you pull database out?18:54
hehehewhen vm is down?18:54
hehehename calling is not best way to talk18:55
hehehethis is not a creche18:55
hehehewhats the weakness in the idea?18:55
hosassarnold: this is embarrassing  :)- it worked...let me try installing it again and if it comes back-doubt it would18:55
heheheteward: am I wrong to think you are guy dealing with ubuntu security updates? :)18:56
heheheif yes sorry18:56
nacchehehe: you are wrong18:56
sarnoldhosas: those nics probably will return18:56
nacchehehe: no one person deals with all security updates18:57
hehehenacc oki but teward is one of them18:57
hehehe? :)18:57
nacchehehe: the security team deals with security updates18:57
hehehewell if you dont want to talk18:57
hehehe:)18:57
hosassarnold: they better not18:57
nacchehehe: i don't understand why? i'm the only one *not* ignoring you at this point.18:59
hehehewhy what18:59
hehehewhy u dont want to talk?19:00
heheheI dont know19:00
heheheand yes how fast ubuntu security is updates?19:00
hehehemaybe a website to check19:00
nacchehehe: nm. I don't understand why you think I don't "want" to talk. I am the only one responding to you, because (i expect) most people are ignoring you.19:00
hehehelol dude people are busy19:01
nacchehehe: https://usn.ubuntu.com/19:01
heheheits not like everyone sits here and reads chat19:01
Ussathehehe, its updated as it gets done, its a FREE service, if you want gaurentees, feel free to pay for #rhel19:02
heheheyes that is clear now19:02
hehehety for the link19:03
sarnoldor ubuntu advantage, though that wouldn't actually get you security updates faster :) heh19:03
heheheeee19:03
hehehesarnold: I think best  then simply check cve db daily and apply19:04
hehehe:)19:04
sarnoldjust install unattended-upgrades on your guinea-pig machine19:04
heheheyes I have done it19:04
hehehe:)19:04
Ussatif your worried about having to apply sec updates daily, well, bigger issues19:05
UssatI patch monthly19:05
Ussatunless a VERY good reason19:05
hehehei prefer ideally as soon as public exploit is out19:05
hehehewhy wait :)19:05
Ussatbecause, none of my systems are open to the net19:05
heheheoki19:06
hehehesarnold: what you think about vps lock down upon unauthorised access?19:06
hehehethen simply change a record to machine with nginx and html undermaintenance and quickly patch19:07
sarnoldhehehe: why not just configure your security groups to enforce what you want enforced?19:07
hehehewhich security groups?19:07
Ussatthis conversation sounds vaguely familiar19:07
heheheanyways going to do something :)19:08
sarnoldhehehe: 'security groups' is aws terminology for provider-supplied firewalling. you open up specific ports / ip ranges in their networking layer for your systems to communicate with. it's a lot like a firewall that the system itself can't manage.19:10
hehehei done that19:11
hehehehowever if someone managed to escalate to root, you cant block 80 and 443 ports19:11
hehehethey will simply put sql backup in www and download19:12
Ussatif someone manages to esc to root, youre already boned19:12
hehehenope19:12
hehehere read what been said19:12
hehehevultr allows vps shutdown via api19:12
UssatI know what vultr is19:12
hehehewith a monitoring server that logs sql it may be possible to shut vps fast19:13
heheheespecially if monitoring server is in private network on vultr too, low latency19:13
heheheor attacker sql export and wget will be faster?19:14
jonahhey I've set up some ssh rsa keys and they work great. but I enabled the password protection thinking that a password would only be prompted for once initially. however I'm asked every time I connect. I've tried doing the ssh-add command which works but then when I close and reopen a terminal I'm asked again for the password each time. also after a reboot I'm asked each connection. Does anyone know how to just be asked for the19:16
jonahpassword once, after a reboot etc of course asked again but not then for every connection...?19:16
naccjonah: you want to look into setting up an ssh-agent19:17
naccjonah: i believe -- if you're on a desktop, there are some builtin to gnome, etc.19:17
ahasenackis there a known bad interaction between ntpd and something from systemd? Does systemd have its own ntp(d) service?19:19
jonahnacc: thanks - well i wanted to just use the command line ssh-agent and use ssh-add but it doesn't seem to stick...19:19
sarnoldahasenack: yes, systemd-timesyncd19:20
ahasenacksarnold: is that inside the systemd package, or a separate one?19:21
* ahasenack searches19:21
sarnoldjonah: the trick is you've got to get the agent started and environment variables populated correctly19:21
naccjonah: iirc, ssh-agent, when run, dumps out a bunch of env variables19:21
naccjonah: you need to actually issue those to use the agent19:21
sarnoldjonah: if you're starting the agent after you've started an X11 session it's probably been started too late19:21
ahasenack● systemd-timesyncd.service - Network Time Synchronization19:21
ahasenackok19:21
naccsarnold: good point19:22
sarnoldbecause you need to get those env variables to all child processes for terminals and the like19:22
sarnolda dozen years ago I used a tool called 'keychain' to try make it more managable, but I haven't found a need for it on ubuntu19:23
jonahsarnold: ah ok, so is there a method i can follow for this? like do i just add the ssh-add command in front with && of my ssh command, so the initial connection then asks for the password but future ones don't from that session?19:23
sarnoldjonah: I'd say troubleshoot the basics first; start a new terminal and immediately env | grep SSH to make sure you've got a SSH_AUTH_SOCK variable, that the socket exists, permissions look right, etc19:25
ahasenackjonah: what's your desktop? This should be working out-of-the-box without having to run ssh-add19:30
ahasenackor is this a server?19:30
ahasenack(I saw X11 being mentioned, hence my question)19:30
jonahahasenack: sorry yes server19:31
gheorghe_i had an aswer for honas and he left lol19:32
ahasenackjonah: and you have a private encrypted ssh key on that server, and you want to ssh from there to somewhere else19:32
sarnoldgheorghe_: oh?19:34
gheorghe_oh wat?19:39
sarnoldI'm curious what your answer was going to be :)19:40
lunaphytehi.  i also have just asked this in ##linux, so feel free to admonish me for cross posting - given this:  http://dpaste.com/1A9WWH8 - i'm wondering where scsi0 and scsi1 are?20:11
lunaphyteaha - host0: ata_piix and host1: ata_piix20:14
lunaphyteit seems like it would be nice if that was a little bit more readily reflect in the output of things like lsscsi20:15
lunaphytehmm, maybe there's an option to say show all even unused20:15
lunaphyteyes, lsscsi -H20:17
heheheafter changing hostname which service I restart for changes to take place?20:53
heheheor reboot is must?20:56
qman__it used to just be an init script called hostname20:59
qman__but I'm not sure with current versions20:59
tarpmanhostnamectl(1) ?21:00
heheheFailed to restart hostname.service: Unit hostname.service is masked.21:00
heheheoki this may work sudo hostnamectl set-hostname new-name21:01
heheheteo thanks tarpman21:03
heheheyep21:03
hehehesudo dpkg-reconfigure --priority=low unattended-upgrades  - what does priority low do?21:48
geniiasks more config questions21:49
hehehegenii: hmm how come?21:49
heheheand if I set priority=high?21:49
geniiThen it only asks questions it can't just set reasonable defaults for21:50
heheheok low priority questions21:51
hehehety21:51
geniiYep21:51
heheheand when it says origin Debian its normal for Ubuntu 16.04?21:53
heheheit did work already on 1 box I just wonder why it use Debian cause it Debian based?21:53
geniiYes, because upstream is Debian21:54
hehehethe package update unattended how often does it checks for updates?22:47
drabhehehe: read the man page and check its config22:57
geniihehehe: Default is each boot, or each shutdown if you switch it to that in /etc/apt/apt.conf.d/50unattended-upgrades. If you want to specify a certain number of days, set APT::Periodic::Unattended-Upgrade=X where X is how many days. You can do this with creating  /etc/apt/apt.conf.d/02periodic and putting it in there.23:00
genii0 for value there is to disable unattended upgrades23:00
hehehegenii: how come its not in the updgrade-unatended manual?23:01
heheheyes  I did modify 50... file to enable updates with reboot and update time now23:01
hehehegenii:  it there any point to run it hourly?23:02
tarpmanhehehe: no. there's little point to updating more than about once a day; all that does is generate more load on the servers23:03
geniihehehe: https://wiki.debian.org/UnattendedUpgrades23:06
geniihehehe: I recommend to install apt-listchanges also, as described there. You don't have to use it with system pager, I have mine just email me offsite23:08
hehehewhat is apt-listchanges for?23:09
geniiWhat it's name suggests23:09
geniiTo list changes in your packages23:10
heheheand if I create 02periodic will its config work alongside 20auto ?23:10
heheheor I must use only one of them?23:10
geniiEither or both, it doesn't matter23:11
heheheI checked listchanges conf - it simply emails root when new packages are installed?23:13
geniiIt has a bunch of different settings. You can pipe the changes also to system pager, etc. But doing that is a pain. Check it's manpage23:13
geniiDefualt I think is sytem pager and not to email23:14
heheheapt-listchanges is a tool to show what has been changed in a new version of a Debian package, as compared to the version currently installed on the system.23:18
hehehewhy it is useful?23:19
heheheto read what the vulnerability was?23:19
geniiBecause it includes the changelog to know what was modified in the newer version. And if new version doesn't work, you know what older version to revert to.23:20
geniiAnd which mainainer, usually, made the change, etc23:20
hehehecan oki23:21
hehehebrowser23:21
hehehe    Displays an HTML-formatted changelog using a web browser, with hyperlinks for bugs and email addresses. By default, the BROWSER environment variable will be used.23:21
hehehebut how it secure access to it? and I dont want to install any webservers23:21
hehehecan it simply output to a custom log? :D23:21
hehehemaybe Dumps output to stdout, with no pauses.23:22
hehehetext23:22
geniiI just have it email. If you want o set it up some other way you'll need to consult someone else23:23
hehehewhat is pager?23:23
sarnoldmore, less, etc23:23
geniisystem page is like the apps "less" ans "more"23:23
geniipage/pager23:23
geniiIf you specify some program for the pager that is a custom script you write, it will use that23:24
hehehesarnold: any idea how to write apt-listchanges to a custom log file?23:24
sarnoldI don't know, I don' use it myself23:25
hehehedump to stdout? where would that file be?23:25
hehehethen I can cat it :D23:25
hehehewell one way is to email author and ask lol23:28
hehehe:)23:28
sarnold.. or read the manpage23:28
heheheI read it23:29
heheheit does not say how to log into file23:29
geniiMaybe experiment with a pager replacement like: tee -a /someplace/somelogfile23:35
heheheI am off to next task :)23:43
heheheI think later it can be done23:43

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!