[05:28] <cpaelzer> rbasak: gah yeah - all was fine except when opening the MP on LP enterd the wrong traget
[05:29] <cpaelzer> rbasak: thanks for making me aware
[08:22] <jonah> Hi my csf/lfd firewall keeps giving UUIDD warnings about excessive usage. I thought I'd best check if it's safe to whitelist "/usr/sbin/uuidd --socket-activation" ?
[14:51] <rbasak> ahasenack: I'm thinking about MP vs. upload tag workflow. Can you tell me what you can change the MP Status field to in https://code.launchpad.net/~ahasenack/ubuntu/+source/libapache2-mod-auth-pgsql/+git/libapache2-mod-auth-pgsql/+merge/326173 please?
[14:52] <ahasenack> sure
[14:52] <ahasenack> rbasak: work in progress, needs review, merged
[14:52] <rbasak> Thanks. I also have Approved and Rejected.
[14:52] <rbasak> I think that's because I'm in ~usd-import-team and that's the merge target.
[14:57] <ahasenack> yep
[17:49] <hosas> how do I delete virtual network interfaces
[17:50] <sarnold> try ip link delete?
[17:50] <hosas> ip link delete  vboxnet23 is returning "RTNETLINK answers: Operation not supported"
[17:50] <hosas> sarnold: I did but I'm getting "RTNETLINK answers: Operation not supported"
[17:51] <hosas> by the way I'm using Ubuntu 16.04
[17:51] <teward> hosas: you may want to go into the virtualbox network editor and remove the interface.
[17:51] <teward> if you're on a GUI that is
[17:51] <teward> if not, then you'll have to probably just *remove* virtualbox.  (It's not real useful on servers anyways, afaict)
[17:51] <sarnold> hosas: interesting. does vbox provide nic-specific kernel modules that you could unload? or does it lump together all its virtio devices into one module?
[17:52] <hosas> sarnold: that's a complex question for me- I have no Idea what you're saying lol
[17:53] <sarnold> hosas: hehe, okay; try 'lsmod' on the guest and see if there's a huge pile of vbox* module names or just one or two
[17:53] <gheorghe_> hosas did you try removing them from etc network interfaces?
[17:53] <sarnold> if something looks like vbox-virtio-nic or gives the strong impression that it just does NICs, try rmmod the thing :) -- noting of course that if you're ssh'd into the vm, you migh lose control over the vm
[17:53] <hosas> gheorghe_:  let me try but I don't think it work
[17:54] <teward> sarnold: `vboxdrv` = `vboxnetadp,vboxnetflt,vboxpci` = individual lsmod items.
[17:54] <gheorghe_> hosas if you reboot .... :D
[17:54] <teward> on 16.04 host.
[17:54] <teward> gheorghe_: vboxnet nics aren't populated in /etc/network/interfaces I believe.
[17:54] <teward> they're usually part of their own drivers/services
[17:54] <hosas> the actually issue is this: when I ran iwconfig I get a lot virtual network that I'm not using
[17:54] <teward> like VMware's are.
[17:55] <hosas> le t me try it and give you feedback
[17:56] <axisys> what is good p2v software to convert a physical to VMware VM ? vcenter convertion is failing since they are in different network. So if I could run it locally and take the image over, not sure if possible
[17:56] <gheorghe_> hosas, teward: sorry i didn't notice you use vboxnet. why not KVM ?
[17:59] <hosas> gheorghe_:  reboot didn't work. But the let try carefully state the main issue
[18:01] <hosas> after updating from 14.04 to 16.04 about  a month ago I immediately noticed that my network-manager is show alot of: Ethernet Network () device not managed
[18:01] <hosas> but my internet works
[18:02] <hosas> so I started googling to find a way out and the closet answer I got on the net was: someone blame it on Docker
[18:02] <hosas> the solution given never worked for me
[18:04] <hosas> someone suggested to state the issue here might get help
[18:05] <hosas> gui network operation manager for virtualbox is not helpful either
[18:08] <hosas> sarnold: perhaps you tell me how to use  ip link delete properly (with an example). Thanks
[18:10] <sarnold> hosas: I think I figured you're solving a different problem than I expected
[18:11] <sarnold> hosas: I thoguht you wanted to isolate a specific VM from the network but I've now come around to thinking that you're trying to remove NICs from the vm host, not vm guests, and that'll probably just break your VMs
[18:11] <hosas> sarnold: yes. But I think  ip link delete suppose to help-according to the man page
[18:13] <hosas> sarnold: let me show an iwconfig
[18:13] <sarnold> if you actually use and care about vms on this thing you should probably just leave well enough alone
[18:14] <hosas> sarnold: please look at this http://paste.ubuntu.com/25069732/
[18:14] <sarnold> 36mb ooof
[18:16] <hosas> sarnold: sorry that was wrong look at this instead http://paste.ubuntu.com/25069737/
[18:16] <hosas>  
[18:19] <hosas> sarnold: as you can see I have a lot of useless vboxnetxx just laying there: the problem is the are showing up on my gui network manager as: Ethernet Network ( ) device not managed
[18:20] <hosas> it's annoying when you have 20 of them
[18:21] <hosas> I really don't care if break a vm- I hate scrolling down just to access my network interface
[18:22] <sarnold> then uninstall virtualbox and be rid of them all? :)
[18:24] <hosas> hahahaha
[18:24] <hosas> that didn't work either
[18:24] <hosas> but I did only twice
[18:28] <hosas> sarnold: thanks for your time and the other 'guys' that help
[18:29] <sarnold> hosas: removing vbox didn't work? how did you uninstall it?
[18:48] <teward> gheorghe_: I use vmnet for VMware.  KVM is a pain to bridge things.  Though in 99% of cases stuff is for me already containerized in LXC/LXD.  Except my MacOS VM, that's in VMware.  (Free VMware Workstation 12 license through school, why not :P)
[18:51] <hehehe> folks
[18:51] <hehehe> vult allows to issue vps stop via api
[18:51] <hehehe> can be used with ossec to stop it in case of someone copying db?
[18:52] <hehehe> if its real time monitoring they would not be able to get it out from the server perhaps
[18:52] <hehehe> depends on how fast vultr kvm stop works
[18:53] <hehehe> teward: also from time public vuln is published what it takes time wise for it to be added to ubuntu sec updates?
[18:53] <nacc> hehehe: if someone is able to read your database to copy data out of it, then you're already compromised
[18:53] <hehehe> nacc: they wont be able to get it out
[18:53] <teward> hehehe: i'm a little confused by why you're highlighting me?
[18:53] <nacc> hehehe: well, not compromised, but i don't undestand what security problem you think you're solving
[18:53] <hehehe> teward: I was thinking you are the dude who maintains sec updates
[18:54] <nacc> hehehe: shouldn't you be asking vult?
[18:54] <hehehe> nope?
[18:54] <nacc> hehehe: please get your facts straight.
[18:54] <hehehe> hey there
[18:54] <hehehe> my facts are straight
[18:54] <hehehe> ;)
[18:54] <nacc> no, they are not.
[18:54] <hehehe> and why not
[18:54] <nacc> hehehe: you come in here periodically, it feels like, to troll
[18:54] <hehehe> how do you pull database out?
[18:54] <hehehe> when vm is down?
[18:55] <hehehe> name calling is not best way to talk
[18:55] <hehehe> this is not a creche
[18:55] <hehehe> whats the weakness in the idea?
[18:55] <hosas> sarnold: this is embarrassing  :)- it worked...let me try installing it again and if it comes back-doubt it would
[18:56] <hehehe> teward: am I wrong to think you are guy dealing with ubuntu security updates? :)
[18:56] <hehehe> if yes sorry
[18:56] <nacc> hehehe: you are wrong
[18:56] <sarnold> hosas: those nics probably will return
[18:57] <nacc> hehehe: no one person deals with all security updates
[18:57] <hehehe> nacc oki but teward is one of them
[18:57] <hehehe> ? :)
[18:57] <nacc> hehehe: the security team deals with security updates
[18:57] <hehehe> well if you dont want to talk
[18:57] <hehehe> :)
[18:57] <hosas> sarnold: they better not
[18:59] <nacc> hehehe: i don't understand why? i'm the only one *not* ignoring you at this point.
[18:59] <hehehe> why what
[19:00] <hehehe> why u dont want to talk?
[19:00] <hehehe> I dont know
[19:00] <hehehe> and yes how fast ubuntu security is updates?
[19:00] <hehehe> maybe a website to check
[19:00] <nacc> hehehe: nm. I don't understand why you think I don't "want" to talk. I am the only one responding to you, because (i expect) most people are ignoring you.
[19:01] <hehehe> lol dude people are busy
[19:01] <nacc> hehehe: https://usn.ubuntu.com/
[19:01] <hehehe> its not like everyone sits here and reads chat
[19:02] <Ussat> hehehe, its updated as it gets done, its a FREE service, if you want gaurentees, feel free to pay for #rhel
[19:02] <hehehe> yes that is clear now
[19:03] <hehehe> ty for the link
[19:03] <sarnold> or ubuntu advantage, though that wouldn't actually get you security updates faster :) heh
[19:03] <hehehe> eee
[19:04] <hehehe> sarnold: I think best  then simply check cve db daily and apply
[19:04] <hehehe> :)
[19:04] <sarnold> just install unattended-upgrades on your guinea-pig machine
[19:04] <hehehe> yes I have done it
[19:04] <hehehe> :)
[19:05] <Ussat> if your worried about having to apply sec updates daily, well, bigger issues
[19:05] <Ussat> I patch monthly
[19:05] <Ussat> unless a VERY good reason
[19:05] <hehehe> i prefer ideally as soon as public exploit is out
[19:05] <hehehe> why wait :)
[19:05] <Ussat> because, none of my systems are open to the net
[19:06] <hehehe> oki
[19:06] <hehehe> sarnold: what you think about vps lock down upon unauthorised access?
[19:07] <hehehe> then simply change a record to machine with nginx and html undermaintenance and quickly patch
[19:07] <sarnold> hehehe: why not just configure your security groups to enforce what you want enforced?
[19:07] <hehehe> which security groups?
[19:07] <Ussat> this conversation sounds vaguely familiar
[19:08] <hehehe> anyways going to do something :)
[19:10] <sarnold> hehehe: 'security groups' is aws terminology for provider-supplied firewalling. you open up specific ports / ip ranges in their networking layer for your systems to communicate with. it's a lot like a firewall that the system itself can't manage.
[19:11] <hehehe> i done that
[19:11] <hehehe> however if someone managed to escalate to root, you cant block 80 and 443 ports
[19:12] <hehehe> they will simply put sql backup in www and download
[19:12] <Ussat> if someone manages to esc to root, youre already boned
[19:12] <hehehe> nope
[19:12] <hehehe> re read what been said
[19:12] <hehehe> vultr allows vps shutdown via api
[19:12] <Ussat> I know what vultr is
[19:13] <hehehe> with a monitoring server that logs sql it may be possible to shut vps fast
[19:13] <hehehe> especially if monitoring server is in private network on vultr too, low latency
[19:14] <hehehe> or attacker sql export and wget will be faster?
[19:16] <jonah> hey I've set up some ssh rsa keys and they work great. but I enabled the password protection thinking that a password would only be prompted for once initially. however I'm asked every time I connect. I've tried doing the ssh-add command which works but then when I close and reopen a terminal I'm asked again for the password each time. also after a reboot I'm asked each connection. Does anyone know how to just be asked for the
[19:16] <jonah> password once, after a reboot etc of course asked again but not then for every connection...?
[19:17] <nacc> jonah: you want to look into setting up an ssh-agent
[19:17] <nacc> jonah: i believe -- if you're on a desktop, there are some builtin to gnome, etc.
[19:19] <ahasenack> is there a known bad interaction between ntpd and something from systemd? Does systemd have its own ntp(d) service?
[19:19] <jonah> nacc: thanks - well i wanted to just use the command line ssh-agent and use ssh-add but it doesn't seem to stick...
[19:20] <sarnold> ahasenack: yes, systemd-timesyncd
[19:21] <ahasenack> sarnold: is that inside the systemd package, or a separate one?
[19:21]  * ahasenack searches
[19:21] <sarnold> jonah: the trick is you've got to get the agent started and environment variables populated correctly
[19:21] <nacc> jonah: iirc, ssh-agent, when run, dumps out a bunch of env variables
[19:21] <nacc> jonah: you need to actually issue those to use the agent
[19:21] <sarnold> jonah: if you're starting the agent after you've started an X11 session it's probably been started too late
[19:21] <ahasenack> ● systemd-timesyncd.service - Network Time Synchronization
[19:21] <ahasenack> ok
[19:22] <nacc> sarnold: good point
[19:22] <sarnold> because you need to get those env variables to all child processes for terminals and the like
[19:23] <sarnold> a dozen years ago I used a tool called 'keychain' to try make it more managable, but I haven't found a need for it on ubuntu
[19:23] <jonah> sarnold: ah ok, so is there a method i can follow for this? like do i just add the ssh-add command in front with && of my ssh command, so the initial connection then asks for the password but future ones don't from that session?
[19:25] <sarnold> jonah: I'd say troubleshoot the basics first; start a new terminal and immediately env | grep SSH to make sure you've got a SSH_AUTH_SOCK variable, that the socket exists, permissions look right, etc
[19:30] <ahasenack> jonah: what's your desktop? This should be working out-of-the-box without having to run ssh-add
[19:30] <ahasenack> or is this a server?
[19:30] <ahasenack> (I saw X11 being mentioned, hence my question)
[19:31] <jonah> ahasenack: sorry yes server
[19:32] <gheorghe_> i had an aswer for honas and he left lol
[19:32] <ahasenack> jonah: and you have a private encrypted ssh key on that server, and you want to ssh from there to somewhere else
[19:34] <sarnold> gheorghe_: oh?
[19:39] <gheorghe_> oh wat?
[19:40] <sarnold> I'm curious what your answer was going to be :)
[20:11] <lunaphyte> hi.  i also have just asked this in ##linux, so feel free to admonish me for cross posting - given this:  http://dpaste.com/1A9WWH8 - i'm wondering where scsi0 and scsi1 are?
[20:14] <lunaphyte> aha - host0: ata_piix and host1: ata_piix
[20:15] <lunaphyte> it seems like it would be nice if that was a little bit more readily reflect in the output of things like lsscsi
[20:15] <lunaphyte> hmm, maybe there's an option to say show all even unused
[20:17] <lunaphyte> yes, lsscsi -H
[20:53] <hehehe> after changing hostname which service I restart for changes to take place?
[20:56] <hehehe> or reboot is must?
[20:59] <qman__> it used to just be an init script called hostname
[20:59] <qman__> but I'm not sure with current versions
[21:00] <tarpman> hostnamectl(1) ?
[21:00] <hehehe> Failed to restart hostname.service: Unit hostname.service is masked.
[21:01] <hehehe> oki this may work sudo hostnamectl set-hostname new-name
[21:03] <hehehe> teo thanks tarpman
[21:03] <hehehe> yep
[21:48] <hehehe> sudo dpkg-reconfigure --priority=low unattended-upgrades  - what does priority low do?
[21:49] <genii> asks more config questions
[21:49] <hehehe> genii: hmm how come?
[21:49] <hehehe> and if I set priority=high?
[21:50] <genii> Then it only asks questions it can't just set reasonable defaults for
[21:51] <hehehe> ok low priority questions
[21:51] <hehehe> ty
[21:51] <genii> Yep
[21:53] <hehehe> and when it says origin Debian its normal for Ubuntu 16.04?
[21:53] <hehehe> it did work already on 1 box I just wonder why it use Debian cause it Debian based?
[21:54] <genii> Yes, because upstream is Debian
[22:47] <hehehe> the package update unattended how often does it checks for updates?
[22:57] <drab> hehehe: read the man page and check its config
[23:00] <genii> hehehe: Default is each boot, or each shutdown if you switch it to that in /etc/apt/apt.conf.d/50unattended-upgrades. If you want to specify a certain number of days, set APT::Periodic::Unattended-Upgrade=X where X is how many days. You can do this with creating  /etc/apt/apt.conf.d/02periodic and putting it in there.
[23:00] <genii> 0 for value there is to disable unattended upgrades
[23:01] <hehehe> genii: how come its not in the updgrade-unatended manual?
[23:01] <hehehe> yes  I did modify 50... file to enable updates with reboot and update time now
[23:02] <hehehe> genii:  it there any point to run it hourly?
[23:03] <tarpman> hehehe: no. there's little point to updating more than about once a day; all that does is generate more load on the servers
[23:06] <genii> hehehe: https://wiki.debian.org/UnattendedUpgrades
[23:08] <genii> hehehe: I recommend to install apt-listchanges also, as described there. You don't have to use it with system pager, I have mine just email me offsite
[23:09] <hehehe> what is apt-listchanges for?
[23:09] <genii> What it's name suggests
[23:10] <genii> To list changes in your packages
[23:10] <hehehe> and if I create 02periodic will its config work alongside 20auto ?
[23:10] <hehehe> or I must use only one of them?
[23:11] <genii> Either or both, it doesn't matter
[23:13] <hehehe> I checked listchanges conf - it simply emails root when new packages are installed?
[23:13] <genii> It has a bunch of different settings. You can pipe the changes also to system pager, etc. But doing that is a pain. Check it's manpage
[23:14] <genii> Defualt I think is sytem pager and not to email
[23:18] <hehehe> apt-listchanges is a tool to show what has been changed in a new version of a Debian package, as compared to the version currently installed on the system.
[23:19] <hehehe> why it is useful?
[23:19] <hehehe> to read what the vulnerability was?
[23:20] <genii> Because it includes the changelog to know what was modified in the newer version. And if new version doesn't work, you know what older version to revert to.
[23:20] <genii> And which mainainer, usually, made the change, etc
[23:21] <hehehe> can oki
[23:21] <hehehe> browser
[23:21] <hehehe>     Displays an HTML-formatted changelog using a web browser, with hyperlinks for bugs and email addresses. By default, the BROWSER environment variable will be used.
[23:21] <hehehe> but how it secure access to it? and I dont want to install any webservers
[23:21] <hehehe> can it simply output to a custom log? :D
[23:22] <hehehe> maybe Dumps output to stdout, with no pauses.
[23:22] <hehehe> text
[23:23] <genii> I just have it email. If you want o set it up some other way you'll need to consult someone else
[23:23] <hehehe> what is pager?
[23:23] <sarnold> more, less, etc
[23:23] <genii> system page is like the apps "less" ans "more"
[23:23] <genii> page/pager
[23:24] <genii> If you specify some program for the pager that is a custom script you write, it will use that
[23:24] <hehehe> sarnold: any idea how to write apt-listchanges to a custom log file?
[23:25] <sarnold> I don't know, I don' use it myself
[23:25] <hehehe> dump to stdout? where would that file be?
[23:25] <hehehe> then I can cat it :D
[23:28] <hehehe> well one way is to email author and ask lol
[23:28] <hehehe> :)
[23:28] <sarnold> .. or read the manpage
[23:29] <hehehe> I read it
[23:29] <hehehe> it does not say how to log into file
[23:35] <genii> Maybe experiment with a pager replacement like: tee -a /someplace/somelogfile
[23:43] <hehehe> I am off to next task :)
[23:43] <hehehe> I think later it can be done