
hehehegenii do you use ossec?00:21
hehehemany tutorials suggest to run it as root00:21
hehehethere is some workaround but I wonder if it worth to change it so it runs under local user00:22
hehehesarnold: is there any issue with installing ossec from a root dir on an ossec server00:56
heheheI dont see any00:56
hehehesince it runs as root it does not matter where its located00:57
hehehealso while I am in ssh session I changed firewall to block custom ssh port yet my session did not ds01:32
heheheso it applies to new sessions only?01:32
heheheseems so01:58
macoI've got a VPS running 16.04, and today I installed updates (probably first time in 2 months) and rebooted. Now I'm repeatedly getting system hangs with "task blocked for more than 120 seconds" — is this an issue with recent updates? (Or a coincidence?)04:52
eatingthenightnot an issue with recent updates04:54
macoAlright, thanks. More log digging says it started 2 hours ago and happens at 15 & 35 past the hour. Weird.05:02
eatingthenightthat is strange05:02
eatingthenightis that the message in syslog?05:02
macoWhich task is blocked semi-alternates between jdb2/vda1-8 and mysqld05:03
macoBut I grepped that "120 seconds" in syslog05:03
eatingthenightdid you have an increase in traffic refently?05:04
macoI added another site to my WordPress multisite install about 30 hours ago. Only one person knows about it though, so I doubt that's it. Most popular site on the server has higher traffic than this regularly (podcast episode every other week--this is an "off" week)05:06
macoI mean unless the sheer existence of that new site is the issue? But it was fine for 28 hours...05:07
eatingthenightis this hosted on aws?05:08
macoCron hourly is 17 minutes after the hour not 1505:08
macoNo, it's Dreamhost's openstack setup05:08
eatingthenighthave you tried tuning kernel params at all yet?05:10
macoI forgot that phrase even existed05:13
eatingthenightoverall it's going to be real hard to debug that without more info as it's just general system tuning that is specific to your workload and environment. Stack overflow should be able to point you in the right direction for how to start narrowing it down.05:14
macoOk here's something05:15
macoI see app armor denies for mysqld right before the first time it happens05:15
macoOh never mind. That's the last thing in the logs before it, but a half hour passes05:17
macoUgh. Ok so I see stuff in openstack help about this being caused by storage problems after rebooting05:19
macoRebooting a VM shouldn't cause storage issues05:19
macoPossible solution found. If it works, I'll post the link here to satisfy any curiosity you may have eatingthenight05:23
lordievaderGood morning06:23
nisargjhaveriI'm trying to setup ldap authentication on Ubuntu server 16.04, using `nss-pam-ldapd`09:36
nisargjhaveriI think the ldap auth part works, but when I try to login, auth.log says "fatal: initgroups: username: Invalid argument"09:36
nisargjhaveriIf I set map gidNumber to 100, auth.log says "fatal: seteuid userID: Invalid argument"09:36
nisargjhaveriI recently setup another server using `libpam-ldap`, I didn't encounter any similar errors there..09:37
nisargjhaveriAny ideas?09:37
Pascal__hi i haven an problem with apache ... i want to create an subdomain but my subdomain redirects serverside to my domain. subd.server.my.domain.com => server.my.domain.com any idea?12:14
lordievaderHow does your configuration look like?12:26
lordievaderDo both addresses resolve to the same ip address?12:31
lordievaderElse you need to add the (sub)domain as server name.12:32
Pascal__same ip12:32
Pascal__but when i type essen.vm-doku.my.domain.de ist shows the index of /var/www and not of /var/www_212:38
lordievaderAnd that is with the servername setting?12:48
lordievaderPascal__: What does `sudo apache2ctl -S` return?12:50
lordievaderBoth vhosts are names localhost. Hence apache cannot distinguish them.12:53
lordievaderHave you set the servername correctly?12:53
Pascal__this is my /etc/hosts : essen.vm-doku12:58
lordievaderPascal__: That is not what I asked for. What ServerName is set in the apache config of the websites?12:59
Pascal__for essen.vm-doku.my.domain.de is essen.vm-doku and for vm-doku.my.domain.de is vm-doku13:00
lordievaderCould you show me your config again?13:01
lordievaderThe ServerName needs to be a fqdn.13:03
Pascal__ive set that with fqdn ... now it says at essen.vm-doku.my.domain.de ... DNS-Name not found13:05
lordievaderIs it a valid fqdn?13:06
Pascal__i think so, our (windows)-Dns has both forward-addresses13:07
lordievaderCan you resolve it?13:07
Pascal__now, after reboot of the DNS-Server, yes but now i also become the index of /var/www at essen.vm-doku13:11
lordievaderCould you paste the output of `sudo apache2ctl -S` again?13:12
lordievaderBoth do use a different config, 000-default.conf for vm-doku and essen.conf for essen.vm-doku ;)13:16
Pascal__yup i've pasted it together to reduce spam13:17
lordievaderIf you look in the access logs, do they reflect the right thing? I.e. when going to essen it is logged to access_essen.log?13:19
Pascal__but i've found the problem it was the <VirtualHost fqdn:80> after i changed that to <VirtualHost *:80> it works fine13:20
Pascal__but also thanks for your help :)13:20
lordievaderNice, good to hear :)13:21
vimartis ubuntu server 16.04 ready to run php,python  CGI?13:46
lordievadervimart: What do you mean exactly?13:49
vimartlordievader: to run simply scripts in php or python?13:50
vimartFor example I'd like to have contact form on www13:52
lordievadervimart: If you install the necessary stuff, sure.14:01
vimartlordievader: I've noticed that PHP probably is comming with ubuntu server but I don't see python, what should I install to run python? cgi?15:40
lordievaderPython (2.7) is installed by default.15:41
nacclordievader: PHP is not installed by default either15:43
nacclordievader: sorry, vimart --^15:43
naccvimart: but python is15:43
lordievaderHence the 'if you install the necessary stuff' ;)15:44
nacclordievader: yep, i meant in relation to vimart's last comment15:45
lordievaderYes, indeed.15:46
jonahhi, any friendly folks around that could please help. my server is taking a beating from a spammer/ddos. Not sure how to get things straight if anyone would be kind enough to lend a hand please?15:55
tomreynjonah: still looking for help?17:08
tomreynlooks like both your hosting company website and its blog are online so i guess that's no longer an issue.17:18
jonahtomreyn: hey thanks, sorry i got a bit tied up there17:37
tomreyni can imagine17:37
jonahtomreyn: it seems to have all come from backscatter, but on a large scale with clamscan going nuts scanning tens of thousands of email bounce backs coming in17:38
sarnoldnacc: any suggestions for 1703752 ?18:08
tomreyni see, so it was / is your mail server that was being overwhelmed. that's luckily a lot easier to fix than a web based ddos18:08
sarnoldyeah if nothing else, "just turn it off" isn't a bad start18:09
naccsarnold: looking18:09
naccsarnold: i'll pick it up -- there seem to be a few bugs here18:12
sarnoldnacc: thanks; normally I'm content to say "yeah bad php can use trusty" but if it's something we shipped anyway, it'd be nice to at least warn folks if it won't work. or something. :/18:13
naccsarnold: yeah, we have done some fixes and iirc, i think my cursory usage did work18:14
naccsarnold: so this is probably something > cursory18:14
sarnoldsomehow I'm not surprised roman would hit a 'logout' button that you might not :) hehe18:14
naccsarnold: yeah18:18
naccsarnold: i was more concerned with "does the UI display"18:18
sarnold"doesn't seem badly misfunctional"18:18
naccsarnold: yeah -- which it admittedly was, at first18:19
hehehedoes it work?20:07
heheheor whats your setup for ubuntu 16.04 nginx and mod security20:07
ahasenacknacc: an opinion here, please20:38
ahasenacknacc: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1531622/ is it worth fixing for 16.04, since it's just a config change?20:38
ubottuLaunchpad bug 1531622 in rsyslog (Ubuntu) "default config still using a legacy keyword: KLogPermitNonKernelFacility" [Medium,Fix released]20:38
ahasenackit's quite probable that dpkg will prompt about a config file change during the upgrade, so just installing the update won't fix it in all cases20:39
ahasenackbut looks like people want it20:40
ahasenackgot a duplicate bug even, for 16.0420:40
naccahasenack: i think it is probably worth pursuing -- not sure i follow the 'won't file in all cases' comment?20:46
ahasenacknacc: sorry, I dropped just after mentioning the duplicate bug, where is that comment?20:47
ahasenacknacc: that being said, the new option doesn't work :P (upstream bug)20:48
ahasenackthe error was silenced, but the kernel messages also :P20:48
naccahasenack: your comemnt itself earlier: "... so just installing the update..."20:50
ahasenacknacc: I mean if the user made an unrelated change to rsyslog.conf, installing the update won't fix the broken config option20:51
ahasenackdpkg will prompt the user, saying the config file changed, and ask for help, right?20:51
ahasenackkeep, overwrite, diff, etc20:51
ahasenackor are we expected to detect this in postinst somehow and fix it for the user?20:52
naccahasenack: it feels like something we should detect if it was a valid config before and now is not20:52
naccahasenack: is that the case here?20:52
ahasenacknacc: no, we introduced a bug when we changed how the klog module is loaded20:53
ahasenackwe should also have changed how its options are set20:53
ahasenackwhat we have currently in xenial is a mix: new style loading, old style option setting20:53
ahasenackthat's the bug20:53
ahasenackthis was fixed in yakkety: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1531622/20:54
ubottuLaunchpad bug 1531622 in rsyslog (Ubuntu) "default config still using a legacy keyword: KLogPermitNonKernelFacility" [Medium,Fix released]20:54
ahasenackyakkety+ is fine (except for the upstream part: https://github.com/rsyslog/rsyslog/issues/477)20:55
naccahasenack: ok21:00
naccahasenack: sorry, i'm kind of deep in some git-ubuntu stuff. Your judgment seems reasonble to me21:00
ahasenackI'm just wondering if a config file change is worth for an SRU, given that the user might very likely be prompted to edit the file anyway during the upgrade21:00
ahasenackor maybe that's not so likely21:00
naccahasenack: it might be worth an e-mail to ubuntu-devel-discuss if you can't decide (or ubuntu-devel)21:01
ahasenackit would fix new installs at least21:02
trippehhum. acpid dropped /etc/acpi/events/powerbtn in artful because "since the script is a no-op when systemd-logind is running and systemd-logind is now *always* running". this is not true as dbus is required by logind but dbus is not yet mandatory.22:01
trippehCondition: start condition failed at Wed 2017-07-12 17:47:47 CEST; 6h ago22:02
trippeh           └─ ConditionPathExists=/lib/systemd/system/dbus.service was not met22:02
braziercustomsFirst time I've been back to this snap install conjure-up --edge and every time I run conjure-up.lxc list I get different results showing different status for all. Sometimes have up sometimes not...22:02
naccstokachu: --^22:03
sarnoldtrippeh: how'd you get a system without dbus? I thoguht that was basically mandatory in order to use systemd for init22:03
trippehsarnold: these images are built using debootstrap, very similar to ubuntu base or whatever it is called nowadays22:04
trippehmost of systemd works fine without dbus22:04
stokachubraziercustoms: I bet if you run journalctl -f you'll see snap services restarting..22:04
stokachuI'm not sure why that happens though22:04
trippehI may just give in and start adding dbus, even if I'm not stoked about the attack surface ;)22:05
sarnoldtrippeh: aha22:06
braziercustoms:/  looks like it is22:06
trippehthen again if someone gets access to these vms in a manner that gives access to dbus it is usually game over anyway22:08
* trippeh scratches beard22:08
braziercustomsStokatchu it is :/   how is this setup started?22:09
stokachuThere are snap services in /etc/systemd22:10
braziercustomsStokachu how many?22:11
trippeh(I also realize using debootstrap means I'm mostly on my own :p)22:13
trippehoh well *adds the powerbtn stuff back using ansible*22:14
trippehit is just some config files after all22:15
braziercustomsStokatchu I'm sure you are familiar with the errors. But I got "Not restarting into /snap/core/current/usr/snap/bin/snap" older than error.. flooding22:17
braziercustomsAnd kernel audit about apparmor profile does not exist for neutron agents. Why didn't it do this after first reboot?22:26
trippehsarnold: even networkd works without dbus ;)22:27
sarnoldtrippeh: ha :D22:27
braziercustomsStokatchu I can't proof of concept on the "proof of concept version" :D22:53
braziercustomsStokatchu it stabilizes? It seems to have stopped... how can I follow this issue?23:08

