[04:50] <vbotka> hehehe, FWIW, https://serverfault.com/questions/702945/rsyslog-local-and-remote-logging
[05:29] <cpaelzer> good monring
[05:30] <cpaelzer> morning even
[09:46] <lordievader> Good morning
[12:51] <soahccc> Hey, could someone with iptable knowledge help me out here and tell me what I am supposed to enter in the last line? I can't quite tell what to put in for the placeholders and I don't want to mess this up. https://unix.stackexchange.com/a/211110
[12:57] <lordievader> soahccc_:  The {{ROUTE_SOURCE}} should be replaced with the NATted network, the interface is the outgoing interface,  and the route target the outside/public ip.
[13:02] <soahccc> lordievader: Thank you :) I was on the wrong track then. But this seems to work. I now have to figure out how to run a process without root :/
[13:03] <lordievader> soahccc_: What do you mean? Running it as a user doesn't do the trick?
[13:03] <soahccc> Well I can't run it as non-root "setting the network namespace "eth0_a_ns" failed: Operation not permitted"
[13:04] <lordievader> It makes sense to make network config root only. You don't want some random user be able to change the entire network config.
[13:04] <soahccc> But I tested it with root and I think this solution doesn't even fix my actual problem. The thing is that I try to get a program running and it works on a different server but on mine it has network problems. I assumed it can't handle multiple IPs on eth0 but I guess I was wrong all along
[13:05] <soahccc> lordievader: yeah makes sense but I just want to use it there no?
[13:05] <lordievader> What it the error of the program?
[13:06] <soahccc> lordievader: it's mono so I guess you will just puke here :D https://gist.github.com/2called-chaos/e8d8f5629cad20c0cc43b989933088d3
[13:06] <soahccc> I have two ubuntu 16.04 and it works on the one with one IP so I just have to assume thats it right?
[13:08] <lordievader> `Error -14 EFAULT bad address in system call argument` doesn't sound like the multiple IPs is the problem.
[13:08] <lordievader> I have no idea what it (probably the kernel) thinks is a bad address though...
[13:09] <soahccc> The program unfortunately doesn't have an bind option (just port). I compiled mono the same way on both systems and they both run on the same kernel (4.4.0-83)
[13:10] <soahccc> So my guess is, it tries to magically detect the IP and it fails when I have secondary addresses. I mean I _could_ try to remove the secondaries for a test but that would kill all my services :D
[13:22] <soahccc> lordievader: okay I tried to ifdown all eth0:* secondaries and it indeed doesn't change a thing. Do you have any other idea? I compared "ip addr show" on both servers and they were the same essentially. The only thing is that I upgraded this one (where it doesn't work) from 12.04 and it's an older installation whereas the other server was recently installed with 16.04. I have no idea what could have broken there
[13:23] <lordievader> Same size of subnet too?
[13:24] <soahccc> Oh actually its /26 vs /27
[13:24] <lordievader> Not that that should matter...
[13:54] <Steve[cloud]> good morning folks
[13:54] <Steve[cloud]> I'm having an issue with a networking bridge, and I'm not seeing much info on the net about it
[13:55] <Steve[cloud]> basically I'm attempting to run a bridge almost like a "hub"
[13:55] <Steve[cloud]> all the traffic from the incoming span port is replicated to all of the veths attached to it
[13:57] <Steve[cloud]> unfortunately, even after setting the ageing on the bridge to 0 (which should turn off mac learning) im still only getting broadcast traffic ont he veth
[13:58] <Steve[cloud]> I know im getting everything on the interface, as running tcpdump on the bridge or the int directly works as expected, but not when sniffing fromt he veth
[13:59] <lordievader> Not sure if the bridge module can be forced to work as a hub...
[13:59] <Steve[cloud]> lordievader: I did get it to initially work
[13:59] <Steve[cloud]> then it just...stopped
[13:59] <Steve[cloud]> no config changes
[14:00] <Steve[cloud]> lordievader: I had followed this: http://ask.xmodulo.com/disable-mac-learning-linux-bridge.html
[14:01] <lordievader> [1] seems to go a bit more in depth. [1] http://www.programering.com/a/MDN4QzNwATk.html
[14:08] <Steve[cloud]> lordievader: yeah the 4 steps mentioned in the beginning is what im trying to accomplish
[14:08] <Steve[cloud]> directionality issues arent a concern as the phys is connected to a mirror on the cisco switch
[14:11] <lordievader> Did you do the xt_TEE steps too>
[14:11] <lordievader> ?
[14:19] <Steve[cloud]> oh man....thats hard to read
[14:32] <zioproto> coreycb: I got the notification to test the stable package for python-cinderclient https://bugs.launchpad.net/python-novaclient/+bug/1559072
[14:33] <zioproto> coreycb: but this Xenial package is for Mitaka if I understand correctly
[14:33] <zioproto> Mitaka I cant really test, because I have eveything in newton
[14:33] <zioproto> Is a Newton package for the Ubuntu Cloud archive for Xenial also going to be released ?
[14:39] <coreycb> zioproto: yes there's a newton package, and thanks for the reminder needs to be promoted to -proposed.
[14:40] <coreycb> jamespage: beisner_ : when you have a sec, can you promote python-cinderclient 1:1.9.0-0ubuntu1~cloud2 to newton-proposed?
[15:05] <jamespage> coreycb: on my list
[15:06] <coreycb> jamespage: thx
[15:17] <jamespage> coreycb: done
[15:18] <coreycb> jamespage: thanks.  zioproto: python-cinderclient that should be available shortly in newton-proposed.
[15:20] <eatingthenight> Quick question, ubuntu 14.04 rsyslog package writes as the user syslog:adm but the logrotate file included with the rsyslog package doesn't set the user properly so after a rotate rsyslog can't write
[15:20] <eatingthenight> I know I can add the create entry... but this seems like a bug in the package or am I missing something?
[15:21] <eatingthenight> i purged and reinstalled the package as well to make sure it wasn't some local change I made in the past that messed up the rsyslog confs
[15:47] <vimart> Hi
[16:39] <zul> coreycb: btw I added a fix to mistral on Friday thought you should be aware of it
[16:39] <zul> jamespage: ^^^
[16:41] <coreycb> zul: ack thanks
[17:48] <ahasenack> does anybody know what this error means or what causes it:
[17:48] <ahasenack> Dpkg: WARNING: Can not find the file name list file for the package update-manager, assuming that the package does not currently have any files installed in the system.
[17:48] <ahasenack> the actual package doesn't matter, this is being said about basically all of them
[17:48] <ahasenack> not my system, it's in a bug report
[18:05] <sarnold> ahasenack: sounds like someone went crazy with rm around /var/lib/dpkg/info/ to try to save space, or their filesystems aren't mounted properly, or btrfs ate their lunch or something
[18:05] <ahasenack> are these the *.list files in there?
[18:06] <sarnold> yeah
[20:17] <DammitJim> so, I have edited my ubuntu servers to NOT automatically do security updates
[20:18] <DammitJim> one of the reasons I did that was because the /boot partition was getting full (sometimes we don't patch a server for  6 months)
[20:18] <DammitJim> should I have a larger /boot partition?
[20:18] <DammitJim> or is it OK to just disable security updates?
[20:18] <tomreyn> DammitJim: you should just reboot occasionally, and, of course, patch
[20:19] <tomreyn> once every 6 months is not enough
[20:19] <tomreyn> daily is sometimes not enough
[20:19] <DammitJim> oh gosh
[20:20] <sarnold> DammitJim: how large is that /boot ? I thought newer systems took care of it well for you
[20:20] <tomreyn> but whether or not you patch and reboot, /boot should not normally store more than 3 kernel images
[20:20] <DammitJim> 236M
[20:20] <genii> DammitJim: Might want to read https://help.ubuntu.com/community/RemoveOldKernels#Configure_Unattended_Upgrades_to_Remove_Unneeded_Kernels_Automatically
[20:20] <tomreyn> doh thats tiny
[20:20] <sarnold> that's kind of tiny but it ought to be able to handle three, right?
[20:21] <DammitJim> oh, it can handle 3
[20:21] <DammitJim> problem is when we don't patch often
[20:21] <DammitJim> and it's just not possible to test everything for the amount of servers we would need to patch every month for example
[20:21] <DammitJim> I don't have those resources
[20:22] <tomreyn> just install patrches automatically and reboot on kernel updates
[20:22] <sarnold> DammitJim: btw https://usn.ubuntu.com/usn/usn-3353-2/
[20:23] <DammitJim> thanks sarnold I'm patching as we speak
[20:23] <DammitJim> and have resources allocated to test
[20:23] <DammitJim> tomreyn, things don't work like that in my company
[20:24] <DammitJim> it takes a LOT of work to get patching done... all apps have to be tested because of bad expriences they've had in the past
[20:24] <tomreyn> that's a pity. security patches don't normally break stuff.
[20:24] <sarnold> while we go to great lengths to test our fixes before releasing them, our tests can't cover everything
[20:24] <DammitJim> that's what said, but can't change that rule at the moment
[20:24] <sarnold> regressions are a fact of life :(
[20:24] <DammitJim> sarnold, agree
[20:26] <DammitJim> I wish I could let the systems just do their thing and walk away...
[20:26] <sarnold> normally the places that want to test updates before installing them have infrastructures in place to do so cheaply
[20:26] <DammitJim> oh, we have virtual labs
[20:27] <DammitJim> and every time a server is tested, the test team has to spend time there
[20:27] <sarnold> with tests that the ycan run on the software important to them, so it might take ten minutes to deploy a new system, then install updates, then run for a few horus or day to make sure the applications still work, then they can roll out across the larger infrastructure
[23:04] <hehehe> sarnold: do u use nginx?
[23:04] <hehehe> I cant compile darn thing with modsecurity - it does not like some flag in compilation
[23:04] <sarnold> hehehe: I do
[23:06] <hehehe> sarnold I am getting erro
[23:06] <hehehe> going to pastebin it
[23:07] <hehehe> https://pastebin.com/H5895e1E
[23:09] <sarnold> hehehe: see if this is the issue https://bugs.launchpad.net/nginx/+bug/1657596
[23:10] <hehehe> yes I read it
[23:11] <hehehe> its fixed in ppa but I compile from scratch
[23:11] <hehehe> so I need to find tomas fix?
[23:18] <hehehe> is there easy way to list default cflags?
[23:25] <hehehe> sarnold: it may well be the issue
[23:25] <hehehe> but how do I tell compiler where those flags are?
[23:27] <sarnold> hehehe: you call make with whatever flags you need
[23:27] <hehehe> yes
[23:28] <hehehe> I just wonder whats up
[23:28] <hehehe> sarnold: are you using nginx stable?
[23:28] <hehehe> and if yes how did you compiled it with modsec?
[23:29] <hehehe> the configure options
[23:29] <hehehe> I did compile it with just modsec module it does work
[23:30] <sarnold> hehehe: 'apt-get install nginx-light"
[23:30] <sarnold> done and done :)
[23:30] <hehehe> eee
[23:30] <hehehe> what is nginx light?
[23:31] <hehehe> sarnold: why light
[23:31] <hehehe> it does not have full blown options
[23:32] <hehehe> and it does not have modsecurity there
[23:32] <hehehe> or does it?
[23:33] <sarnold> hehehe: because after reading the sources in the package I asked teward to make it easy to install only things directly from the nginx crew, and then put -that- package in main, and leave the packages with non-nginx-sources in universe.
[23:33] <hehehe> :)
[23:35] <hehehe> sarnold: well I am not using nginx from ppa Iam compiling it from scratch
[23:35] <hehehe> nginx from ppa does not come with modsecurity as you said
[23:36] <hehehe> so how did you compiled nginx with modsecurity? :)
[23:49] <hehehe> I compiled ubuntu into mac os :) yep just rewrote kernel on weekend
[23:49] <hehehe> as if
[23:49] <Epx998> boss just asked me to build a centos7 unattended, something is afoot
[23:52] <sarnold> Epx998: oh so -now- they want to run latest releases..:)
[23:52] <Epx998> sarnold: for some other team I think
[23:52] <Epx998> netboot failed miserably tho so yeah
[23:57] <hehehe> :)))
[23:57] <hehehe> folks how do you use ossec?
[23:57] <hehehe> some neat active responce rules to be aware of?