| Aztec03 | Hey who runs this chan/who's got ops | 01:55 |
|---|---|---|
| Aztec03 | I'm getting spam from shannarawn on join | 01:55 |
| Aztec03 | not too keen on it | 01:55 |
| compdoc | damn bots | 01:55 |
| Aztec03 | they advertising efnet, too | 01:56 |
| Aztec03 | oh it's l0des minions... -_- | 01:56 |
| dpb1 | go into #freenode and ask | 02:25 |
| lobubak | â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 jmrus: techmagus â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â– | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 noezdwqxx: ubot9 ▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 jkwxwav: tec__ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 tbcqdno: ptx0 ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 zjzjdoprv: lamont ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 xarkgjil: beardfac1 ▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| lobubak | â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 afrpawltu: inteus â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 ccupf: micahg ▄▄▄▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 loxxokmp: Nebraskka ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 tscioddb: ShellcatZero ▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 yvhbolqy: robher ▄▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 tymxq: bvi ▄▄▄▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 dxytlom: lionel ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 aytbjlswz: alai ▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| lobubak | â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 jqrdymc: Arkaniad â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 swyrojf: shodan45 ▄▄▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| lobubak | â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 qegdhejdnl: thib â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â–„â– | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 gepcsbw: Blueking ▄▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 nqrlyi: eldritch ▄▄▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 ogcsc: jlacroix ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 uxkkkfcmlk: semiosis ▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 eoszozfv: ubuntulog ▄▄▄▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| lobubak | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666 vsekghg: niedbalski ▄▄▄▄▄▄▄▄▄▄ | 03:09 |
| === devil is now known as Guest51262 | ||
| === awef is now known as awef_ | ||
| awef_ | just been trying out 18.04 before release - I'm finding that even after installing python3-setuptools, easy_install3 command is missing. Am I doing something silly? | 09:16 |
| awef_ | just thought i'd check in here before i filed a bug | 09:16 |
| awef_ | e.g.: | 09:18 |
| awef_ | ~$ easy_install3 Command 'easy_install3' not found, but can be installed with: sudo apt install python3-setuptools | 09:18 |
| awef_ | $ sudo apt install python3-setuptools Reading package lists... Done Building dependency tree Reading state information... Done python3-setuptools is already the newest version (39.0.1-2). | 09:18 |
| awef_ | oh interesting i just worked it out | 09:20 |
| awef_ | in the changelog for the package: | 09:20 |
| awef_ | Stop shipping the easy_install scripts. | 09:20 |
| awef_ | guess there's some other things that are gonna need updating given they refer to it still | 09:20 |
| Sircle | Hi | 12:43 |
| Sircle | Is there a way to monitor which .php file or function is trying to make outbound connections to other web sites? | 12:44 |
| blackflow | Sircle: I don't know of a direct method, but you could block outbound connections at the firewall/apparmor/systemd service level, and then see if anything is logged as error trying to establish a conn | 12:49 |
| Sircle | legit things might break? | 12:56 |
| Sircle | oh I got your piont now | 12:57 |
| blackflow | If you have a mixed use case, might be wise to separate them into their own functional domains, eg. a fpm process where outbound connections are allowed, and fpm process(es) where it isn't. (I'm assuming you're using fpm). However, a compromised process that's allowed outbound connections could still do stuff. In that case, if you have a limited set of outbound connections to known destinations, | 13:00 |
| blackflow | some kind of reverse proxy or firewall rules would mitigate that. | 13:00 |
| Sircle | blackflow, ok. I do not know whats fpm | 13:15 |
| Sircle | are you saying to isolate each website by some chroot kind of thing? | 13:16 |
| blackflow | fpm = php-fpm, the PHP fastcgi process manager | 13:18 |
| blackflow | chroot is filesystem access. I'm talking about containerization, either through things like lxd, docker, or using systemd's service-level containment features, or different apparmor profiles. | 13:18 |
| blackflow | but really that all depends on the actual use case. what exactly do you want to block or allow. | 13:19 |
| === devil is now known as Guest8033 | ||
| === Guest8033 is now known as devil_ | ||
| === devil_ is now known as devil__ | ||
| === devil__ is now known as devil_ | ||
| Sircle | black if I block outbount port 80, will it disturb my website inbound connections? | 13:24 |
| Sircle | blackflow, whats the best way to isolate each website and monitor it? | 13:25 |
| Sircle | its also strange that there is no way to findout which function is doing what. I will try to block outbound and see for any errors as you said. | 13:26 |
| blackflow | Sircle: not if you block outbound to port 80 with SYN flag on only. inbound won't be affected if you have a rule allowing established,connected before the outbound block. | 13:27 |
| blackflow | Sircle: also, should limit the blocking rule to UID of the PHP process, to allow eg. root normal network access | 13:28 |
| blackflow | Sircle: to find out what specific functions do, you could eg strace the php process, but that won't tell you which _PHP_ function did it, only the syscall. but with some analysis, might be possible to correlate activity. | 13:29 |
| blackflow | then again I don't know if PHP specifc tracers exist. probably do, part of profiling tools or something, but I don't have any experience with those | 13:29 |
| blackflow | Sircle: but eh, again, what's the exact use case. You want to block access to port 80, but what about other ports? 25 is most often abused. Why not block everything? | 13:31 |
| blackflow | or in other words, whitelist rahter than blacklist. | 13:31 |
| blackflow | Sircle: "whats the best way to isolate each website and monitor it?" We do it by running one fpm service per site, so each site is a systemd service with own containment, own cgroup, and potentially own apparmor profile though atm we're building a single apparmor profile for them all, because the differences are configurable with the "owner" keyword. | 13:36 |
| blackflow | alternatively, dockerize each site, but that's a bit more complicated. systemd containment + apparmor is nice, assuming you don't need to vary system packages between sites. | 13:36 |
| Sircle | hm brb | 13:38 |
| Sircle | just want each site cannot reach other sites via normal php functions to 'ls' or 'cd' etc | 13:54 |
| Sircle | also, whats the iptables command that relates to the first lines you wrote? | 13:55 |
| Sircle | <blackflow> Sircle: not if you block outbound to port 80 with SYN flag on only. inbound won't be affected if you have a rule allowing established,connected before the outbound block. | 13:55 |
| Sircle | Sircle: also, should limit the blocking rule to UID of the PHP process, to allow eg. root normal network access | 13:55 |
| Sircle | < | 13:55 |
| blackflow | Sircle: I can't give you exact iptables rule because that depends on your entire setup. Look into -m owner iptables module documentation in iptables-extensions(8) manpage. | 13:57 |
| blackflow | Also, you're asking about different things here. Having one site access other site's files via ls or cd has nothing to do with networking. That's filesystem access, most easily accomplished by running different sites as different users, and setting proper filesystem permissions on their files. | 13:58 |
| blackflow | For example, if you have /home/site1/ and /home/site2/ as homedirs for users of the same name, then configure two fpm pools, one per site, running under appropriate user, and set only owner+group access to homedirs. eg. chmod 750 /home/sites1. This will require you to have the webserver, eg. nginx, belong to those groups in order to access the static files in the homedirs. | 14:01 |
| Sircle | hm. I though apache was the sole owner | 14:51 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!