/srv/irclogs.ubuntu.com/2018/12/30/#ubuntu-server.txt

AnnoyedGreetings. Server 18.04.1 - How do I completely disable the systemd process that does DNS for this machine? It clobbers /etc/resolv.conf upon reboot.. All I want to do is set the machine's DNS to 127.0.0.1 (Yes, BIND is running on this)00:40
RoyKAnnoyed: iirc that's not systemd, it's resolvconf - configure it00:41
AnnoyedOk... where do you do it? I haven't found a lot of docs on this00:42
Annoyedand there doesn't seem to be a command "resolveconf" installed. Or is that something else?00:43
RoyKis the resolvconf package installed?00:46
AnnoyedNot if it doesn't come with the default install.00:47
RoyKwell, did you check if it's installed?00:47
AnnoyedBut I wouldn't think you would need another package to do this. All I want to do is set the system nameserver to 127.0.0.1. I've got BIND installed, set up, and not only does it resolve my inside network seamlessly, it's also a LOT faster than tbe default DNS on this, which looks to be 127.0.0.5300:50
=== beatzz__ is now known as beatzz
seekrI'm finding myself unable to restore a MySQL database for a Joomla!-based site using the Akeeba backup system.  It complains that it's unable to connect to MySQL (actually, I installed the newer, better and compatible MariaDB package).  I've established that it's not a permissions problem, since I've granted access to the database for www-data, which is the UID under which Apache is running Akeeba (and everything else).  I've granted full20:02
seekrpermissions to that user on the database, so it should be able to create and populate tables.  In fact, I tested that capability via a terminal command (mysql --user=www-data --password=mypass dbname).  Any suggestions?20:02
tomreynfind our how this software connects to databases, and enable it to do so20:05
seekroooo - I just changed the hostname to "localhost" - and got it to work - thanks tomreyn20:06
seekrokay - I'm able to administer the site, but am getting a warning: "We have detected that your server is using PHP 7.0.32-0ubuntu0.16.04.1 which is obsolete and no longer receives official security updates by its developers. The Joomla! Project recommends upgrading your site to PHP 7.1 or later which will receive security updates at least until 2019-12-01."  Is PHP 7.1 compatible with 16LTS?  I'd assume so.  I tried running 18LTS but ran into a20:14
seekrserious problem and had to fall back to the earlier Ubuntu release.20:14
tewardseekr: there's PPAs that provide 'newer' PHP versions20:16
tewardbut you'd have to go hunting to find them, and we don't support them here technically20:17
seekrhmmm, teward20:17
seekrDo you think maybe it's best to just live with the warning?  (I'm probably only going to run the site on this server temporarily.)20:17
tewardseekr: if you're asking my opinion as a security professional, then yes, only so long as this is a 'temporary' server deployment to get things 'ready' for a production environment20:18
tewardif this is going to be used as production even temporarily then i would be wary20:18
tewardbut that's the security opinion of me20:19
tewardthe PHP code that's on 16.04 still gets Security Team updates20:19
tewardregularly20:19
tewardso I'm more inclined to ignore the warning as well because I know the Sec Team is on top of PHP security vulns20:19
seekrteward: well, it kinda is going to be a production site for some indeterminate amount of time (I had problems with the server on which the site was running)20:19
tewardseekr: then it's up to you20:19
tewardbut the PPAs *don't* get updates most likely so you're going to have to just ignore hte warnings if you want regular security patching20:20
tewardand make sure to actually DO the patching regularly :P20:20
seekrokay - security is of some concern to me, since the problem I had on the previous site resulted from a PHP infection20:20
teward> problem on the previous site resulted from a PHP infection20:20
seekrteward: however, I don't think it entered the system via Joomla!20:20
tewardthat means you didn't apply security patches OR there were other infection vectors20:20
tewardseekr: if Joomla's the only PHP thing facing the 'net then yes that was the attack vector20:21
tewardPHP or otherwise20:21
seekrteward: Well, it's a bit more complex.  The hosting company did a clamav scan, which showed infection from a few years ago, long before I began using Joomla!, though I did run a forum under a plain old HTML based site that I think was the means by which that injection/infection entered.20:22
tewardseekr: also irrelevant in the long term20:23
seekrteward: There may have been a second attack via a forum component, though - but clamav didn't show evidence thereof.20:23
tewardclamav is only good at virus scans20:23
tewardnot vulnerabilities which is what PHP updates patch20:23
tewardyou need more intense stuff to scan that :P20:23
tewardbut point is20:24
seekrteward: I certainly would prefer using a PHP version that's more hardened against attacks, if there is such a thing.20:24
tewardthe security team patches the PHP binaries20:24
seekrteward: sounds now as if you would recommend a PHP update20:24
seekrteward: but you seem also to be saying that getting that update for 16LTS is problematical20:25
tewardseekr: my true opinion will take about 20 minutes to voice here20:25
tewardso i'll give you the cliffs notes:20:25
seekrthanks20:25
tomreynseekr: teward is saying that as long as you install phph from ubuntu and your ubuntu version is supported by canoniocal, while the base php versionremains the same, security patches are backported to these older php versions.20:25
tomreynso then you have no reason to be worried.20:26
tewardtomreyn: his concern is PHP 7.0 vs. newer PHP rev numbers20:26
tewardbut you're essentially correct20:26
tewardseekr: tomreyn did a good job with the cliffs notes.20:26
seekrteward, tomreyn - right - the question is whether and how I can upgrade to 7.1 or higher under 16LTS20:26
tewardseekr: not while guaranteeing regular security updates20:27
tewardwhich is what I was saying20:27
tewardPPAs are the only way to find newer versions, and those aren't updated by the Security Team, etc.20:27
teward!ppa20:27
ubottuA Personal Package Archive (PPA) can provide alternate software not normally available in the offical Ubuntu repositories - Looking for a PPA? See https://launchpad.net/ubuntu/+ppas - WARNING: PPAs are unsupported third-party packages, and you use them at your own risk. See also !addppa and !ppa-purge20:27
teward^ this20:27
tomreynseekr: why is it you cannot upgrade to 18.04? i may have missed you saying this20:28
seekrLet me ask a simple, if naiive question.  Is it out of the question - or just impossible, since they're not in the regular repos, to install PHP 7.1 or 7.2 on this 16LTS system?20:28
tomreynno, this was already said.20:29
tomreynit is possible.20:29
seekrtomreyn: I had a long chat with someone else yesterday in which I described the problem with 18LTS.  There's apparent bug (trying to remember where) that prevents me from running an installed Joomla! site.20:30
tomreyni remember you or someone else asking why joomla does not work on an ubuntu 18.04 LTS here yesterday.20:31
tomreynbut there was not much info provided, so it was not really possible to help20:32
tewardi'mma try and local-install Joomla in an 18.04 container20:32
seekrSeems that 18 LTS doesn't have all the right support packages - or there's a flaw in the ones it installs:  https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/178788620:32
tewardmaybe they 'patched' it :P20:32
ubottuLaunchpad bug 1787886 in apache2 (Ubuntu) "Upgrade from 16LTS to 18LTS breaks Apache2" [Undecided,New]20:32
seekrtomreyn: yeah, it was me20:33
seekrtomreyn: I decided it was too much trouble - and maybe impossible - to find a fix for that bug, since it seems the case remains open as of this date - so I downgraded to 16 LTS.20:34
tomreynseekr: do you run the latest joomla version there?20:34
seekrtomreyn: yes - in fact, I just upgraded the site a few minutes ago20:34
tomreynseekr: were you running the latest joomla version before you upgraded to 18.04 yesterday?20:34
seekrtomreyn: negative - but I had no way to do so, since upgrades are possible only on running sites, afaik20:35
tomreynso it wasnt working on 16.04 either?20:35
seekrI never tried - I upgraded to 18 prior to restoring the site to the server20:36
tewardtomreyn: it looks to mel ike this is an Apache2 update breakage not a Joomla breakage if I'm reading the bug right20:36
tewardbut...20:36
tomreynwell this bug report is not... too telling20:37
tomreynseekr so which is the latest ubuntu version you had your site running on?20:37
tomreynyou said you downgraded to ubuntu 16.04 (you can't downgrade releases, i assume you reinstalled and restored backups?) to make joomla work, so i assume you got it working on 16.04?20:38
seekrYes - it's on a cloud server - I just re-built the system from scratch, which the installer did using 16.04.20:39
seekrtomreyn: ^^20:39
tomreynseekr: and now joomla works there, or not?20:40
seekrJoomla! appears to be working just fine.20:40
seekrMy only possible concern is the PHP security one at this point.20:40
tomreynand you're using the default php version ubuntu 16.04 provides, right?20:40
seekrI'm using 7.0, which I had to install.20:40
seekrI installed 7.2 under 16.04 LTS earlier.20:41
tomreynokay, and according to https://www.joomla.org/announcements/general-news/5719-4-reasons-why-you-should-get-php-7.html joonmla supports 7.x20:41
tewardi feel like we're going in circles... the version of 7.0 in the repositories **does receive security updates regularly**20:42
tewardbut not from PHP Upstream - the Ubuntu Security Team does it20:42
tewardsarnold among others.20:42
seekrteward: you think that's good enough, then?20:42
tewardfor the average site? yes.20:43
tewardbut there's about 500 other hardening steps NOT RELATED to PHP that I"d do20:43
tewardsince PHP is *not* the only attack vector20:43
tewardUnrelated, I have Joomla latest working Out Of The Box on a fresh 18.04 install20:43
seekrteward: interesting20:45
seekrteward: I wonder how you managed to avoid the bug20:45
tomreynseekr: i think if you review your upgrade strategy before you plan the newxt upgrade you'll be more successfull.20:45
seekrtomreyn: I'm all ears.  :)  I'm not sure I know all the right questions to ask and actions to take.20:46
tomreynif you're considering to upgrade a server running a web application, first of all you should read up on the limits and requirements of the web application.20:46
tomreynthose are suually documented, with the lowest and highest version of everything it depends on20:47
tomreyn...for every version of the web application20:47
tewardseekr: because I didn't upgrade 16.04 -> 18.04, I did fresh 18.04 :P20:47
tomreyni.e. joomla 3.3 probably had different requirements for the server versions than the latest joomla has20:47
tewardyep and you're fairly behind20:47
tewardit's 3.9 now heh20:48
tomreynusually you'll need to upgrade the web application first, upgrading it to the newest version available20:48
tewardyep20:48
tomreynif you then upgrade the server, it will often just work.20:48
tomreynbut it's a matter of trying before you do it on the live site20:48
tomreynso you just clone the server first, and then try it there20:48
seekrtomreyn: If it turns out I'm gonna have to run on this server for more than a week or so, I will do a careful review.  On the other server, which I hope to be able to move the site back to soon (though it's a crummy company that runs it now - used to be quite good).  In fact, I'll do that review in any case, though I have far less control on that other (shared hosting) server.20:49
tomreynand do it on the real website only if this semedd to work out and you have taken notes on what to look out for20:49
seekrWell, I'm certainly learning a lot in this process.  I've never configured a server from scratch before, so it's quite an adventure!  :)20:50
tomreynthe cloned site should be with the same host, in an environment as similar as possible20:50
tomreyncool, you're surely making good progress with this adventure ;)20:50
seekrtomreyn: yeah - under different circumstances (like I had an actual budget to support the activity), what you're suggesting about the cloned site sounds great.20:51
tomreynthe other thing to know is that there are also upgrade guides for ubuntu server, and for services you run on your ubuntu server, such as apache httpd.20:51
seekrtomreyn: As things stand, I'm using an account on a freebie server - they lure in new customers by giving them a three month free trial.  Were I to configure a second virtual server, I'd no doubt get charged for it.20:52
tomreynseekr: i see. you'll have better budgets in the future if work towards doing this stuff on a professional level. but even on a low budget you can prevent most pitfalls, so the clone is not *that* important.20:53
tomreyni see what you mean20:53
seekrWell, at this point, I think I'd best get back to the actual site, now that it's running -- and I'm anxious to announce it, since the site's been down now for over a week.  I'll come back and maybe have further questions as I play more with the server.  It's very good to know there's such a supportive community here (which is more than I can say for Joomla!, sadly).20:54
tomreyni think you'll be fine on ubuntu 16.04 LTS as long as you keep upgrading joomla whenever they release security fixes (be sure to know when that happens, subscribe their mailing list or whatever they have) and you keep installing security patches on ubuntu20:56
tomreynthe latter can be automated (but you still need to restart affected services and reboot after kernel updates manually)20:56
tomreynto automate it, look into unattended-upgrades.20:56
seekrtomreyn, teward - thanks very much for your kind assistance - I will continue to log this channel and will look forward to perusing the log.  Actually, I must confess that I'm actually a Linux Mint user.  I chose Ubuntu over Debian (on which I know Ubuntu is based) and the other alternatives since I'm somewhat familiar with the Debian/Ubuntu way of doing things.  :)20:57
tomreynfor general information on running a server, read (only the parts you need, such as on web servers) https://help.ubuntu.com/lts/serverguide/20:57
seekryes, tomreyn - I always install the latest Joomla! release as soon as I get an alert that one is available, as I did just a while ago today.20:57
tomreynand reas this about upgrades and what to watch out for there https://help.ubuntu.com/community/UpgradeNotes20:58
tomreyn*read20:58
tomreyngood, its indeed very important to stay up to date with webapps.20:58
seekrtomreyn: re "unattended-upgrades" you mean just search for that term in web-space, or what?20:58
seekrtomreyn: will look at the server guide - thanks!20:59
tomreyn"unattended-upgrades" is the name of an ubuntu package, which you can install ()in fact it probably already is, but not doing much by default) and can configure to install security patches automatically20:59
seekrtomreyn: I'll follow all your advice.20:59
seekrtomreyn: ahh - I'll look into it right away - thanks again!20:59
tomreynthere is also live kernel patching, which can give you more time before you have to reboot20:59
tomreynhttps://www.ubuntu.com/livepatch21:00
seekrtomreyn: how critical are kernel upgrades?21:00
tomreyndepends on the kernel upgrade ;)21:00
seekryeah, figures  :)21:00
tomreynor rather on the vulnerabilities that got patched21:00
seekrindeed21:00
JanCfor most websites just rebooting is probably sufficient21:01
tomreynsome are critical, many are not so much. but you can only decide this if you review them every time21:01
tomreynand rebooting is usually quite quick and a minor nuisance for your users21:01
seekrtomreyn: yeah - there's not that much site usage at present, so I have no qualms about rebooting as often as necessary.21:02
tomreynseekr: this lists security updates for ubuntu 16.04 LTS: https://usn.ubuntu.com/releases/ubuntu-16.04-lts/21:03
seekrgreat - thanks again!  You're a real fount of info!  :)  I really appreciate your kindness.21:03
tomreynyou can subscribe to all ubuntu security advisories here https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce21:03
seekrokay21:03
tomreynbut you dont dtrictly have to if you have unattended-.upgrades setup properly21:04
tomreynyou're welcome.21:04
seekrI'll save all these links and will look at those resources just ASAP.21:04
tomreyntake your time, they're not going away ;)21:05
seekrWell, I'd best shove off now - but, as I said, I'll continue to log the channel.  I'll look forward to our next encounter, tomreyn & teward!21:05
tomreynalright, you'Re welcome, ask when you'll have more questions.21:05
seekrwill do21:06
JanCit's been a long time since I looked at it; is joomla still such a security nightmare as it used to be?21:07
tomreynteward: sorry for interpreting you there earlier, i just like to try to explain things in "layman's terms" when i'm under the impression that a more precise and better language explanation may actually create a gap.21:08
tewardtomreyn: no problem :)21:08
tewardtomreyn: if you had misinterpreted I'd have thrown these ancient floppy disk ninja stars at you :p21:08
tomreynoh the ones with the sharp edges!21:08
tewardtomreyn: yep21:09
tomreynand with the copy protection flip thing switched so they work like barbs21:09
tomreynor was it 5 1/4 in? with the cut out? even meaner!21:10
tewardtomreyn: both >:D21:10
tomreyn:)21:10
teward... and the few 3.5inch ones I have, i kinda squished them so the metal slide cover protecting the magnetic film inside is as flat as a blade heh21:11
tewardmuahahahahahah21:11
teward... I also have a full printed copy of the Bash manpage that's about 50 binders thick...21:11
teward... so I can chuck those around as bricks ;P21:11
tewardbut meh21:11
teward(I need a nap, my allergies are messing with me... back later021:11
tomreyni might respond with the ibm dos 3.2 handbook21:12
tomreynmuch lighter, though. and with a beautiful ascii table.21:12
tomreynttyl21:12
JanCdoes it include BASIC or was that a separate book?21:13
tomreyni think there was a separate book for it21:14
tomreynas well as plenty of listings in journals21:14
tomreyni wrote some games of my own back then, much fun :)21:15
tomreynjust the audio situation was non satisfactory21:16
mybalzitcharg, one day I'll remember how I have my network configured and learn the correct bridge to hook my docker network up to23:40

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!