[00:40] <Annoyed> Greetings. Server 18.04.1 - How do I completely disable the systemd process that does DNS for this machine? It clobbers /etc/resolv.conf upon reboot.. All I want to do is set the machine's DNS to 127.0.0.1 (Yes, BIND is running on this)
[00:41] <RoyK> Annoyed: iirc that's not systemd, it's resolvconf - configure it
[00:42] <Annoyed> Ok... where do you do it? I haven't found a lot of docs on this
[00:43] <Annoyed> and there doesn't seem to be a command "resolveconf" installed. Or is that something else?
[00:46] <RoyK> is the resolvconf package installed?
[00:47] <Annoyed> Not if it doesn't come with the default install.
[00:47] <RoyK> well, did you check if it's installed?
[00:50] <Annoyed> But I wouldn't think you would need another package to do this. All I want to do is set the system nameserver to 127.0.0.1. I've got BIND installed, set up, and not only does it resolve my inside network seamlessly, it's also a LOT faster than tbe default DNS on this, which looks to be 127.0.0.53
=== beatzz__ is now known as beatzz
[20:02] <seekr> I'm finding myself unable to restore a MySQL database for a Joomla!-based site using the Akeeba backup system.  It complains that it's unable to connect to MySQL (actually, I installed the newer, better and compatible MariaDB package).  I've established that it's not a permissions problem, since I've granted access to the database for www-data, which is the UID under which Apache is running Akeeba (and everything else).  I've granted full
[20:02] <seekr> permissions to that user on the database, so it should be able to create and populate tables.  In fact, I tested that capability via a terminal command (mysql --user=www-data --password=mypass dbname).  Any suggestions?
[20:05] <tomreyn> find our how this software connects to databases, and enable it to do so
[20:06] <seekr> oooo - I just changed the hostname to "localhost" - and got it to work - thanks tomreyn
[20:14] <seekr> okay - I'm able to administer the site, but am getting a warning: "We have detected that your server is using PHP 7.0.32-0ubuntu0.16.04.1 which is obsolete and no longer receives official security updates by its developers. The Joomla! Project recommends upgrading your site to PHP 7.1 or later which will receive security updates at least until 2019-12-01."  Is PHP 7.1 compatible with 16LTS?  I'd assume so.  I tried running 18LTS but ran into a
[20:14] <seekr> serious problem and had to fall back to the earlier Ubuntu release.
[20:16] <teward> seekr: there's PPAs that provide 'newer' PHP versions
[20:17] <teward> but you'd have to go hunting to find them, and we don't support them here technically
[20:17] <seekr> hmmm, teward
[20:17] <seekr> Do you think maybe it's best to just live with the warning?  (I'm probably only going to run the site on this server temporarily.)
[20:18] <teward> seekr: if you're asking my opinion as a security professional, then yes, only so long as this is a 'temporary' server deployment to get things 'ready' for a production environment
[20:18] <teward> if this is going to be used as production even temporarily then i would be wary
[20:19] <teward> but that's the security opinion of me
[20:19] <teward> the PHP code that's on 16.04 still gets Security Team updates
[20:19] <teward> regularly
[20:19] <teward> so I'm more inclined to ignore the warning as well because I know the Sec Team is on top of PHP security vulns
[20:19] <seekr> teward: well, it kinda is going to be a production site for some indeterminate amount of time (I had problems with the server on which the site was running)
[20:19] <teward> seekr: then it's up to you
[20:20] <teward> but the PPAs *don't* get updates most likely so you're going to have to just ignore hte warnings if you want regular security patching
[20:20] <teward> and make sure to actually DO the patching regularly :P
[20:20] <seekr> okay - security is of some concern to me, since the problem I had on the previous site resulted from a PHP infection
[20:20] <teward> > problem on the previous site resulted from a PHP infection
[20:20] <seekr> teward: however, I don't think it entered the system via Joomla!
[20:20] <teward> that means you didn't apply security patches OR there were other infection vectors
[20:21] <teward> seekr: if Joomla's the only PHP thing facing the 'net then yes that was the attack vector
[20:21] <teward> PHP or otherwise
[20:22] <seekr> teward: Well, it's a bit more complex.  The hosting company did a clamav scan, which showed infection from a few years ago, long before I began using Joomla!, though I did run a forum under a plain old HTML based site that I think was the means by which that injection/infection entered.
[20:23] <teward> seekr: also irrelevant in the long term
[20:23] <seekr> teward: There may have been a second attack via a forum component, though - but clamav didn't show evidence thereof.
[20:23] <teward> clamav is only good at virus scans
[20:23] <teward> not vulnerabilities which is what PHP updates patch
[20:23] <teward> you need more intense stuff to scan that :P
[20:24] <teward> but point is
[20:24] <seekr> teward: I certainly would prefer using a PHP version that's more hardened against attacks, if there is such a thing.
[20:24] <teward> the security team patches the PHP binaries
[20:24] <seekr> teward: sounds now as if you would recommend a PHP update
[20:25] <seekr> teward: but you seem also to be saying that getting that update for 16LTS is problematical
[20:25] <teward> seekr: my true opinion will take about 20 minutes to voice here
[20:25] <teward> so i'll give you the cliffs notes:
[20:25] <seekr> thanks
[20:25] <tomreyn> seekr: teward is saying that as long as you install phph from ubuntu and your ubuntu version is supported by canoniocal, while the base php versionremains the same, security patches are backported to these older php versions.
[20:26] <tomreyn> so then you have no reason to be worried.
[20:26] <teward> tomreyn: his concern is PHP 7.0 vs. newer PHP rev numbers
[20:26] <teward> but you're essentially correct
[20:26] <teward> seekr: tomreyn did a good job with the cliffs notes.
[20:26] <seekr> teward, tomreyn - right - the question is whether and how I can upgrade to 7.1 or higher under 16LTS
[20:27] <teward> seekr: not while guaranteeing regular security updates
[20:27] <teward> which is what I was saying
[20:27] <teward> PPAs are the only way to find newer versions, and those aren't updated by the Security Team, etc.
[20:27] <teward> !ppa
[20:27] <ubottu> A Personal Package Archive (PPA) can provide alternate software not normally available in the offical Ubuntu repositories - Looking for a PPA? See https://launchpad.net/ubuntu/+ppas - WARNING: PPAs are unsupported third-party packages, and you use them at your own risk. See also !addppa and !ppa-purge
[20:27] <teward> ^ this
[20:28] <tomreyn> seekr: why is it you cannot upgrade to 18.04? i may have missed you saying this
[20:28] <seekr> Let me ask a simple, if naiive question.  Is it out of the question - or just impossible, since they're not in the regular repos, to install PHP 7.1 or 7.2 on this 16LTS system?
[20:29] <tomreyn> no, this was already said.
[20:29] <tomreyn> it is possible.
[20:30] <seekr> tomreyn: I had a long chat with someone else yesterday in which I described the problem with 18LTS.  There's apparent bug (trying to remember where) that prevents me from running an installed Joomla! site.
[20:31] <tomreyn> i remember you or someone else asking why joomla does not work on an ubuntu 18.04 LTS here yesterday.
[20:32] <tomreyn> but there was not much info provided, so it was not really possible to help
[20:32] <teward> i'mma try and local-install Joomla in an 18.04 container
[20:32] <seekr> Seems that 18 LTS doesn't have all the right support packages - or there's a flaw in the ones it installs:  https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1787886
[20:32] <teward> maybe they 'patched' it :P
[20:32] <ubottu> Launchpad bug 1787886 in apache2 (Ubuntu) "Upgrade from 16LTS to 18LTS breaks Apache2" [Undecided,New]
[20:33] <seekr> tomreyn: yeah, it was me
[20:34] <seekr> tomreyn: I decided it was too much trouble - and maybe impossible - to find a fix for that bug, since it seems the case remains open as of this date - so I downgraded to 16 LTS.
[20:34] <tomreyn> seekr: do you run the latest joomla version there?
[20:34] <seekr> tomreyn: yes - in fact, I just upgraded the site a few minutes ago
[20:34] <tomreyn> seekr: were you running the latest joomla version before you upgraded to 18.04 yesterday?
[20:35] <seekr> tomreyn: negative - but I had no way to do so, since upgrades are possible only on running sites, afaik
[20:35] <tomreyn> so it wasnt working on 16.04 either?
[20:36] <seekr> I never tried - I upgraded to 18 prior to restoring the site to the server
[20:36] <teward> tomreyn: it looks to mel ike this is an Apache2 update breakage not a Joomla breakage if I'm reading the bug right
[20:36] <teward> but...
[20:37] <tomreyn> well this bug report is not... too telling
[20:37] <tomreyn> seekr so which is the latest ubuntu version you had your site running on?
[20:38] <tomreyn> you said you downgraded to ubuntu 16.04 (you can't downgrade releases, i assume you reinstalled and restored backups?) to make joomla work, so i assume you got it working on 16.04?
[20:39] <seekr> Yes - it's on a cloud server - I just re-built the system from scratch, which the installer did using 16.04.
[20:39] <seekr> tomreyn: ^^
[20:40] <tomreyn> seekr: and now joomla works there, or not?
[20:40] <seekr> Joomla! appears to be working just fine.
[20:40] <seekr> My only possible concern is the PHP security one at this point.
[20:40] <tomreyn> and you're using the default php version ubuntu 16.04 provides, right?
[20:40] <seekr> I'm using 7.0, which I had to install.
[20:41] <seekr> I installed 7.2 under 16.04 LTS earlier.
[20:41] <tomreyn> okay, and according to https://www.joomla.org/announcements/general-news/5719-4-reasons-why-you-should-get-php-7.html joonmla supports 7.x
[20:42] <teward> i feel like we're going in circles... the version of 7.0 in the repositories **does receive security updates regularly**
[20:42] <teward> but not from PHP Upstream - the Ubuntu Security Team does it
[20:42] <teward> sarnold among others.
[20:42] <seekr> teward: you think that's good enough, then?
[20:43] <teward> for the average site? yes.
[20:43] <teward> but there's about 500 other hardening steps NOT RELATED to PHP that I"d do
[20:43] <teward> since PHP is *not* the only attack vector
[20:43] <teward> Unrelated, I have Joomla latest working Out Of The Box on a fresh 18.04 install
[20:45] <seekr> teward: interesting
[20:45] <seekr> teward: I wonder how you managed to avoid the bug
[20:45] <tomreyn> seekr: i think if you review your upgrade strategy before you plan the newxt upgrade you'll be more successfull.
[20:46] <seekr> tomreyn: I'm all ears.  :)  I'm not sure I know all the right questions to ask and actions to take.
[20:46] <tomreyn> if you're considering to upgrade a server running a web application, first of all you should read up on the limits and requirements of the web application.
[20:47] <tomreyn> those are suually documented, with the lowest and highest version of everything it depends on
[20:47] <tomreyn> ...for every version of the web application
[20:47] <teward> seekr: because I didn't upgrade 16.04 -> 18.04, I did fresh 18.04 :P
[20:47] <tomreyn> i.e. joomla 3.3 probably had different requirements for the server versions than the latest joomla has
[20:47] <teward> yep and you're fairly behind
[20:48] <teward> it's 3.9 now heh
[20:48] <tomreyn> usually you'll need to upgrade the web application first, upgrading it to the newest version available
[20:48] <teward> yep
[20:48] <tomreyn> if you then upgrade the server, it will often just work.
[20:48] <tomreyn> but it's a matter of trying before you do it on the live site
[20:48] <tomreyn> so you just clone the server first, and then try it there
[20:49] <seekr> tomreyn: If it turns out I'm gonna have to run on this server for more than a week or so, I will do a careful review.  On the other server, which I hope to be able to move the site back to soon (though it's a crummy company that runs it now - used to be quite good).  In fact, I'll do that review in any case, though I have far less control on that other (shared hosting) server.
[20:49] <tomreyn> and do it on the real website only if this semedd to work out and you have taken notes on what to look out for
[20:50] <seekr> Well, I'm certainly learning a lot in this process.  I've never configured a server from scratch before, so it's quite an adventure!  :)
[20:50] <tomreyn> the cloned site should be with the same host, in an environment as similar as possible
[20:50] <tomreyn> cool, you're surely making good progress with this adventure ;)
[20:51] <seekr> tomreyn: yeah - under different circumstances (like I had an actual budget to support the activity), what you're suggesting about the cloned site sounds great.
[20:51] <tomreyn> the other thing to know is that there are also upgrade guides for ubuntu server, and for services you run on your ubuntu server, such as apache httpd.
[20:52] <seekr> tomreyn: As things stand, I'm using an account on a freebie server - they lure in new customers by giving them a three month free trial.  Were I to configure a second virtual server, I'd no doubt get charged for it.
[20:53] <tomreyn> seekr: i see. you'll have better budgets in the future if work towards doing this stuff on a professional level. but even on a low budget you can prevent most pitfalls, so the clone is not *that* important.
[20:53] <tomreyn> i see what you mean
[20:54] <seekr> Well, at this point, I think I'd best get back to the actual site, now that it's running -- and I'm anxious to announce it, since the site's been down now for over a week.  I'll come back and maybe have further questions as I play more with the server.  It's very good to know there's such a supportive community here (which is more than I can say for Joomla!, sadly).
[20:56] <tomreyn> i think you'll be fine on ubuntu 16.04 LTS as long as you keep upgrading joomla whenever they release security fixes (be sure to know when that happens, subscribe their mailing list or whatever they have) and you keep installing security patches on ubuntu
[20:56] <tomreyn> the latter can be automated (but you still need to restart affected services and reboot after kernel updates manually)
[20:56] <tomreyn> to automate it, look into unattended-upgrades.
[20:57] <seekr> tomreyn, teward - thanks very much for your kind assistance - I will continue to log this channel and will look forward to perusing the log.  Actually, I must confess that I'm actually a Linux Mint user.  I chose Ubuntu over Debian (on which I know Ubuntu is based) and the other alternatives since I'm somewhat familiar with the Debian/Ubuntu way of doing things.  :)
[20:57] <tomreyn> for general information on running a server, read (only the parts you need, such as on web servers) https://help.ubuntu.com/lts/serverguide/
[20:57] <seekr> yes, tomreyn - I always install the latest Joomla! release as soon as I get an alert that one is available, as I did just a while ago today.
[20:58] <tomreyn> and reas this about upgrades and what to watch out for there https://help.ubuntu.com/community/UpgradeNotes
[20:58] <tomreyn> *read
[20:58] <tomreyn> good, its indeed very important to stay up to date with webapps.
[20:58] <seekr> tomreyn: re "unattended-upgrades" you mean just search for that term in web-space, or what?
[20:59] <seekr> tomreyn: will look at the server guide - thanks!
[20:59] <tomreyn> "unattended-upgrades" is the name of an ubuntu package, which you can install ()in fact it probably already is, but not doing much by default) and can configure to install security patches automatically
[20:59] <seekr> tomreyn: I'll follow all your advice.
[20:59] <seekr> tomreyn: ahh - I'll look into it right away - thanks again!
[20:59] <tomreyn> there is also live kernel patching, which can give you more time before you have to reboot
[21:00] <tomreyn> https://www.ubuntu.com/livepatch
[21:00] <seekr> tomreyn: how critical are kernel upgrades?
[21:00] <tomreyn> depends on the kernel upgrade ;)
[21:00] <seekr> yeah, figures  :)
[21:00] <tomreyn> or rather on the vulnerabilities that got patched
[21:00] <seekr> indeed
[21:01] <JanC> for most websites just rebooting is probably sufficient
[21:01] <tomreyn> some are critical, many are not so much. but you can only decide this if you review them every time
[21:01] <tomreyn> and rebooting is usually quite quick and a minor nuisance for your users
[21:02] <seekr> tomreyn: yeah - there's not that much site usage at present, so I have no qualms about rebooting as often as necessary.
[21:03] <tomreyn> seekr: this lists security updates for ubuntu 16.04 LTS: https://usn.ubuntu.com/releases/ubuntu-16.04-lts/
[21:03] <seekr> great - thanks again!  You're a real fount of info!  :)  I really appreciate your kindness.
[21:03] <tomreyn> you can subscribe to all ubuntu security advisories here https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
[21:03] <seekr> okay
[21:04] <tomreyn> but you dont dtrictly have to if you have unattended-.upgrades setup properly
[21:04] <tomreyn> you're welcome.
[21:04] <seekr> I'll save all these links and will look at those resources just ASAP.
[21:05] <tomreyn> take your time, they're not going away ;)
[21:05] <seekr> Well, I'd best shove off now - but, as I said, I'll continue to log the channel.  I'll look forward to our next encounter, tomreyn & teward!
[21:05] <tomreyn> alright, you'Re welcome, ask when you'll have more questions.
[21:06] <seekr> will do
[21:07] <JanC> it's been a long time since I looked at it; is joomla still such a security nightmare as it used to be?
[21:08] <tomreyn> teward: sorry for interpreting you there earlier, i just like to try to explain things in "layman's terms" when i'm under the impression that a more precise and better language explanation may actually create a gap.
[21:08] <teward> tomreyn: no problem :)
[21:08] <teward> tomreyn: if you had misinterpreted I'd have thrown these ancient floppy disk ninja stars at you :p
[21:08] <tomreyn> oh the ones with the sharp edges!
[21:09] <teward> tomreyn: yep
[21:09] <tomreyn> and with the copy protection flip thing switched so they work like barbs
[21:10] <tomreyn> or was it 5 1/4 in? with the cut out? even meaner!
[21:10] <teward> tomreyn: both >:D
[21:10] <tomreyn> :)
[21:11] <teward> ... and the few 3.5inch ones I have, i kinda squished them so the metal slide cover protecting the magnetic film inside is as flat as a blade heh
[21:11] <teward> muahahahahahah
[21:11] <teward> ... I also have a full printed copy of the Bash manpage that's about 50 binders thick...
[21:11] <teward> ... so I can chuck those around as bricks ;P
[21:11] <teward> but meh
[21:11] <teward> (I need a nap, my allergies are messing with me... back later0
[21:12] <tomreyn> i might respond with the ibm dos 3.2 handbook
[21:12] <tomreyn> much lighter, though. and with a beautiful ascii table.
[21:12] <tomreyn> ttyl
[21:13] <JanC> does it include BASIC or was that a separate book?
[21:14] <tomreyn> i think there was a separate book for it
[21:14] <tomreyn> as well as plenty of listings in journals
[21:15] <tomreyn> i wrote some games of my own back then, much fun :)
[21:16] <tomreyn> just the audio situation was non satisfactory
[23:40] <mybalzitch> arg, one day I'll remember how I have my network configured and learn the correct bridge to hook my docker network up to