[02:07] <hydrian> Ello all
[02:08] <hydrian> got an odd issue.
[02:09] <hydrian> My 16.04.6 server is not applying / keeping my changes to my sysctl parameters I'm setting.
[02:09] <hydrian> I'm trying to disable the netfilter filtering across bridges becuase it mucking up my KVM VMs.
[02:11] <tomreyn> hydrian: so how are you configuring them?
[02:12] <hydrian> tried making a /etc/sysctl.d/60-kvm.conf file
[02:12] <hydrian> After a reboot they didn't apply. I then added them to /etc/sysctl.conf and reboot. Same issue.
[02:13] <hydrian> If I set them manually, they seem to work.
[02:14] <hydrian> My thought is that a service may be changing them.
[02:15] <hydrian> The odd thing is that this issue came out of no where. My kvm setup had been working find for months. Then I rebooted yesterday and it stared having this issue.
[02:16] <hydrian> None of my guest VM can get any networking what-so-ever
[02:16] <hydrian> The ubuntu host is fine.
[02:17] <hydrian> After some research it seems that the issue is the default behaviour of NetFilter is to block all non-explicitly allowed bridge traffic.
[02:18] <tomreyn> which configurations do you have on the file then?
[02:20] <tomreyn> if you're saying a softwares' behaviour changed as part of an in-release update in a way that is not a bugfix, then it should probably be reported as a bug
[02:21] <tomreyn> (if this has not already been done by someone else)
[02:22] <hydrian> I can't figure what the RCA of the sysctl changes not being applied / overwritten are so it a bit vague.
[02:22] <hydrian> I was hoping somebody here may have had a similar issue / story.
[02:24] <hydrian> So I can get a better diagnostics of this issue.
[02:27] <tomreyn> it worked for me last time i tried in sysctl.d/
[02:27] <tomreyn> check file ownership, permissions
[02:27] <hydrian> I did. root:root:644
[02:28] <tomreyn> maybe rgrep for the settings you applied there in /lib/systemd and /etc to get an idea of where else whey may be changed
[02:28] <tomreyn> (keep in mind those settings can be formatted in diffferent ways)
[02:28] <hydrian> I think it may be the ebtables service
[03:05] <hydrian> nope...
[06:09] <NotSoFastJames> is it possible that a breacher may of left a cron job on my server to disable all my defenses?
[06:11] <Gerowen> NotSoFastJames: Anything is possible.  You can view cron jobs with crontab -l
[12:30] <sveinse> Is snapd and lxcfs strictly needed for the health on a 18.04 server?
[12:31] <sveinse> Not that they are spending lots of resources, but I generally don't like keeping unneeded services running
[12:37] <foo> Well that's strange. Using screen. Opening new window. The buffer seems jacked on new screen windows... I have to run reset to get it to work properly. Not sure what kind of weird quirk would cause this.
[12:37] <foo> I wonder if I hit a screen bug or something is borked, must be
[13:35] <blackflow> sveinse: they're needed only if you intend to use them. If it helps, I'm running a bunch of servers in support of a web based saas, none of which use lxcfs or snaps.
[13:53] <RoyK> foo: try tmux ;)
[14:26] <sveinse> blackflow: do you disable them, or do you leave the server as vanilla as possible even thou you don't use it?
[14:52] <blackflow> sveinse: I install from debootstrap (due to root on ZFS on LUKS) and so I don't even add those packages. In fact, I don't even add ubuntu-server, only ubuntu-minimal and whatever I explicitly need
[14:53] <blackflow> and I'll continue debootstrapping even if the installer grows the ZFS functionality, there's too much bloat installed by default for the regular server installation.
[14:55] <sveinse> blackflow: yeah. Its a tradeoff between sticking with standard ubuntu-server vs setting up your own from minimal.
[14:55] <sveinse> I.e. I'm conflicted about it
[14:56] <tomreyn> i think snapd is only really required for gnome on a desktop (no more in 19.04) and for livepatch on a server
[14:57] <tomreyn> if it becomes mandatory on a sevrer, i'll switch to debian
[14:58] <sveinse> tomreyn: it kinda is (that an lxcfs). You can disable it, but its a manual process from the default out of box ubuntu server
[15:07] <blackflow> well there are snaps for server roles, like Postgres for example. I don't like that, as they auto-update at times out of my control.
[15:09] <tomreyn> sveinse: i see. i don't use containers much.
[15:11] <blackflow> tomreyn: or you think you don't :) that's the thing about "containers" on linux, it's such a broad term. for example I don't use docker, lxc, lxd or any of those tools. I do however use containerization facilities of systemd to confine services. The end result is the same, since the same kernel APIs are used - namespaces.
[15:17] <lotuspsychje> docker had big breach
[15:22] <tomreyn> blackflow: right, more precisely i should have said: i don't usually use container frameworks which, to date, rely on snapd.
[16:21] <sveinse> (For those of you using ubuntu-server) how do you guys disable snapd?
[16:34] <blackflow> sveinse: stop/disable the snapd.service? you can also just uninstall the `snapd` package
[17:05] <faekjarz> Where can i find a list of keyboard shortcuts in order to send signals to processes in a terminal? (e.g.: Ctrl+c = SIGINT) …in particular, i want to motivate "ping" to produce a summary BUT without terminating.
[17:06] <thefatma> Hey guys is there a way to check if my ubuntu is server or desktop ?
[17:06] <thefatma> but a 100% way
[17:07] <testpil0t> faekjarz,
[17:07] <testpil0t> use "stty -a"
[17:08] <testpil0t> stty -a | grep -oE '(intr|quit|susp) = [^;]+'
[17:13] <faekjarz> testpil0t: that's it! Thanks! :)
[17:23] <faekjarz> thefatma: dpkg --status ubuntu-server
[17:25] <thefatma> faekjarz: but that can be installed on desktop version aswell no? so it's not that valid of a check
[17:27] <faekjarz> well, it's a package (Section: metapackages) and default behaviour seems to be that it's not automatically installed on desktops
[17:32] <faekjarz> "lsb_release -a" doesn't include desktop / server
[17:39] <faekjarz> thefatma: also, you could look for display managers / X servers …but similar situation here; those could be installed on a server as well.
[17:40] <faekjarz> thefatma: maybe, you could also rephrase your question …or play with "dmidecode -t bios" or "...-t baseboard"
[17:41] <testpil0t> but most likely, thee is no 100% way
[17:41] <testpil0t> I dont see how there should be any.
[17:44] <faekjarz> i agree
[17:51] <faekjarz> just a funny thought: Supermicro makes RGB GAMING mobos now, so the "Manufacturer:" string from "dmidecode -t baseboard" wouldn't even be a sure-fire method any more ;D