[02:07] Ello all [02:08] got an odd issue. [02:09] My 16.04.6 server is not applying / keeping my changes to my sysctl parameters I'm setting. [02:09] I'm trying to disable the netfilter filtering across bridges becuase it mucking up my KVM VMs. [02:11] hydrian: so how are you configuring them? [02:12] tried making a /etc/sysctl.d/60-kvm.conf file [02:12] After a reboot they didn't apply. I then added them to /etc/sysctl.conf and reboot. Same issue. [02:13] If I set them manually, they seem to work. [02:14] My thought is that a service may be changing them. [02:15] The odd thing is that this issue came out of no where. My kvm setup had been working find for months. Then I rebooted yesterday and it stared having this issue. [02:16] None of my guest VM can get any networking what-so-ever [02:16] The ubuntu host is fine. [02:17] After some research it seems that the issue is the default behaviour of NetFilter is to block all non-explicitly allowed bridge traffic. [02:18] which configurations do you have on the file then? [02:20] if you're saying a softwares' behaviour changed as part of an in-release update in a way that is not a bugfix, then it should probably be reported as a bug [02:21] (if this has not already been done by someone else) [02:22] I can't figure what the RCA of the sysctl changes not being applied / overwritten are so it a bit vague. [02:22] I was hoping somebody here may have had a similar issue / story. [02:24] So I can get a better diagnostics of this issue. [02:27] it worked for me last time i tried in sysctl.d/ [02:27] check file ownership, permissions [02:27] I did. root:root:644 [02:28] maybe rgrep for the settings you applied there in /lib/systemd and /etc to get an idea of where else whey may be changed [02:28] (keep in mind those settings can be formatted in diffferent ways) [02:28] I think it may be the ebtables service [03:05] nope... [06:09] is it possible that a breacher may of left a cron job on my server to disable all my defenses? [06:11] NotSoFastJames: Anything is possible. You can view cron jobs with crontab -l === mIk3_09 is now known as mIk3_08 [12:30] Is snapd and lxcfs strictly needed for the health on a 18.04 server? [12:31] Not that they are spending lots of resources, but I generally don't like keeping unneeded services running [12:37] Well that's strange. Using screen. Opening new window. The buffer seems jacked on new screen windows... I have to run reset to get it to work properly. Not sure what kind of weird quirk would cause this. [12:37] I wonder if I hit a screen bug or something is borked, must be === mIk3_09 is now known as mIk3_08 [13:35] sveinse: they're needed only if you intend to use them. If it helps, I'm running a bunch of servers in support of a web based saas, none of which use lxcfs or snaps. [13:53] foo: try tmux ;) [14:26] blackflow: do you disable them, or do you leave the server as vanilla as possible even thou you don't use it? [14:52] sveinse: I install from debootstrap (due to root on ZFS on LUKS) and so I don't even add those packages. In fact, I don't even add ubuntu-server, only ubuntu-minimal and whatever I explicitly need [14:53] and I'll continue debootstrapping even if the installer grows the ZFS functionality, there's too much bloat installed by default for the regular server installation. [14:55] blackflow: yeah. Its a tradeoff between sticking with standard ubuntu-server vs setting up your own from minimal. [14:55] I.e. I'm conflicted about it [14:56] i think snapd is only really required for gnome on a desktop (no more in 19.04) and for livepatch on a server [14:57] if it becomes mandatory on a sevrer, i'll switch to debian [14:58] tomreyn: it kinda is (that an lxcfs). You can disable it, but its a manual process from the default out of box ubuntu server [15:07] well there are snaps for server roles, like Postgres for example. I don't like that, as they auto-update at times out of my control. [15:09] sveinse: i see. i don't use containers much. [15:11] tomreyn: or you think you don't :) that's the thing about "containers" on linux, it's such a broad term. for example I don't use docker, lxc, lxd or any of those tools. I do however use containerization facilities of systemd to confine services. The end result is the same, since the same kernel APIs are used - namespaces. [15:17] docker had big breach [15:22] blackflow: right, more precisely i should have said: i don't usually use container frameworks which, to date, rely on snapd. [16:21] (For those of you using ubuntu-server) how do you guys disable snapd? [16:34] sveinse: stop/disable the snapd.service? you can also just uninstall the `snapd` package [17:05] Where can i find a list of keyboard shortcuts in order to send signals to processes in a terminal? (e.g.: Ctrl+c = SIGINT) …in particular, i want to motivate "ping" to produce a summary BUT without terminating. [17:06] Hey guys is there a way to check if my ubuntu is server or desktop ? [17:06] but a 100% way [17:07] faekjarz, [17:07] use "stty -a" [17:08] stty -a | grep -oE '(intr|quit|susp) = [^;]+' [17:13] testpil0t: that's it! Thanks! :) [17:23] thefatma: dpkg --status ubuntu-server [17:25] faekjarz: but that can be installed on desktop version aswell no? so it's not that valid of a check [17:27] well, it's a package (Section: metapackages) and default behaviour seems to be that it's not automatically installed on desktops [17:32] "lsb_release -a" doesn't include desktop / server [17:39] thefatma: also, you could look for display managers / X servers …but similar situation here; those could be installed on a server as well. [17:40] thefatma: maybe, you could also rephrase your question …or play with "dmidecode -t bios" or "...-t baseboard" [17:41] but most likely, thee is no 100% way [17:41] I dont see how there should be any. [17:44] i agree [17:51] just a funny thought: Supermicro makes RGB GAMING mobos now, so the "Manufacturer:" string from "dmidecode -t baseboard" wouldn't even be a sure-fire method any more ;D