| ironpillow | hi all, I am installing new ubuntu server on a headless machine. If I select "install security updates automatically", will this restart the machine after the updates are installed. | 00:16 |
|---|---|---|
| sarnold | ironpillow: no, it won't | 00:18 |
| sarnold | ironpillow: the motd should be amended to add: | 00:18 |
| sarnold | *** System restart required *** | 00:18 |
| ironpillow | so this WON'T restart correct? | 00:22 |
| sarnold | correct | 00:23 |
| ironpillow | sarnold: thanks! | 00:23 |
| sarnold | $ uptime | 00:23 |
| sarnold | 00:23:33 up 155 days, 5:08, 3 users, load average: 0.00, 0.00, 0.00 | 00:23 |
| sarnold | heh, that machine's been up a lot loonger than I expected | 00:23 |
| ironpillow | awesome! | 00:26 |
| Gerowen | On that topic, random thought, what would I dpkg-reconfigure if I wanted to change that option on an existing server installation? Say I didn't enable automatic updates, and I want to. | 00:32 |
| sarnold | Gerowen: I *think* apt-get install unattended-upgrades ought to do the right thing | 00:42 |
| === gnomethrower is now known as wings | ||
| lordievader | Good morning | 06:00 |
| === mIk3_09 is now known as mIk3_08 | ||
| chl_ | ugh, I seem to have forgotten which package I need for being able to ./configure | 12:33 |
| chl_ | nvm, im an idiot. forgot about autoconf | 12:37 |
| Greyztar | hello,i was wondering when using syctl command would options applied then be reset on reboot and to make it persistent i should edit /etc/sysctl.conf instead? | 12:47 |
| blackflow | Greyztar: yes, /etc/sysctl.conf or even better a custom file under sysctl.conf.d | 12:47 |
| Greyztar | blackflow, thanks, i tried to do sysctl --write net.netfilter.nf_conntrack_buckets=$((${conn_count}4)) which seemed to not work after reboot thanks for asnwer (,") | 12:48 |
| blackflow | Greyztar: btw that expression won't work in the .conf | 12:49 |
| Greyztar | blackflow, im trying to apply another option aswell,could i perhaps do paste and link what im trying to do so you could sort review it? | 12:50 |
| blackflow | sure | 12:51 |
| Greyztar | im trying to limit connections using conntracked module with these two options and an rule in iptables https://paste.debian.net/1082777/ | 12:53 |
| blackflow | Greyztar: where does ${conn_count} come from? | 12:54 |
| Greyztar | yeah i did some copy pasteing erhm,i dont think its supposed to be there ,i followed i guide ,cant find it no more though,think its just the value | 12:55 |
| Greyztar | would that make sense? | 12:56 |
| blackflow | it doesn't. I suggeest you don't set any permanent sysctls if you don't know what you're doing. You'll lock yourself out of the server. | 12:56 |
| Greyztar | blackflow, yeah ill see if i can find the guide again,good advice also i didnt really think that one through | 12:57 |
| chl_ | has xinetd been removed in 18.04? | 12:57 |
| blackflow | !info xinetd bionic | nope: | 12:59 |
| ubottu | nope:: xinetd (source: xinetd): replacement for inetd with many enhancements. In component universe, is extra. Version 1:2.3.15.3-1 (bionic), package size 112 kB, installed size 318 kB | 12:59 |
| chl_ | oh, nifty, thanks | 12:59 |
| blackflow | then again, there's systemd, so maybe you don't need it at all | 13:00 |
| disposable2 | is there a way in ufw to set 'ufw default deny' on one interface and 'ufw default allow' on another? | 13:04 |
| Greyztar | just wondering,how long could i possibly stay on 18.04 before it stops getting updates? | 13:18 |
| Greyztar | thought i read somewhere there was an option to still receive updates after the lts period was over? | 13:21 |
| blackflow | Greyztar: 5 years, and then optionally pay up for ESM for anotehr 5 | 13:22 |
| blackflow | (in total that is, since 2018. "after LTS period was over" you'd need to pay for ESM) | 13:22 |
| Greyztar | blackflow, ohh its paid alrighty thanks | 13:23 |
| Greyztar | blackflow, its the Ubuntu Advantage i need to buy then right? | 13:25 |
| Greyztar | seems the only option,good to know its an option to get support beyond lts if ever needed though | 13:27 |
| blackflow | Greyztar: yup, Ubuntu Advantage. | 13:32 |
| Ussat | Sigh.....RHEL Removed the ability to do JUST krb auth against a AD domain in 8 without joining the domain, looks like I will be useing more Ubuntu | 13:48 |
| teward | lol | 13:48 |
| teward | Ussat: sounds like RHEL did an evil | 13:48 |
| Ussat | Well......ya | 13:49 |
| Ussat | I use quite a bit of Ubuntu right now | 13:52 |
| === svetlana is now known as Sveta | ||
| Ussat | Not sure I would call it evil....just......ew | 14:01 |
| Greyztar | when i set tracking state with iptables like NEW,RELATED,ESTABLISHED the connection needs to fullfill all of those right not just NEW for an example? | 14:04 |
| teward | Greyztar: the connection needs to match *one* of those to be matched. | 14:04 |
| teward | at least AIUI | 14:05 |
| teward | but I might be wrong | 14:05 |
| teward | RELATED,ESTABLISHED tend to go together | 14:05 |
| teward | NEW won't have the other two IIRC> | 14:05 |
| teward | but don't quote me fully on that | 14:05 |
| Greyztar | teward, thank you for informative answer,it got a little confusing hehe | 14:05 |
| teward | Greyztar: per the manpage, I use conntrack and --ctstate which state: statelist is a comma separated list of the connection states to match. Possible states are listed below. <-- this doens't necessarily say it must match ALL | 14:06 |
| teward | but that any of the states in the list are matchable | 14:06 |
| teward | (manpages are fun, iptables-extensions manpage) | 14:07 |
| Greyztar | haha | 14:07 |
| Greyztar | yeah i should read more man pages just often i end up not wiser i tend to over complicate what i read | 14:07 |
| geodb27 | People : hi ! I'm trying to automate the installation process with a preseed file. THings seems to work so far (ubuntu 18.04 LTS server), but the language and keyboard selection. What is the prefered way to have this automated also ? | 14:18 |
| leftyfb | geodb27: append this to your kernel line: locale=en_US console-setup/ask_detect=false keyboard-configuration/layoutcode=en console-setup/layoutcode=en keyboard-configuration/xkb-keymap=us | 14:21 |
| geodb27 | Thanks a lot for your answer leftyfb. I'll give it a try when my in-progress installation is done. | 14:25 |
| Greyztar | im wondering,is the snapd stuff useable in production? | 14:55 |
| blackflow | Greyztar: depends on what you expect of the "production" :) For example, snaps auto-update, making them useless on servers in my book. | 14:59 |
| patdk-lap | I limit snap usage to configuration utilities, like kubectl and stuff | 15:00 |
| Greyztar | blackflow, im just wondering if its ment for production though in term of it being stable and not experimental and such,some time ago i wanted to migrate my own server from Ubuntu to Debian but couldnt get lxc to work so didnt bother,though using snapd now i got it working =) | 15:03 |
| Greyztar | i also noticed the lxc version in snapd is 3.13 and on my 18.04 server its 3.0.3 | 15:04 |
| Greyztar | if i migrate i will miss the easy live kernel patching from Ubuntu though,thats some awsome feature | 15:05 |
| blackflow | Greyztar: I say use apt packages where possible, and snaps only if there's no apt package (for the version you want), and of course if the auto-update regime is okay with you. | 15:13 |
| blackflow | For me, snaps offer no advantage, if there's an apt package. Any "isolation" one can achieve with snaps is doable with systemd options, apparmor and other tech, which is 100% under your control. | 15:14 |
| blackflow | For example, I dislike that I can't customize AppArmor profile of snaps. | 15:14 |
| lordcirth | I thought you could? | 15:14 |
| blackflow | overwritten on next update | 15:14 |
| Greyztar | blackflow, thank you for informative answer,i really didnt know about the auto update feature im not a fan of that so have to look into it | 15:15 |
| lordcirth | If I want non-apt packages that I can update ahead of LTS, I use Nix | 15:19 |
| Greyztar | noticed my snap program still worked after disableing the snapd service itself,maybe it could work by just enabling it every now and then with cron for updates? | 15:24 |
| Greyztar | or maybe its a reason it auto updates and ill end up with a broken system | 15:25 |
| OerHeks | snapd.service is the update mechanism | 15:33 |
| OerHeks | snaps should work, though, without snapd.service enabled | 15:33 |
| Greyztar | OerHeks, nice thanks! | 15:34 |
| catbadger | oh so pretty specific question... I'm running a cpanm install (Apache::SSI) for mod_perl1.3, and it's asking for the location of httpd (on repeat forever)... is there some way to preload this via bash? | 15:57 |
| catbadger | echo "httpd location" | cpan install blah | 16:11 |
| catbadger | echo "httpd location" | cpan install blah -T | 16:11 |
| Greyztar | this snap stuff is kinda neat though,i got lxc 3.13 installed on my tiny arm router. Containervisor on 22 dollar equipment i find sweet although its really slow =) | 16:26 |
| === mason is now known as ChibaPet | ||
| === ChibaPet is now known as mason | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!