[00:16] <ironpillow> hi all, I am installing new ubuntu server on a headless machine. If I select "install security updates automatically", will this restart the machine after the updates are installed.
[00:18] <sarnold> ironpillow: no, it won't
[00:18] <sarnold> ironpillow: the motd should be amended to add:
[00:18] <sarnold> *** System restart required ***
[00:22] <ironpillow> so this WON'T restart correct?
[00:23] <sarnold> correct
[00:23] <ironpillow> sarnold: thanks!
[00:23] <sarnold> $ uptime
[00:23] <sarnold>  00:23:33 up 155 days,  5:08,  3 users,  load average: 0.00, 0.00, 0.00
[00:23] <sarnold> heh, that machine's been up a lot loonger than I expected
[00:26] <ironpillow> awesome!
[00:32] <Gerowen> On that topic, random thought, what would I dpkg-reconfigure if I wanted to change that option on an existing server installation?  Say I didn't enable automatic updates, and I want to.
[00:42] <sarnold> Gerowen: I *think* apt-get install unattended-upgrades ought to do the right thing
[06:00] <lordievader> Good morning
[12:33] <chl_> ugh, I seem to have forgotten which package I need for being able to ./configure
[12:37] <chl_> nvm, im an idiot. forgot about autoconf
[12:47] <Greyztar> hello,i was wondering when using syctl command would options applied then be reset on reboot and to make it persistent i should edit /etc/sysctl.conf instead?
[12:47] <blackflow> Greyztar: yes, /etc/sysctl.conf or even better a custom file under sysctl.conf.d
[12:48] <Greyztar> blackflow, thanks, i tried to do sysctl --write net.netfilter.nf_conntrack_buckets=$((${conn_count}4)) which seemed to not work after reboot thanks for asnwer (,")
[12:49] <blackflow> Greyztar: btw that expression won't work in the .conf
[12:50] <Greyztar> blackflow, im trying to apply another option aswell,could i perhaps do paste and link what im trying to do so you could sort review it?
[12:51] <blackflow> sure
[12:53] <Greyztar> im trying to limit connections using conntracked module with these two options and an rule in iptables https://paste.debian.net/1082777/
[12:54] <blackflow> Greyztar: where does ${conn_count} come from?
[12:55] <Greyztar> yeah i did some copy pasteing erhm,i dont think its supposed to be there ,i followed i guide ,cant find it no more though,think its just the value
[12:56] <Greyztar> would that make sense?
[12:56] <blackflow> it doesn't. I suggeest you don't set any permanent sysctls if you don't know what you're doing. You'll lock yourself out of the server.
[12:57] <Greyztar> blackflow, yeah ill see if i can find the guide again,good advice also i didnt really think that one through
[12:57] <chl_> has xinetd been removed in 18.04?
[12:59] <blackflow> !info xinetd bionic | nope:
[12:59] <chl_> oh, nifty, thanks
[13:00] <blackflow> then again, there's systemd, so maybe you don't need it at all
[13:04] <disposable2> is there a way in ufw to set 'ufw default deny' on one interface and 'ufw default allow' on another?
[13:18] <Greyztar> just wondering,how long could i possibly stay on 18.04 before it stops getting updates?
[13:21] <Greyztar> thought i read somewhere there was an option to still receive updates after the lts period was over?
[13:22] <blackflow> Greyztar: 5 years, and then optionally pay up for ESM for anotehr 5
[13:22] <blackflow> (in total that is, since 2018. "after LTS period was over" you'd need to pay for ESM)
[13:23] <Greyztar> blackflow, ohh its paid alrighty thanks
[13:25] <Greyztar> blackflow, its the Ubuntu Advantage i need to buy then right?
[13:27] <Greyztar> seems the only option,good to know its an option to get support beyond lts if ever needed though
[13:32] <blackflow> Greyztar: yup, Ubuntu Advantage.
[13:48] <Ussat> Sigh.....RHEL Removed the ability to do JUST krb auth against a AD domain in 8 without joining the domain, looks like I will be useing more Ubuntu
[13:48] <teward> lol
[13:48] <teward> Ussat: sounds like RHEL did an evil
[13:49] <Ussat> Well......ya
[13:52] <Ussat> I use quite a bit of Ubuntu right now
[14:01] <Ussat> Not sure I would call it evil....just......ew
[14:04] <Greyztar> when i set tracking state with iptables like NEW,RELATED,ESTABLISHED the connection needs to fullfill all of those right not just NEW for an example?
[14:04] <teward> Greyztar: the connection needs to match *one* of those to be matched.
[14:05] <teward> at least AIUI
[14:05] <teward> but I might be wrong
[14:05] <teward> RELATED,ESTABLISHED tend to go together
[14:05] <teward> NEW won't have the other two IIRC>
[14:05] <teward> but don't quote me fully on that
[14:05] <Greyztar> teward, thank you for informative answer,it got a little confusing hehe
[14:06] <teward> Greyztar: per the manpage, I use conntrack and --ctstate which state: statelist is a comma separated list of the connection states to match. Possible states are listed below.  <-- this doens't necessarily say it must match ALL
[14:06] <teward> but that any of the states in the list are matchable
[14:07] <teward> (manpages are fun, iptables-extensions manpage)
[14:07] <Greyztar> haha
[14:07] <Greyztar> yeah i should read more man pages just often i end up not wiser i tend to over complicate what i read
[14:18] <geodb27> People : hi ! I'm trying to automate the installation process with a preseed file. THings seems to work so far (ubuntu 18.04 LTS server), but the language and keyboard selection. What is the prefered way to have this automated also ?
[14:21] <leftyfb> geodb27: append this to your kernel line: locale=en_US console-setup/ask_detect=false keyboard-configuration/layoutcode=en console-setup/layoutcode=en keyboard-configuration/xkb-keymap=us
[14:25] <geodb27> Thanks a lot for your answer leftyfb. I'll give it a try when my in-progress installation is done.
[14:55] <Greyztar> im wondering,is the snapd stuff useable in production?
[14:59] <blackflow> Greyztar: depends on what you expect of the "production" :)  For example, snaps auto-update, making them useless on servers in my book.
[15:00] <patdk-lap> I limit snap usage to configuration utilities, like kubectl and stuff
[15:03] <Greyztar> blackflow, im just wondering if its ment for production though in term of it being stable and not experimental and such,some time ago i wanted to migrate my own server from Ubuntu to Debian but couldnt get lxc to work so didnt bother,though using snapd now i got it working =)
[15:04] <Greyztar> i also noticed the lxc version in snapd is 3.13 and on my 18.04 server its 3.0.3
[15:05] <Greyztar> if i migrate i will miss the easy live kernel patching from Ubuntu though,thats some awsome feature
[15:13] <blackflow> Greyztar: I say use apt packages where possible, and snaps only if there's no apt package (for the version you want), and of course if the auto-update regime is okay with you.
[15:14] <blackflow> For me, snaps offer no advantage, if there's an apt package. Any "isolation" one can achieve with snaps is doable with systemd options, apparmor and other tech, which is 100% under your control.
[15:14] <blackflow> For example, I dislike that I can't customize AppArmor profile of snaps.
[15:14] <lordcirth> I thought you could?
[15:14] <blackflow> overwritten on next update
[15:15] <Greyztar> blackflow, thank you for informative answer,i really didnt know about the auto update feature im not a fan of that so have to look into it
[15:19] <lordcirth> If I want non-apt packages that I can update ahead of LTS, I use Nix
[15:24] <Greyztar> noticed my snap program still worked after disableing the snapd service itself,maybe it could work by just enabling it every now and then with cron for updates?
[15:25] <Greyztar> or maybe its a reason it auto updates and ill end up with a broken system
[15:33] <OerHeks> snapd.service is the update mechanism
[15:33] <OerHeks> snaps should work, though, without snapd.service enabled
[15:34] <Greyztar> OerHeks, nice thanks!
[15:57] <catbadger> oh so pretty specific question... I'm running a cpanm install (Apache::SSI) for mod_perl1.3, and it's asking for the location of httpd (on repeat forever)... is there some way to preload this via bash?
[16:11] <catbadger> echo "httpd location" | cpan install blah
[16:11] <catbadger> echo "httpd location" | cpan install blah -T
[16:26] <Greyztar> this snap stuff is kinda neat though,i got lxc 3.13 installed on my tiny arm router. Containervisor on 22 dollar equipment i find sweet although its really slow =)