[00:15] Does anyone know what the tool the installer uses to pull ssh keys from github/launchpad and if there is any way to set it to run regularly? [00:16] ssh-import-id [00:17] you can use it in a cronjob or script or something similar if you wish; there's no default tool to do so, that I know of [00:34] @sarnold Thank you. [00:44] karlthane: you're welcome :) === ezra is now known as nicekiwi [06:56] hey [06:57] my server rebooted yesterday evening. Any tips where to look for the issue? [06:57] elaborate here heller, like server version and services running [07:00] ubuntu 18.04 and running only zabbix serer [07:00] virtualized at an external provider [07:01] https://pastebin.com/KRDbU7Pn [07:02] thats kern.log when it rebooted [07:03] U-U havent done any upgrades for few days at least [07:06] syslog https://pastebin.com/JPiL0LpL [07:07] syslog.1 https://pastebin.com/mgB7cJar [07:08] does zabbix has a log? find / -name 'zabbix_server.log' or something like that [07:09] maybe /var/log/zabbix/ .. [07:11] yeah looking, but there's not much info about the system status [07:11] maybe the host .. [07:11] heller_: maybe take a look at your auth logs aswell for intrusion [07:13] hey wait a minute [07:13] https://pastebin.com/FpzCeHqD [07:13] what does that mean [07:14] heller_: how are you protecting your ports/ services? [07:15] you had visitors :-D [07:15] heller_: can you nmap -PN -sV your external ip to see whats exposed to the outside? [07:15] it is exposed quite alot [07:15] but i dont see anyone getting in? [07:15] nowadays they try just once, with a botnet, so fail2ban is useless. [07:15] restrict access to your ip maybe? [07:15] i could do that yes [07:16] but i still dont see anyone getting in? [07:16] just curious about the power button event [07:16] heller_: its not because logs doesnt show, that nobody can enter [07:16] heller_: you never know what kind of exploits are used when exposed [07:16] hmm [07:17] heller_: it might be not your case, but better assume its possible [07:21] got ufw running now [07:21] heller_: if you check your open ports with nmap, thats the way attackers will find your ports & services [07:21] Yeah i did check that, ssh and http + zabbix related are open [07:21] heller_: for the attacker, everything open will get auto scanned these days [07:21] they find your weak spot, and they get in [07:22] Sure, but this issue was worse earlier [07:22] howso? [07:22] it rebooted like every second day. i asked the hosting company to move this vm to another host and then it stayed up for at least a week [07:23] !info lynis | heller_ [07:23] heller_: lynis (source: lynis): security auditing tool for Unix based systems. In component universe, is optional. Version 2.6.2-1 (bionic), package size 179 kB, installed size 1353 kB [07:23] heller_: id suggest a full check of your server, perhaps also bandwith monitor to see whats going in/out [07:29] Nothing special on bw graphs [07:29] hmm [07:45] Well lynis did not find anything ground breaking [07:45] So the digging continues [08:10] Good morning === mIk3_09 is now known as mIk3_08 === Wryhder is now known as Lucas_Gray [11:17] when creating a tar backup of a folder, does the command 'tar -cf /cifs-mount/backup.tar /folder' create the tar backup in the local machine and then move it to the cifs mount or does it create the file and add to it in the cifs mount? [11:18] I have a 70GB dir that needs backup and don't have space for that in the local machine [11:25] I'd expect it writes directly to the `/cifs-mount/backup.tar` file. You could test this with strace and a small test setup. [11:26] yeah, thats what I expect also, thanks for the suggestion of test, will do that :-) [11:34] yup, writes directly to cifs mount [13:19] trying to configure sendmail with non tls should i use `A p y' ? === Wryhder is now known as Lucas_Gray [14:42] hi, i've just configured netplan with an extremely simple bridge, and it's causing my boot to hang for about 60 seconds on the network start job, would anyone be able to suggest why? https://paste.ubuntu.com/p/s92svp72qr/ [14:42] in fact it's 120 seconds [14:44] catphish: why do you need the quotes around the nameservers ip? [14:44] not saying it's related, it just jumped out [14:44] i don't know, ask the ubuntu installer :) [14:45] interesting [14:45] (i only added the bridge) [14:45] catphish: I think you are missing interfaces for the bridge, i.e., which interface(s) are part of it [14:45] see the bridge example at https://netplan.io/examples [14:46] i am indeed, there are no interfaces in it [14:46] do you think it could be waiting for interfaces to join it for some reason? [14:47] to clarify, this is not an error, there should be no interfaces in the bridge [14:47] Is it waiting for DHCP on the bridge? [14:48] i could try manually disabling it, i assumed that would be the default since IPs are specified [14:48] That would be my assumption too [14:48] I only mention it because it's fairly common for cloud-init to hang waiting on a NIC to appear if it can't find a network. [14:49] i'm just trying an explicit dhcp disablement and explicit empty interfaces list [14:49] no change :( [14:49] Anything in the logs after the hang? [14:50] cloud-init logs specifially [14:50] i'll have a look once it's booted again [14:50] could it be waiting for ipv6? there's no RA on this network [14:51] without the bridge, does it hang too? [14:51] i was just wondering the same [14:54] what version of netplan? [14:54] no problem with the bridge removed [14:55] it's definitely the bridge, for sure [14:55] looks that way [14:55] maybe you just need "optional: true" under it, to pacify networkd-wait-online at boot [14:56] but the real question is whether the bridge is up and has an IP address after boot. [14:56] isn't there a way to check what netplan ended up rendering for networkd? In /run/ after boot? [14:56] thinking about it, a bridge with no interfaces appears as DOWN iirc [14:56] so if netplan is waiting for that, it will time out [14:57] and after those 120s, what does it look like in the booted system? [14:57] is it up with that ip? [14:57] just rebooted with it re-enabled, but "optional", works perfectly [14:58] bridge comes up with correct IP, no delay [14:58] and UP or DOWN? [14:58] but, as i suspected... "br0: mtu 1500 qdisc noqueue state DOWN group default qlen 1000" [14:58] DOWN [14:58] and no members? [14:58] correct [14:59] (which is what i want) [15:01] looks happy now, i have no doubt it'll come up as it should once members are added by my lxc setup [15:02] makes perfect sense that netplan would have been waiting for that UP status [15:02] thanks all! [15:10] yeah, that's a "fun" part of *-wait-online scripts [15:27] it probably didn't help that addresses: [10.4.16.0/24 ] is clearly an mistake :) [16:31] i can't received mails [16:49] is this a bug report, a support request, or a social media status? === slashsbin1 is now known as slashsbin [20:02] lo folks -- with ubuntu-server, normally with many of the distros, if you set the ifnames=0 at the boot opts, it will retain that even during the installation so that you dont have to set the ifnames after.... does this not work in ubuntu? === slashsbin1 is now known as slashsbin [21:04] mmercer: isn't it net.ifnames=0? [21:04] https://lists.ubuntu.com/archives/ubuntu-devel/2015-May/038761.html has some background === slashsbin1 is now known as slashsbin