| === [diablo]1 is now known as [diablo] | ||
| === Napsterbater is now known as Guest36650 | ||
| === Napsterbater_ is now known as Napsterbater | ||
| LarsErikP | coreycb: ref https://bugs.launchpad.net/cloud-archive/+bug/1866361 am I doing something wrong? I fail to find 0.27.0 in stein-proposed.. | 09:35 |
|---|---|---|
| ubottu | Launchpad bug 1866361 in Ubuntu Cloud Archive stein "[SRU] Connections to Neutron are not closed properly in v0.26.0" [Undecided,Fix committed] | 09:35 |
| coreycb | LarsErikP: thanks for letting me know. there was a build issue. I'm retrying now. | 11:59 |
| LarsErikP | coreycb: \o/ | 12:00 |
| LarsErikP | coreycb: tested now. it works :) | 14:13 |
| coreycb | LarsErikP: great, thanks. we'll get regression testing done soon on our end. can you update the bug to mention it's fixed for you? fyi it needs to remain there for min 7 days before promotion | 14:14 |
| LarsErikP | coreycb: already done :) | 14:15 |
| coreycb | LarsErikP: thanks :) | 14:15 |
| LarsErikP | thanks for handling this so quickly, and being so helpful :) I really appreciate it! | 14:16 |
| halvors | I need a hids for my ubuntu servers, seems aide is pretty minimalistic as a hids, but maybe in combination with chkrootkit and another utility that looks at logs? | 14:26 |
| halvors | Any ideas on a utility for that? | 14:26 |
| sdeziel | halvors: there is auditd that you might want to look into | 14:28 |
| sdeziel | for log monitoring I use logcheck but be ready to write a lot of regexes to silence all the unimportant noise you'll get | 14:28 |
| halvors | sdeziel: thanks | 14:45 |
| halvors | auditd vs logcheck what is the difference between them? | 15:03 |
| sdeziel | they are very different, logcheck is going over your logs and removing the noise (what matches regexes of unimportant log entries) | 15:04 |
| sdeziel | logcheck then extract the "signal" which is everything that was not silenced by the regexes of unimportant stuff | 15:04 |
| sdeziel | that signal can be noisy because the base ruleset shipped by logcheck is not very up to date which is why you will need to write a lot of regexes to build a ruleset that matches your environment | 15:05 |
| sdeziel | once done, you'll get a good signal from logcheck | 15:06 |
| halvors | what does auditd do compared to logcheck then? is it not the same? | 15:06 |
| sdeziel | logcheck runs on reboots and every hours and send you an email with the important logs that happened since the last notification | 15:07 |
| sdeziel | auditd is like a blackbox recorder of a plane | 15:07 |
| sdeziel | it can be configured to record/log every syscal ran, their args, who ran them, etc | 15:08 |
| sdeziel | this allows you to track most actions taking place on your machine | 15:08 |
| halvors | i see, so auditd is more to investigate a breach? | 15:08 |
| sdeziel | you could use it for that or also to catch anomalies | 15:09 |
| sdeziel | (logcheck is also good to catch anomalies but only when they show up in logs it checks..) | 15:09 |
| halvors | sdeziel: thanks, i have another question as well, is there a good solution for active response rules, or is this a job for fail2ban? | 15:12 |
| halvors | Are there other solutions like fail2ban that is better? | 15:12 |
| sdeziel | halvors: suricata and snort can run in IPS mode where they typically inject firewall rules whenever a condition matches | 15:13 |
| halvors | sdeziel: On the host itself not the firewall? | 15:14 |
| sdeziel | halvors: the host itself has firewalling capabilities | 15:14 |
| halvors | yes | 15:14 |
| sdeziel | a bit like what fail2ban does | 15:15 |
| halvors | thanks :) fail2ban is more to make it harder to gain access in the first place? | 15:15 |
| sdeziel | halvors: fail2ban can protect many services, which one do you want to protect in your case? | 15:16 |
| halvors | sdeziel: it's basically a task assignment at school, they recommend ossec but i like to go more into detail and provide the same functionality by using more simple but multiplie tools that is easier to understand and maintain. | 15:17 |
| sdeziel | halvors: I've heard about ossec but know very little about it so I can't make recommendations on simpler alternatives :/ | 15:20 |
| halvors | sdeziel: i see, ossec seems bloated to me (there is windows rule definitions on the linux version) | 15:20 |
| lordcirth | I have an LXC container which seems hung - lxc-ls and lxc-attach hang. No errors in dmesg. Any debugging tips? | 15:52 |
| lordcirth | 16.04 guest and host | 15:52 |
| halvors | How to exclude directories (and their subdirectories and files) from being include in aide scan? | 21:37 |
| sdeziel | halvors: IIRC, it was with a rule like that: !/path/to/my/dir | 21:45 |
| halvors | thx | 22:18 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!