| lotuspsychje | "good morning" | 01:55 |
|---|---|---|
| ducasse | good morning | 06:59 |
| === popey5 is now known as popey | ||
| === ledeni__ is now known as ledeni | ||
| === sarnold_ is now known as sarnold | ||
| [VMGuy23] | Windows Sonic alternatve for ubuntu? | 19:20 |
| sarnold | what's windows sonic? | 19:21 |
| [VMGuy23] | similar to dolby atmos for headphones | 19:24 |
| [VMGuy23] | Surrounds sound I think | 19:24 |
| [VMGuy23] | *surront | 19:24 |
| Maik | [VMGuy23]: ask that exact question on Google and it'll show you altenatives if any | 19:24 |
| [VMGuy23] | *surround | 19:24 |
| [VMGuy23] | Maik: sure thing | 19:24 |
| daftykins | that'll be some audio enhancement junk, by the looks - highly doubt there'll be anything of relevance | 19:24 |
| sarnold | there's a billion pulseaudio plugins, it feels pretty plausible there'd be something | 19:25 |
| sarnold | whether or not it would actually improve your experience is another question :) | 19:25 |
| [VMGuy23] | spatial sound | 19:26 |
| === TJ_Remix is now known as TJ- | ||
| cranberry | Hi, on SUSE there's a tool called "seccheck", which, along with regular basic security, audits, allows to set autologout timers for ssh and console sessions. Is there such a tool for Ubuntu, or does one need to script it themselves? | 22:02 |
| sarnold | I haven't seen one myself, but I seem to remember seccheck fondly | 22:03 |
| cranberry | Mainly looking for the autologout timers on shell sessions in order for users not to idle into infinity in forgotten terminals. :-) | 22:03 |
| sarnold | they also had some nice mtree or something similar integration to check file and directory permissions.. | 22:03 |
| cranberry | Oh yes it does that. If I had that in Ubuntu that'd be awesome too, but the autologout is more impotant | 22:03 |
| cranberry | Heh, just when speaking of it, a SUSE system just sent me an email via seccheck, https://pasta.lysergic.dev/?fc6eda3f7abc48e1#BsU6r3ZYArYYoEYjVCH9rDEtwonwaWhbaE5bxbiMNu81 | 22:04 |
| sarnold | there's an autolog package in ubuntu, but it's probably 20-ish years since it was maintained in any way | 22:04 |
| cranberry | Hmm, do you think it'd still work? | 22:05 |
| cranberry | I guess not that much changed to tty/ssh session handling? | 22:05 |
| cranberry | This is what I find in the repo: autolog/focal 0.40+debian-3 amd64 - looks promising | 22:05 |
| sarnold | it reads wtmp, and depending upon how it was written, it might work just fine no changes needed, or it might be helplessly broken.. I don't recall when 32 bit ids were introduced.. | 22:05 |
| cranberry | Guess I'll try it out! Thank you for the tip! Have not found that in my online search | 22:06 |
| sarnold | cranberry: that's a pretty cool seccheck output :) | 22:06 |
| cranberry | I know right :-) it's relatively simple in what it does but very useful | 22:07 |
| cranberry | I struggle finding documentation about autolog.. the config looks pretty simple and I commented out some of the example groups, but I cannot figure out how to have a line apply to ALL users? I assume I could set a line= for pts/* ? :^) | 22:11 |
| cranberry | https://pasta.lysergic.dev/?ec9614323b8b7ddc#6a64CQWGgGh8xXbtqfWFANMtyf273hnZVYY6GD2kPq8m | 22:11 |
| sarnold | name=* group=* tty=* might do the trick; I don't know if a name=root idle=-1 line would still protect root in that case or not; I'd hope a specific match takes precedence over a RE-match | 22:14 |
| sarnold | err | 22:14 |
| sarnold | RE, right, name=.* group=.* tty=.* instead.. | 22:14 |
| sarnold | *sigh* line= not tty= ... 'line', wow :) | 22:14 |
| cranberry | Nice, thank you, I'll try that out! I commented out the root exempt as I don't need it.. a single global rule would be fine with me | 22:15 |
| cranberry | Heh, thank you! Will report back.. in a few minutes heh | 22:15 |
| * sarnold waits for the 'connection closed by peer' quit | 22:17 | |
| cranberry | Haha.. I'd be lying if I would say I did not disconnect while troubleshooting over Freenode before | 22:17 |
| cranberry | hm | 22:32 |
| cranberry | i got lost in chats and this other shell is still there | 22:32 |
| sarnold | hrm :( | 22:32 |
| cranberry | does your example only apply to tty sessions? | 22:33 |
| cranberry | because mine are pts | 22:33 |
| cranberry | I put this: | 22:33 |
| cranberry | name=.* group=.* line=.* idle=3 grace=300 mail | 22:33 |
| leftyfb | cranberry: https://www.tecmint.com/increase-ssh-connection-timeout/ | 22:34 |
| cranberry | leftyfb: Thanks, unfortunately I need it to apply to remote sessions which do not utilize OpenSSH | 22:35 |
| cranberry | seccheck on use works universally, console session, openssh, teleport ssh, it sort of detects "everything" | 22:36 |
| sarnold | leftyfb: I think that's a different thing, I think that's for spotting connections that have been torn down by NAT firewalls | 22:36 |
| leftyfb | What sort of remote session do you have that isn’t ssh? | 22:36 |
| cranberry | It is SSH, but your article refers specifically to OpenSSH | 22:36 |
| leftyfb | What ssh do you have on Ubuntu that isn’t openssh? | 22:37 |
| cranberry | https://goteleport.com/ | 22:37 |
| leftyfb | Funny you should mention that, I’m currently looking into that for my work | 22:37 |
| cranberry | Lol what a coincidence | 22:37 |
| cranberry | It employs a Go SSH server IIRC | 22:38 |
| leftyfb | I setup a test server and it seems to work. Next is getting one setup securely in AWS within a mesh VPN’d VPC and authenticating to maybe GitHub | 22:39 |
| cranberry | I only use local authentication, SSH and Web application access work nicely | 22:40 |
| leftyfb | Do you also have users logging in on the console through some sort of out of band BMC or serial console? | 22:40 |
| cranberry | No | 22:41 |
| leftyfb | So why not just set session timeout on openssh and teleport? | 22:41 |
| cranberry | Teleport has that? | 22:42 |
| sarnold | oh wow this thing kinda looks like kerberos glued to go | 22:42 |
| leftyfb | cranberry: I know it does since when I was testing it I was getting booted from no activity | 22:42 |
| cranberry | I gess in terms of security comparable to Kerberos, in ease of setup and maintenance comparable to setting all your passwords to 0000 | 22:42 |
| sarnold | lol | 22:43 |
| cranberry | leftyfb: Nice! I'll scan the docs | 22:43 |
| leftyfb | cranberry: they’ve got slack setup that you can join and talk to some of the devs directly | 22:43 |
| cranberry | https://goteleport.com/docs/config-reference/#teleportyaml | 22:43 |
| cranberry | found it - will try that out. it'll only be for teleport, so not as nice as seccheck, but since 99% should be teleport and I don't need to install another package that's nice | 22:44 |
| cranberry | Thank you! | 22:44 |
| cranberry | hm also it does not seem to have a grace option. but I'll see it positive and look into vim-autosaving as my next project | 22:47 |
| leftyfb | vim-autosaving? | 22:51 |
| leftyfb | I have session-agnostic history in vim, not sure if that’s helpful to you | 22:51 |
| leftyfb | I love editing a file I haven’t touched in years and going through the undo history :) | 22:52 |
| cranberry | Ohh I need to look into that | 22:55 |
| cranberry | I'm someone who generally uses vim in its default configuration - lol | 22:55 |
| leftyfb | I’m ansiblizing the hell out of all my configs to make it easy to restore configs | 23:04 |
| leftyfb | And rebuilding my servers from scratch | 23:04 |
| Ussat | leftyfb, good move | 23:04 |
| Ussat | I do that on all my servers | 23:05 |
| Ussat | I manage all my *nix and AIX servers with ansible | 23:05 |
| Ussat | good stuff | 23:05 |
| leftyfb | got any tips on Apache vhosts other than just some nasty dicts? | 23:05 |
| Ussat | nasty dicts | 23:06 |
| Ussat | sorry | 23:06 |
| Ussat | some things just dont ansible well | 23:06 |
| leftyfb | Also torn on how/if I wan to do anything with certbot or just leave that manually at the end | 23:06 |
| Ussat | I dont use certbot, so no advice there | 23:07 |
| leftyfb | no public domains or do you pay for certs like a caveman? :) | 23:07 |
| Ussat | pay for them like a major research hospital | 23:08 |
| Ussat | connected to a majpor university | 23:08 |
| leftyfb | Pssh :) | 23:09 |
| leftyfb | You would think they would have made an Apache module for ansible by now | 23:14 |
| * Ussat points to #ansible | 23:17 | |
| Ussat | https://docs.ansible.com/ansible/latest/collections/community/general/apache2_module_module.html | 23:17 |
| Ussat | https://www.bogotobogo.com/DevOps/Ansible/Ansible_SettingUp_Webservers_Apache.php | 23:18 |
| leftyfb | yeah, interested in community modules. Trying to keep it all stock | 23:18 |
| leftyfb | not* | 23:18 |
| Ussat | I agree | 23:19 |
| Ussat | but the guys in #ansible might have some thoughts | 23:19 |
| leftyfb | I’ll ask at some point. | 23:19 |
| leftyfb | They’ve helped me out with a lot | 23:20 |
| leftyfb | Got all fancy with my iptables and handlers | 23:20 |
| Ussat | Ya good folks there | 23:20 |
| leftyfb | each role like ssh, Apache, postfix, etc has their own handlers to add their own things like iptables rules and Fail2Ban jails and such | 23:21 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!