[01:55] <lotuspsychje> "good morning"
[06:59] <ducasse> good morning
[19:20] <[VMGuy23]> Windows Sonic alternatve for ubuntu?
[19:21] <sarnold> what's windows sonic?
[19:24] <[VMGuy23]> similar to dolby atmos for headphones
[19:24] <[VMGuy23]> Surrounds sound I think
[19:24] <[VMGuy23]> *surront
[19:24] <Maik> [VMGuy23]: ask that exact question on Google and it'll show you altenatives if any
[19:24] <[VMGuy23]> *surround
[19:24] <[VMGuy23]> Maik: sure thing
[19:24] <daftykins> that'll be some audio enhancement junk, by the looks - highly doubt there'll be anything of relevance
[19:25] <sarnold> there's a billion pulseaudio plugins, it feels pretty plausible there'd be something
[19:25] <sarnold> whether or not it would actually improve your experience is another question :)
[19:26] <[VMGuy23]> spatial sound
[22:02] <cranberry> Hi, on SUSE there's a tool called "seccheck", which, along with regular basic security, audits, allows to set autologout timers for ssh and console sessions. Is there such a tool for Ubuntu, or does one need to script it themselves?
[22:03] <sarnold> I haven't seen one myself, but I seem to remember seccheck fondly
[22:03] <cranberry> Mainly looking for the autologout timers on shell sessions in order for users not to idle into infinity in forgotten terminals. :-)
[22:03] <sarnold> they also had some nice mtree or something similar integration to check file and directory permissions..
[22:03] <cranberry> Oh yes it does that. If I had that in Ubuntu that'd be awesome too, but the autologout is more impotant
[22:04] <cranberry> Heh, just when speaking of it, a SUSE system just sent me an email via seccheck, https://pasta.lysergic.dev/?fc6eda3f7abc48e1#BsU6r3ZYArYYoEYjVCH9rDEtwonwaWhbaE5bxbiMNu81
[22:04] <sarnold> there's an autolog package in ubuntu, but it's probably 20-ish years since it was maintained in any way
[22:05] <cranberry> Hmm, do you think it'd still work?
[22:05] <cranberry> I guess not that much changed to tty/ssh session handling?
[22:05] <cranberry> This is what I find in the repo: autolog/focal 0.40+debian-3 amd64 - looks promising
[22:05] <sarnold> it reads wtmp, and depending upon how it was written, it might work just fine no changes needed, or it might be helplessly broken.. I don't recall when 32 bit ids were introduced..
[22:06] <cranberry> Guess I'll try it out! Thank you for the tip! Have not found that in my online search
[22:06] <sarnold> cranberry: that's a pretty cool seccheck output :)
[22:07] <cranberry> I know right :-) it's relatively simple in what it does but very useful
[22:11] <cranberry> I struggle finding documentation about autolog.. the config looks pretty simple and I commented out some of the example groups, but I cannot figure out how to have a line apply to ALL users? I assume I could set a line= for pts/* ? :^)
[22:11] <cranberry> https://pasta.lysergic.dev/?ec9614323b8b7ddc#6a64CQWGgGh8xXbtqfWFANMtyf273hnZVYY6GD2kPq8m
[22:14] <sarnold> name=* group=* tty=* might do the trick; I don't know if a name=root idle=-1 line would still protect root in that case or not; I'd hope a specific match takes precedence over a RE-match
[22:14] <sarnold> err
[22:14] <sarnold> RE, right, name=.* group=.* tty=.* instead..
[22:14] <sarnold> *sigh* line= not tty= ... 'line', wow :)
[22:15] <cranberry> Nice, thank you, I'll try that out! I commented out the root exempt as I don't need it.. a single global rule would be fine with me
[22:15] <cranberry> Heh, thank you! Will report back.. in a few minutes heh
[22:17]  * sarnold waits for the 'connection closed by peer' quit
[22:17] <cranberry> Haha.. I'd be lying if I would say I did not disconnect while troubleshooting over Freenode before
[22:32] <cranberry> hm
[22:32] <cranberry> i got lost in chats and this other shell is still there
[22:32] <sarnold> hrm :(
[22:33] <cranberry> does your example only apply to tty sessions?
[22:33] <cranberry> because mine are pts
[22:33] <cranberry> I put this:
[22:33] <cranberry> name=.* group=.* line=.* idle=3 grace=300 mail
[22:34] <leftyfb> cranberry: https://www.tecmint.com/increase-ssh-connection-timeout/
[22:35] <cranberry> leftyfb: Thanks, unfortunately I need it to apply to remote sessions which do not utilize OpenSSH
[22:36] <cranberry> seccheck on use works universally, console session, openssh, teleport ssh, it sort of detects "everything"
[22:36] <sarnold> leftyfb: I think that's a different thing, I think that's for spotting connections that have been torn down by NAT firewalls
[22:36] <leftyfb> What sort of remote session do you have that isn’t ssh?
[22:36] <cranberry> It is SSH, but your article refers specifically to OpenSSH
[22:37] <leftyfb> What ssh do you have on Ubuntu that isn’t openssh?
[22:37] <cranberry> https://goteleport.com/
[22:37] <leftyfb> Funny you should mention that, I’m currently looking into that for my work
[22:37] <cranberry> Lol what a coincidence
[22:38] <cranberry> It employs a Go SSH server IIRC
[22:39] <leftyfb> I setup a test server and it seems to work. Next is getting one setup securely in AWS within a mesh VPN’d VPC and authenticating to maybe GitHub
[22:40] <cranberry> I only use local authentication, SSH and Web application access work nicely
[22:40] <leftyfb> Do you also have users logging in on the console through some sort of out of band BMC or serial console?
[22:41] <cranberry> No
[22:41] <leftyfb> So why not just set session timeout on openssh and teleport?
[22:42] <cranberry> Teleport has that?
[22:42] <sarnold> oh wow this thing kinda looks like kerberos glued to go
[22:42] <leftyfb> cranberry: I know it does since when I was testing it I was getting booted from no activity
[22:42] <cranberry> I gess in terms of security comparable to Kerberos, in ease of setup and maintenance comparable to setting all your passwords to 0000
[22:43] <sarnold> lol
[22:43] <cranberry> leftyfb: Nice! I'll scan the docs
[22:43] <leftyfb> cranberry: they’ve got slack setup that you can join and talk to some of the devs directly
[22:43] <cranberry> https://goteleport.com/docs/config-reference/#teleportyaml
[22:44] <cranberry> found it - will try that out. it'll only be for teleport, so not as nice as seccheck, but since 99% should be teleport and I don't need to install another package that's nice
[22:44] <cranberry> Thank you!
[22:47] <cranberry> hm also it does not seem to have a grace option. but I'll see it positive and look into vim-autosaving as my next project
[22:51] <leftyfb> vim-autosaving?
[22:51] <leftyfb> I have session-agnostic history in vim, not sure if that’s helpful to you
[22:52] <leftyfb> I love editing a file I haven’t touched in years and going through the undo history :)
[22:55] <cranberry> Ohh I need to look into that
[22:55] <cranberry> I'm someone who generally uses vim in its default configuration - lol
[23:04] <leftyfb> I’m ansiblizing the hell out of all my configs to make it easy to restore configs
[23:04] <leftyfb> And rebuilding my servers from scratch
[23:04] <Ussat> leftyfb, good move
[23:05] <Ussat> I do that on all my servers
[23:05] <Ussat> I manage all my *nix and AIX servers with ansible
[23:05] <Ussat> good stuff
[23:05] <leftyfb> got any tips on Apache vhosts other than just some nasty dicts?
[23:06] <Ussat> nasty dicts
[23:06] <Ussat> sorry
[23:06] <Ussat> some things just dont ansible well
[23:06] <leftyfb> Also torn on how/if I wan to do anything with certbot or just leave that manually at the end
[23:07] <Ussat> I dont use certbot, so no advice there
[23:07] <leftyfb> no public domains or do you pay for certs like a caveman? :)
[23:08] <Ussat> pay for them like a major research hospital
[23:08] <Ussat> connected to a majpor university
[23:09] <leftyfb> Pssh :)
[23:14] <leftyfb> You would think they would have made an Apache module for ansible by now
[23:17]  * Ussat points to #ansible
[23:17] <Ussat> https://docs.ansible.com/ansible/latest/collections/community/general/apache2_module_module.html
[23:18] <Ussat> https://www.bogotobogo.com/DevOps/Ansible/Ansible_SettingUp_Webservers_Apache.php
[23:18] <leftyfb> yeah,  interested in community modules. Trying to keep it all stock
[23:18] <leftyfb> not*
[23:19] <Ussat> I agree
[23:19] <Ussat> but the guys in #ansible might have some thoughts
[23:19] <leftyfb> I’ll ask at some point.
[23:20] <leftyfb> They’ve helped me out with a lot
[23:20] <leftyfb> Got all fancy with my iptables and handlers
[23:20] <Ussat> Ya good folks there
[23:21] <leftyfb> each role like ssh, Apache, postfix, etc has their own handlers to add their own things like iptables rules and Fail2Ban jails and such