[01:55] "good morning" [06:59] good morning === popey5 is now known as popey === ledeni__ is now known as ledeni === sarnold_ is now known as sarnold [19:20] <[VMGuy23]> Windows Sonic alternatve for ubuntu? [19:21] what's windows sonic? [19:24] <[VMGuy23]> similar to dolby atmos for headphones [19:24] <[VMGuy23]> Surrounds sound I think [19:24] <[VMGuy23]> *surront [19:24] [VMGuy23]: ask that exact question on Google and it'll show you altenatives if any [19:24] <[VMGuy23]> *surround [19:24] <[VMGuy23]> Maik: sure thing [19:24] that'll be some audio enhancement junk, by the looks - highly doubt there'll be anything of relevance [19:25] there's a billion pulseaudio plugins, it feels pretty plausible there'd be something [19:25] whether or not it would actually improve your experience is another question :) [19:26] <[VMGuy23]> spatial sound === TJ_Remix is now known as TJ- [22:02] Hi, on SUSE there's a tool called "seccheck", which, along with regular basic security, audits, allows to set autologout timers for ssh and console sessions. Is there such a tool for Ubuntu, or does one need to script it themselves? [22:03] I haven't seen one myself, but I seem to remember seccheck fondly [22:03] Mainly looking for the autologout timers on shell sessions in order for users not to idle into infinity in forgotten terminals. :-) [22:03] they also had some nice mtree or something similar integration to check file and directory permissions.. [22:03] Oh yes it does that. If I had that in Ubuntu that'd be awesome too, but the autologout is more impotant [22:04] Heh, just when speaking of it, a SUSE system just sent me an email via seccheck, https://pasta.lysergic.dev/?fc6eda3f7abc48e1#BsU6r3ZYArYYoEYjVCH9rDEtwonwaWhbaE5bxbiMNu81 [22:04] there's an autolog package in ubuntu, but it's probably 20-ish years since it was maintained in any way [22:05] Hmm, do you think it'd still work? [22:05] I guess not that much changed to tty/ssh session handling? [22:05] This is what I find in the repo: autolog/focal 0.40+debian-3 amd64 - looks promising [22:05] it reads wtmp, and depending upon how it was written, it might work just fine no changes needed, or it might be helplessly broken.. I don't recall when 32 bit ids were introduced.. [22:06] Guess I'll try it out! Thank you for the tip! Have not found that in my online search [22:06] cranberry: that's a pretty cool seccheck output :) [22:07] I know right :-) it's relatively simple in what it does but very useful [22:11] I struggle finding documentation about autolog.. the config looks pretty simple and I commented out some of the example groups, but I cannot figure out how to have a line apply to ALL users? I assume I could set a line= for pts/* ? :^) [22:11] https://pasta.lysergic.dev/?ec9614323b8b7ddc#6a64CQWGgGh8xXbtqfWFANMtyf273hnZVYY6GD2kPq8m [22:14] name=* group=* tty=* might do the trick; I don't know if a name=root idle=-1 line would still protect root in that case or not; I'd hope a specific match takes precedence over a RE-match [22:14] err [22:14] RE, right, name=.* group=.* tty=.* instead.. [22:14] *sigh* line= not tty= ... 'line', wow :) [22:15] Nice, thank you, I'll try that out! I commented out the root exempt as I don't need it.. a single global rule would be fine with me [22:15] Heh, thank you! Will report back.. in a few minutes heh [22:17] * sarnold waits for the 'connection closed by peer' quit [22:17] Haha.. I'd be lying if I would say I did not disconnect while troubleshooting over Freenode before [22:32] hm [22:32] i got lost in chats and this other shell is still there [22:32] hrm :( [22:33] does your example only apply to tty sessions? [22:33] because mine are pts [22:33] I put this: [22:33] name=.* group=.* line=.* idle=3 grace=300 mail [22:34] cranberry: https://www.tecmint.com/increase-ssh-connection-timeout/ [22:35] leftyfb: Thanks, unfortunately I need it to apply to remote sessions which do not utilize OpenSSH [22:36] seccheck on use works universally, console session, openssh, teleport ssh, it sort of detects "everything" [22:36] leftyfb: I think that's a different thing, I think that's for spotting connections that have been torn down by NAT firewalls [22:36] What sort of remote session do you have that isn’t ssh? [22:36] It is SSH, but your article refers specifically to OpenSSH [22:37] What ssh do you have on Ubuntu that isn’t openssh? [22:37] https://goteleport.com/ [22:37] Funny you should mention that, I’m currently looking into that for my work [22:37] Lol what a coincidence [22:38] It employs a Go SSH server IIRC [22:39] I setup a test server and it seems to work. Next is getting one setup securely in AWS within a mesh VPN’d VPC and authenticating to maybe GitHub [22:40] I only use local authentication, SSH and Web application access work nicely [22:40] Do you also have users logging in on the console through some sort of out of band BMC or serial console? [22:41] No [22:41] So why not just set session timeout on openssh and teleport? [22:42] Teleport has that? [22:42] oh wow this thing kinda looks like kerberos glued to go [22:42] cranberry: I know it does since when I was testing it I was getting booted from no activity [22:42] I gess in terms of security comparable to Kerberos, in ease of setup and maintenance comparable to setting all your passwords to 0000 [22:43] lol [22:43] leftyfb: Nice! I'll scan the docs [22:43] cranberry: they’ve got slack setup that you can join and talk to some of the devs directly [22:43] https://goteleport.com/docs/config-reference/#teleportyaml [22:44] found it - will try that out. it'll only be for teleport, so not as nice as seccheck, but since 99% should be teleport and I don't need to install another package that's nice [22:44] Thank you! [22:47] hm also it does not seem to have a grace option. but I'll see it positive and look into vim-autosaving as my next project [22:51] vim-autosaving? [22:51] I have session-agnostic history in vim, not sure if that’s helpful to you [22:52] I love editing a file I haven’t touched in years and going through the undo history :) [22:55] Ohh I need to look into that [22:55] I'm someone who generally uses vim in its default configuration - lol [23:04] I’m ansiblizing the hell out of all my configs to make it easy to restore configs [23:04] And rebuilding my servers from scratch [23:04] leftyfb, good move [23:05] I do that on all my servers [23:05] I manage all my *nix and AIX servers with ansible [23:05] good stuff [23:05] got any tips on Apache vhosts other than just some nasty dicts? [23:06] nasty dicts [23:06] sorry [23:06] some things just dont ansible well [23:06] Also torn on how/if I wan to do anything with certbot or just leave that manually at the end [23:07] I dont use certbot, so no advice there [23:07] no public domains or do you pay for certs like a caveman? :) [23:08] pay for them like a major research hospital [23:08] connected to a majpor university [23:09] Pssh :) [23:14] You would think they would have made an Apache module for ansible by now [23:17] * Ussat points to #ansible [23:17] https://docs.ansible.com/ansible/latest/collections/community/general/apache2_module_module.html [23:18] https://www.bogotobogo.com/DevOps/Ansible/Ansible_SettingUp_Webservers_Apache.php [23:18] yeah, interested in community modules. Trying to keep it all stock [23:18] not* [23:19] I agree [23:19] but the guys in #ansible might have some thoughts [23:19] I’ll ask at some point. [23:20] They’ve helped me out with a lot [23:20] Got all fancy with my iptables and handlers [23:20] Ya good folks there [23:21] each role like ssh, Apache, postfix, etc has their own handlers to add their own things like iptables rules and Fail2Ban jails and such