* hallyn 's eyes glaze over at all of the acronyms | 02:24 | |
hallyn | but the extra interesting thing is that for suse they've updated it to make exceptions for wtmp and lastlog bc - wonder of wonders - it breaks applications othewrise | 02:25 |
---|---|---|
hallyn | (https://www.tenable.com/audits/items/DISA_STIG_SLES_15_v1r9.audit:c3ab5c3bf07887659067e3d5a3c784c0) | 02:26 |
sarnold | lol | 02:29 |
sarnold | i'm *shocked* utterly *shocked* that stomping all over the place without understanding what's happening would have consequences | 02:29 |
hallyn | btw https://github.com/shadow-maint/shadow/issues/679 was the reason for my asking | 02:36 |
-ubottu:#ubuntu-security- Issue 679 in shadow-maint/shadow "Tighten /var/log/ default file permissions from 644 to 640" [Closed] | 02:36 | |
sarnold | heh, nice | 02:37 |
=== chris14_ is now known as chris14 | ||
blahdeblah | LOL, nice summary hallyn: https://github.com/shadow-maint/shadow/issues/679#issuecomment-1464284312 | 04:18 |
-ubottu:#ubuntu-security- Issue 679 in shadow-maint/shadow "Tighten /var/log/ default file permissions from 644 to 640" [Closed] | 04:18 | |
ebarretto | hallyn, they updated that on disa stig v1r7 | 08:08 |
bancroft | Hello, sorry this is a reposted question from #ubuntu. I just got a notice that apt-key is deprecated except for apt-key del. How can I get the equivalent of `apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com`? Maybe someone here has a recommended approach that would be secure? | 15:33 |
* sdeziel wishes https://wiki.debian.org/Teams/Apt/Spec/AptSign would replace GPG :) | 15:38 | |
teward | sdeziel: this assumes they ever completed it - Teams/Apt/Spec/AptSign (last modified 2021-06-22 05:33:13) | 17:34 |
teward | so maybe that spec isn't spec | 17:34 |
sdeziel | one can always dream ;) | 17:35 |
teward | sdeziel: but bancroft does make a good point there's no easy replacement mechanism to refresh keys | 17:35 |
teward | though it's not a -security question on its own it begs a few questions | 17:35 |
* teward summons sarnold for evil security things | 17:36 | |
sarnold | bancroft: there's some advice in https://blog.jak-linux.org/2021/06/20/migrating-away-apt-key/ on various replacement options | 17:59 |
* sarnold starts brewing a fresh pot of coffee for teward | 17:59 | |
hallyn | lol | 22:56 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!