Join us now at the IRC channel.
| <--schestowitz has quit (Quit: Konversation terminated!) | Jul 30 03:27 | |
| -->schestowitz (~roy@unaffiliated/schestowitz) has joined #techbytes | Jul 30 03:27 | |
| schestowitz | > Hi, Roy, | Jul 30 10:12 |
|---|---|---|
| schestowitz | > | Jul 30 10:12 |
| schestowitz | > Looking at the local copy of the VM, I notice that the database is | Jul 30 10:12 |
| schestowitz | > slightly misconfigured and exposed to the net: | Jul 30 10:12 |
| schestowitz | > | Jul 30 10:12 |
| schestowitz | > # netstat -ntlp | sed -n 's/ */ /g;1p;/3306/p' | Jul 30 10:12 |
| schestowitz | > Active Internet connections (only servers) | Jul 30 10:12 |
| schestowitz | > tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1534/mysqld | Jul 30 10:12 |
| schestowitz | > | Jul 30 10:12 |
| schestowitz | > I scanned both production machines and verified that it is the case in | Jul 30 10:12 |
| schestowitz | > production. These should be re-configured to listen only to localhost: | Jul 30 10:12 |
| schestowitz | > 127.0.0.1 and ::1 | Jul 30 10:12 |
| schestowitz | > | Jul 30 10:12 |
| schestowitz | > I've patched the configuration files on both servers: | Jul 30 10:12 |
| schestowitz | > | Jul 30 10:12 |
| schestowitz | > $ diff /etc/my.cnf /etc/my.cnf.old | Jul 30 10:12 |
| schestowitz | > 11,12d10 | Jul 30 10:12 |
| schestowitz | > < bind-address=127.0.0.1 | Jul 30 10:12 |
| schestowitz | > < | Jul 30 10:12 |
| schestowitz | > | Jul 30 10:12 |
| schestowitz | > But have not restarted the mysql and mariadb daemons. That remains. If | Jul 30 10:12 |
| schestowitz | > the changes are ok, you can restart mysqld and mariadbd | Jul 30 10:12 |
| schestowitz | > | Jul 30 10:12 |
| schestowitz | > Maybe it needs also ::1 for IPv6 too? | Jul 30 10:12 |
| schestowitz | > | Jul 30 10:12 |
| schestowitz | > See: | Jul 30 10:12 |
| schestowitz | > | Jul 30 10:12 |
| schestowitz | > # nmap -p 22,3306 techrights.org tuxmachines.org | Jul 30 10:12 |
| schestowitz | > | Jul 30 10:12 |
| schestowitz | > Starting Nmap 7.40 ( https://nmap.org ) at 2019-07-29 10:45 EEST | Jul 30 10:12 |
| -TechBytesBot/#techbytes-nmap.org | Nmap: the Network Mapper - Free Security Scanner | Jul 30 10:12 | |
| schestowitz | > Nmap scan report for techrights.org (199.19.78.19) | Jul 30 10:12 |
| schestowitz | > Host is up (0.18s latency). | Jul 30 10:12 |
| schestowitz | > PORT STATE SERVICE | Jul 30 10:12 |
| schestowitz | > 22/tcp open ssh | Jul 30 10:12 |
| schestowitz | > 3306/tcp open mysql | Jul 30 10:12 |
| schestowitz | > | Jul 30 10:12 |
| schestowitz | > Nmap scan report for tuxmachines.org (199.19.78.20) | Jul 30 10:12 |
| schestowitz | > Host is up (0.18s latency). | Jul 30 10:12 |
| schestowitz | > PORT STATE SERVICE | Jul 30 10:12 |
| schestowitz | > 22/tcp open ssh | Jul 30 10:12 |
| schestowitz | > 3306/tcp open mysql | Jul 30 10:13 |
| schestowitz | > | Jul 30 10:13 |
| schestowitz | > Nmap done: 2 IP addresses (2 hosts up) scanned in 1.20 seconds | Jul 30 10:13 |
| schestowitz | I guess this has posed a DDOS threat. Thankfully you noticed that; must have been this way for years. | Jul 30 10:13 |
| schestowitz | Maybe wait until the VM crashes (they will happen) for changes to take effect? | Jul 30 10:13 |
| schestowitz | MariaDB and MySQL on TR and TM | Jul 30 10:13 |
| schestowitz | >> I guess this has posed a DDOS threat. Thankfully you noticed that; must | Jul 30 10:40 |
| schestowitz | >> have been this way for years. | Jul 30 10:40 |
| schestowitz | > DDOS and potential for database-root password cracking. | Jul 30 10:40 |
| schestowitz | > | Jul 30 10:40 |
| schestowitz | >> Maybe wait until the VM crashes (they will happen) for changes to take | Jul 30 10:40 |
| schestowitz | >> effect? | Jul 30 10:40 |
| schestowitz | > Ok. Though a restart of the daemon would (should) only take a short while. | Jul 30 10:40 |
| schestowitz | Yes, but in case downtime is caused (or worse -- need to troubleshoot) it's better to chain this with unwanted, unexpected, unplanned downtime (like VM crash) :-) | Jul 30 10:40 |
| schestowitz | What do you think? | Jul 30 10:40 |
| schestowitz | >>>> I’ve only spoken to privately.” | Jul 30 10:41 |
| schestowitz | >>>> http://techrights.org/2019/07/28/the-linux-foundation-on-microsoft/#comment-325241 | Jul 30 10:41 |
| schestowitz | >>>> | Jul 30 10:41 |
| -TechBytesBot/#techbytes-techrights.org | The Linux Foundation is Totally Not Aware of Efforts to Undermine GNU/Linux | Techrights | Jul 30 10:41 | |
| schestowitz | >>>> | Jul 30 10:41 |
| schestowitz | >>>> What you you think? Should I email them? | Jul 30 10:41 |
| schestowitz | >>> I'm not sure. I agree with your reply that either Greg or Linus would | Jul 30 10:41 |
| schestowitz | >>> be reluctant to comment on their employer, albeit probably for vastly | Jul 30 10:41 |
| schestowitz | >>> different reasons. Greg for sure would be unlikely to comment, so I | Jul 30 10:41 |
| schestowitz | >>> would save him for when you need to write "contacted last week for | Jul 30 10:41 |
| schestowitz | >>> comment but as of time of publication has not responded" or something | Jul 30 10:41 |
| schestowitz | >>> like that. Linus, however, should be supported in whatever way | Jul 30 10:41 |
| schestowitz | >>> possible. While he could take his ball and go home, he has been more | Jul 30 10:41 |
| schestowitz | >>> interested on the technical aspects, where he excels. Also, changing | Jul 30 10:41 |
| schestowitz | >>> jobs at his age, with kids in college and probably a hefty mortgage, | Jul 30 10:41 |
| schestowitz | >>> would be detrimental to both him and the code base. Also, his life | Jul 30 10:41 |
| schestowitz | >>> might be on the line and more than a few consider that to be a reason he | Jul 30 10:41 |
| schestowitz | >>> has meticulously stayed out of anything non-technical. That is until | Jul 30 10:41 |
| schestowitz | >>> "they" got him with the CoC. | Jul 30 10:41 |
| schestowitz | >> I'll drop a quick line to Linus. I know he'll read it; I doubt he'll | Jul 30 10:41 |
| schestowitz | >> reply... | Jul 30 10:41 |
| schestowitz | > I also doubt he'll reply, even if he is allowed. | Jul 30 10:41 |
| schestowitz | I put some text in, even if just for him to digest and 'sleep on'. | Jul 30 10:41 |
| schestowitz | >> kaniini had pleroma downtime due to DB maintenance for about 6 hours | Jul 30 10:43 |
| schestowitz | >> this past night. Awful. | Jul 30 10:43 |
| schestowitz | > Ouch. For TR, I notice that it uses LVM so it /might/ be possible to | Jul 30 10:43 |
| schestowitz | > transfer a few GB of unused space from one partition to another. I have | Jul 30 10:43 |
| schestowitz | > heard rumors to that effect with LVM but never looked into it much since | Jul 30 10:43 |
| schestowitz | > some of the guides warn about data loss. However, a classic | Jul 30 10:43 |
| schestowitz | > backup-resize-restore might work safely. | Jul 30 10:43 |
| schestowitz | I think we can compact the DB in /var | Jul 30 10:43 |
| schestowitz | It might even be well overdue and improve performance | Jul 30 10:43 |
| schestowitz | I looked up some pages, it seems like a common issue | Jul 30 10:43 |
| schestowitz | >> Thankfully TM and TR do much better than that. Notice the sharp increase | Jul 30 10:43 |
| schestowitz | >> in TR traffic, maybe residue of weekend's volume of articles... | Jul 30 10:43 |
| schestowitz | >> | Jul 30 10:43 |
| schestowitz | >> I've begun picking up pace again like I'm back in my 20s. | Jul 30 10:43 |
| schestowitz | > Excellent. | Jul 30 10:43 |
| schestowitz | Checking email once a day and dumping Twitter, politics etc. helps. | Jul 30 10:43 |
| schestowitz | Politics clutters my mind too much to concentrate and digest/analyse FOSS stuff. | Jul 30 10:43 |
| schestowitz | [11:07] <decnet> Schest: are you online? | Jul 30 11:36 |
| <--XFaCE has quit (Ping timeout: 272 seconds) | Jul 30 12:19 | |
| -->XFaCE (XFaCE@unaffiliated/xface) has joined #techbytes | Jul 30 12:19 | |
Generated by irclog2html.py 2.6 by Marius Gedminas - find it at mg.pov.lt!