| Time |
Nick |
Message |
| 00:33 |
|
bshum joined #evergreen |
| 00:47 |
|
Cocopuff2018 joined #evergreen |
| 03:47 |
|
miker joined #evergreen |
| 06:01 |
pinesol |
News from qatests: Testing Success <http://testing.evergreen-ils.org/~live> |
| 07:21 |
|
rjackson_isl_hom joined #evergreen |
| 07:51 |
|
Dyrcona joined #evergreen |
| 08:29 |
|
rfrasur joined #evergreen |
| 08:37 |
|
mantis joined #evergreen |
| 08:43 |
|
mmorgan joined #evergreen |
| 09:07 |
|
collum joined #evergreen |
| 09:07 |
|
mmorgan1 joined #evergreen |
| 09:08 |
|
mmorgan2 joined #evergreen |
| 09:12 |
Dyrcona |
Someone registered a workstation with an unusual name at one of our member libraries and did some transactions with it. I can find the log entries for the workstation registration and when it was used later on the same day, so far. |
| 09:13 |
Dyrcona |
I have not been able to find the IP address that they came from because the web staff client is being used so the remote IP address isn't logged by websocketd. I just get 127.0.0.1 in the gateway logs. |
| 09:14 |
Dyrcona |
The library is concerned that someone may have gotten the password for this account, though it's looking more like someone just didn't follow the rules for workstation naming. |
| 09:15 |
Dyrcona |
If anyone has any idea how I might find the remote IP address of something that happened nearly 3 weeks ago, I'd appreciate it. |
| 09:16 |
Dyrcona |
It also looks like the workstation name was changed last week, though can't be certain it is the same workstation in actuality. The library did find the second workstation name registered on a computer in the building. |
| 09:16 |
Dyrcona |
Generic staff accounts are a bad idea. |
| 09:26 |
|
jvwoolf joined #evergreen |
| 09:31 |
|
mmorgan1 joined #evergreen |
| 09:32 |
Dyrcona |
Now, I suspect that a 3rd unusual name is associated with the same physical workstation. |
| 09:54 |
berick |
---++++++++++++++++++++++++++++ |
| 09:54 |
berick |
+++++ |
| 09:54 |
* gmcharlt |
waves to berick's cat |
| 09:57 |
jonadab |
It is incredibly easy to imagine a new library employee not getting fully trained on workstation registration, because the browsers already have workstations registered; and then Chrome randomly loses track of the entire user profile, as it is wont to do from time to time... |
| 10:00 |
berick |
gmcharlt++ |
| 10:00 |
* berick |
looks around for a cat to blame |
| 10:04 |
|
sandbergja joined #evergreen |
| 10:13 |
Dyrcona |
jonadab: True. It's not looking like stolen credentials because of the consistent usage pattern that matches what I might expect from a staff circulation workstation. |
| 10:15 |
* Dyrcona |
waves to berick |
| 10:16 |
Dyrcona |
Seems that this 1 "workstation" has had 3 different names over the past 2.5 weeks because the previous one disappears just before the new one shows up in the logs. |
| 10:37 |
csharp |
end_users-- |
| 10:39 |
Dyrcona |
Well, the library director was concerned when seeing one of the unusual workstation names in a list of circulations. It looks like something that a hacker might use. |
| 10:41 |
* Dyrcona |
wonders what's in the nginx logs. |
| 10:42 |
csharp |
h4x0r-w0rk5t4t10n |
| 10:45 |
|
Cocopuff2018 joined #evergreen |
| 10:45 |
Dyrcona |
Oh, nice. I find someone trying to exploit PHP bugs. :) |
| 10:45 |
Dyrcona |
But, that's normal. |
| 10:48 |
Dyrcona |
OK. I was able to correlate an IP address with the client by using the latest login time from yesterday to grep the nginx logs on the brick head for 'staff/login' and the timestamp, more or less. |
| 10:49 |
Dyrcona |
csharp: Not quite, but close enough. :) |
| 10:52 |
JBoyer |
"That workstation name already exists, use it anyway? |
| 10:52 |
JBoyer |
Oh noes! I'll add a 1 |
| 10:53 |
Dyrcona |
Heh. |
| 10:53 |
Dyrcona |
I'm going to see how far back my nginx logs go. I might be able to verify my suspicions about the other two workstation names and that they are all the same actual workstation. |
| 10:54 |
Dyrcona |
I'll add this about the workstation name. It looks like the caps lock key was on when it was registered because it was in reverse caps, and it was a phrase. |
| 10:56 |
jonadab |
That sounds like normal end user activity to me. |
| 10:56 |
Dyrcona |
jonadab: Yes, I think it is, but I want to make sure. |
| 10:56 |
jonadab |
Sure. |
| 10:58 |
Dyrcona |
Nginx logs on Ubuntu18 appear to go back approximately 2 weeks using the default logrotate settings, so I can check the other two workstation names using the last time that they logged in. |
| 11:05 |
Dyrcona |
Y'know what? After more poking, I don't think that correlation with the nginx logs is so accurate. |
| 11:10 |
Dyrcona |
I get widely different IP addresses using the same method, some of them private IPs on our network. If I allow a few seconds to a minute of leeway in the logs, it's impossible to link a nginx request with a specific OSRF request. |
| 11:13 |
gmcharlt |
Dyrcona: re bug 1174498, I'm giving serious consideration to reverting that for 3.7 |
| 11:13 |
pinesol |
Launchpad bug 1174498 in Evergreen "Payment by billing type breakdown" [Wishlist,Fix committed] https://launchpad.net/bugs/1174498 |
| 11:14 |
gmcharlt |
ran into a situation where money.bnm_payment had duplicate IDs, which is something that Pg table inheritance doesn't block |
| 11:14 |
gmcharlt |
and that broke the mbppt generation |
| 11:15 |
gmcharlt |
that may or may not be what you ran into for bug 1921523 |
| 11:15 |
pinesol |
Launchpad bug 1921523 in Evergreen "1257 Upgrade Can Fail With Duplicate Row" [Undecided,New] https://launchpad.net/bugs/1921523 - Assigned to Jason Stephenson (jstephenson) |
| 11:15 |
csharp |
gmcharlt: sounds like you should revert it |
| 11:16 |
gmcharlt |
but overall that upgrade doesn't seem resilient enough yet; it had been tested on a big consortium, but evidently testing got "lucky" there |
| 11:21 |
Dyrcona |
gmcharlt: I'm not sure that I have duplicate IDs in the table, but I'll check. That may be my issue. I suspect there's a different bug in the new function, though. Because the output total amount: $8.30 was 10 cents short of my totals from querying the tables separately. |
| 11:21 |
Dyrcona |
At least for the 1 transaction that I noticed. |
| 11:21 |
mmorgan1 |
Dyrcona: I see ip addresses with hits to the staff login page in ap_access logs if that helps |
| 11:22 |
gmcharlt |
Dyrcona: yeah, that does sound different |
| 11:23 |
gmcharlt |
ok, I'm going to proceed with the reversion |
| 11:24 |
Dyrcona |
FTL: I don't have duplicate ids in money.bnm_payment for this transaction. |
| 11:26 |
Dyrcona |
mmorgan: I think I run into the same issue with ap_access.log as well. We have so many logins at certain times of the day, it's impossible to tell which goes with which gateway log entry. After all, I could hit the staff login page at 8:55 am and not login until minutes or hours later. |
| 11:27 |
Dyrcona |
gmcharlt++ mmorgan++ |
| 11:27 |
jonadab |
Especially if the staff login page, is the browser's start page. |
| 11:27 |
jonadab |
Which, I know some of our staff workstations are set up that way, dunno about yours. |
| 11:29 |
* mmorgan |
nods :-( |
| 11:31 |
pinesol |
[evergreen|Galen Charlton] Revert "LP#1174498: stamp schema update" - <http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=9e9786d> |
| 11:31 |
pinesol |
[evergreen|Galen Charlton] Revert "LP#1174498: (follow-up) reformat release notes" - <http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=9b83530> |
| 11:31 |
pinesol |
[evergreen|Galen Charlton] Revert "LP1174498: Add Release Note" - <http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=47f4681> |
| 11:31 |
pinesol |
[evergreen|Galen Charlton] Revert "LP1174498: IDL changes for Payments by Billing Type" - <http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=e3cde95> |
| 11:31 |
pinesol |
[evergreen|Galen Charlton] Revert "LP1174498: Add a Payments by Billing Type Reporting View" - <http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=059bc53> |
| 11:45 |
pinesol |
[evergreen|Zavier Banks] LP1853006 TPAC: add limit to available option to item table - <http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=2de97ef> |
| 11:45 |
pinesol |
[evergreen|Michele Morgan] LP1853006 - Allow new strings to be translated - <http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=455d0bd> |
| 11:45 |
pinesol |
[evergreen|Galen Charlton] LP#1853006: add release notes entry - <http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=db0e3d5> |
| 11:55 |
|
khuckins joined #evergreen |
| 11:59 |
gmcharlt |
I have now branched rel_3_7 |
| 12:01 |
pinesol |
[evergreen|Galen Charlton] start 3.7 release notes - <http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=bda478b> |
| 12:01 |
pinesol |
[evergreen|Galen Charlton] clear out old release notes stubs - <http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=b1c72ca> |
| 13:34 |
|
alynn26 joined #evergreen |
| 13:56 |
|
sandbergja_ joined #evergreen |
| 14:03 |
|
sandbergja_ joined #evergreen |
| 14:41 |
|
Cocopuff2018 joined #evergreen |
| 15:57 |
|
mantis joined #evergreen |
| 15:57 |
|
mantis left #evergreen |
| 17:16 |
|
mmorgan left #evergreen |
| 17:23 |
|
jvwoolf left #evergreen |
| 18:01 |
pinesol |
News from qatests: Testing Success <http://testing.evergreen-ils.org/~live> |
| 18:41 |
|
tsadok joined #evergreen |
| 18:41 |
|
dluch_ joined #evergreen |
| 18:41 |
|
abneiman_ joined #evergreen |
| 18:42 |
|
Bmagic_ joined #evergreen |
| 18:42 |
|
yeats_ joined #evergreen |
| 23:38 |
|
sandbergja joined #evergreen |
