Uptime vs. Kernel updates (was Re: [TriLUG] Prosperous New Year)

fendy fendy bimasakti at gmail.com
Wed Jan 4 00:32:09 EST 2006


I believe,
we need to reboot the machine/box for a kernel update

iptables is the most tool, which I use to secure the system.

On 1/3/06, David A. Cafaro <dac at trilug.org> wrote:
>
> Simply put, none of my clients have terminal/shell access to the
> machine.  I allow ftp/www/imap/pop/smtp access to the server and that's
> it.  So I focus my attention on keeping those updated and current as
> well as keeping my eye open for out of date software (such as php
> forums/perl/cgi stuff) and help them keep them current.  These don't
> require a reboot to keep secure.
>
> Most kernel security issues are accessible only via shell access or an
> errant program.  I don't allow shell access and try to protect against
> errant programs.
>
> A reboot risks having to travel to another state (Ok only about 1 hour
> drive) to fix a failed reboot.
>
> Time since I last was in the physical presence of my server:
>
> $ uptime
> 18:53:33  up 472 days, 53 min,  1 user,  load average: 0.02, 0.05, 0.02
>
> Time when I was last in the same state as my server: ~4 Months.
>
> Cheers,
> David
>
> On Tue, 2006-01-03 at 15:42 -0500, Rick DeNatale wrote:
> > I'm impressed.
> >
> > I'm also a bit curious. As good as a long uptime is, what do you guys
> > do about security updates to the kernel?  Sure you can get them via
> > apt-get, yum, whatever, but doesn't it require a re-boot to actually
> > start USING a new kernel?
> >
> > --
> > Rick DeNatale
> >
> > Visit the Project Mercury Wiki Site
> > http://www.mercuryspacecraft.com/
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>



More information about the TriLUG mailing list