On Sat, October 20, 2018 11:09 am, Yan Li wrote:
On 10/20/18 8:37 AM, Valeri Galtsev wrote:
Oh, great, I now can see the world with your eyes! And last part about servers life cycle wise doesn't sound much different from what I do using FreeBSD and jails. The only difference is maybe in how frequently I have to reboot Linux (any flavor) due to kernel or glibc security update compared to reboot of FreeBSD.
Yup. That's indeed a problem that the Fedora kernel is moving a bit too fast for a server. Our machines sit behind a firewall, and as of I know, our students are not crazy about privilege escalation/Meltdown attacking their own servers. So we usually only reboot when there's a power outage that is longer than what our UPS could handle, which is unfortunately quite common on this campus.
I can not afford that. I do run all machines (not only multi-user servers, but single user grad. student's workstations) in an assumption that bad guys are already inside. I have never seen privilege escalation attempts on single user machines, but I've seen a couple of times such attempts on multi-user machines. Unsuccessful for several reasons, still, that was fun to observer almost in real time ;-) So, I keep running all machines in an assumption that bad guys are already inside.
Valeri
-- Yan Li _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++