[CentOS] Upstream and downstream (was Re: What are the differences between systemd and non-systemd Linux distros?)

Sat Oct 20 16:53:19 UTC 2018
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Sat, October 20, 2018 11:09 am, Yan Li wrote:
> On 10/20/18 8:37 AM, Valeri Galtsev wrote:
>> Oh, great, I now can see the world with your eyes! And last part about
>> servers life cycle wise doesn't sound much different from what I do
>> using
>> FreeBSD and jails. The only difference is maybe in how frequently I have
>> to reboot Linux (any flavor) due to kernel or glibc security update
>> compared to reboot of FreeBSD.
> Yup. That's indeed a problem that the Fedora kernel is moving a bit too
> fast for a server. Our machines sit behind a firewall, and as of I know,
> our students are not crazy about privilege escalation/Meltdown attacking
> their own servers. So we usually only reboot when there's a power outage
> that is longer than what our UPS could handle, which is unfortunately
> quite common on this campus.

I can not afford that. I do run all machines (not only multi-user servers,
but single user grad. student's workstations) in an assumption that bad
guys are already inside. I have never seen privilege escalation attempts
on single user machines, but I've seen a couple of times such attempts on
multi-user machines. Unsuccessful for several reasons, still, that was fun
to observer almost in real time ;-) So, I keep running all machines in an
assumption that bad guys are already inside.


> --
> Yan Li
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247