server uptime
Tom Buskey
tom at buskey.name
Fri Mar 21 11:37:27 EDT 2008
On Thu, Mar 20, 2008 at 5:42 PM, Mark E. Mallett <mem at mv.mv.com> wrote:
> On Thu, Mar 20, 2008 at 09:46:04AM -0400, Jerry Feldman wrote:
> > On Wed, 19 Mar 2008 21:38:52 -0400
> > "Mark E. Mallett" <mem at mv.mv.com> wrote:
> >
> > > sometimes it's good to reboot a system just to make sure you can.
> >
> > That's very old school :-)
>
> But all of that is completely different from what I said. I agree that
> software can keep running without a reboot. But as I mentioned,
> sometimes a reboot will find something that you can't possibly find by
> keeping a system running. Like some of the things I listed. My point
> is that a planned reboot can help protect you from surprises that you
> might learn only from an unplanned reboot.
>
I was at one place that used OpenBSD for its firewall systems. And had
several throughout its network to isolate potential security problems (the
printers were firewalled off on thier own subnet for example). Once a week,
*all* the firewalls were rebooted. This was primarily disconnected any SSH
connections and I think it was a good thing for that environment.
FWIW, the systems almost never needed patches because only needed services &
programs were installed. No compilers, editors, shells, etc. A firewall
doesn't need email so it's not installed. If there's a hole in email, it
doesn't exist to be exploited.
While I was there a cisco vulnerability came out with network logins. We
had deleted them and could only admin/access via a serial cable from another
system. Therefore, no patch needed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20080321/bc8ccff9/attachment.html
More information about the gnhlug-discuss
mailing list