Hey, > Can someone explain how to apply security patches on the system without > rebooting the machine? > I guess that I cant patch the kernel without compiling and rebooting the > machine, so the only way is with iptables and keeping the daemons "fresh"?
Well, if you have a customised kernel you'll probably find that your need to reboot with a new kernel becomes fairly low (Kernel level exploits are fairly rare, especially remote ones). If you've upgraded services probably the easiest way to ensure they're loaded with the latest version would be to drop the system to single user mode then bring it back up to multiuser mode (ala, init 2, init 3). Stuart _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
