Simply put, none of my clients have terminal/shell access to the machine. I allow ftp/www/imap/pop/smtp access to the server and that's it. So I focus my attention on keeping those updated and current as well as keeping my eye open for out of date software (such as php forums/perl/cgi stuff) and help them keep them current. These don't require a reboot to keep secure.
Most kernel security issues are accessible only via shell access or an errant program. I don't allow shell access and try to protect against errant programs. A reboot risks having to travel to another state (Ok only about 1 hour drive) to fix a failed reboot. Time since I last was in the physical presence of my server: $ uptime 18:53:33 up 472 days, 53 min, 1 user, load average: 0.02, 0.05, 0.02 Time when I was last in the same state as my server: ~4 Months. Cheers, David On Tue, 2006-01-03 at 15:42 -0500, Rick DeNatale wrote: > I'm impressed. > > I'm also a bit curious. As good as a long uptime is, what do you guys > do about security updates to the kernel? Sure you can get them via > apt-get, yum, whatever, but doesn't it require a re-boot to actually > start USING a new kernel? > > -- > Rick DeNatale > > Visit the Project Mercury Wiki Site > http://www.mercuryspacecraft.com/ -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
