I believe, we need to reboot the machine/box for a kernel update iptables is the most tool, which I use to secure the system.
On 1/3/06, David A. Cafaro <[EMAIL PROTECTED]> wrote: > > Simply put, none of my clients have terminal/shell access to the > machine. I allow ftp/www/imap/pop/smtp access to the server and that's > it. So I focus my attention on keeping those updated and current as > well as keeping my eye open for out of date software (such as php > forums/perl/cgi stuff) and help them keep them current. These don't > require a reboot to keep secure. > > Most kernel security issues are accessible only via shell access or an > errant program. I don't allow shell access and try to protect against > errant programs. > > A reboot risks having to travel to another state (Ok only about 1 hour > drive) to fix a failed reboot. > > Time since I last was in the physical presence of my server: > > $ uptime > 18:53:33 up 472 days, 53 min, 1 user, load average: 0.02, 0.05, 0.02 > > Time when I was last in the same state as my server: ~4 Months. > > Cheers, > David > > On Tue, 2006-01-03 at 15:42 -0500, Rick DeNatale wrote: > > I'm impressed. > > > > I'm also a bit curious. As good as a long uptime is, what do you guys > > do about security updates to the kernel? Sure you can get them via > > apt-get, yum, whatever, but doesn't it require a re-boot to actually > > start USING a new kernel? > > > > -- > > Rick DeNatale > > > > Visit the Project Mercury Wiki Site > > http://www.mercuryspacecraft.com/ > > -- > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
