On Sat, October 20, 2018 11:09 am, Yan Li wrote: > On 10/20/18 8:37 AM, Valeri Galtsev wrote: >> Oh, great, I now can see the world with your eyes! And last part about >> servers life cycle wise doesn't sound much different from what I do >> using >> FreeBSD and jails. The only difference is maybe in how frequently I have >> to reboot Linux (any flavor) due to kernel or glibc security update >> compared to reboot of FreeBSD. > > Yup. That's indeed a problem that the Fedora kernel is moving a bit too > fast for a server. Our machines sit behind a firewall, and as of I know, > our students are not crazy about privilege escalation/Meltdown attacking > their own servers. So we usually only reboot when there's a power outage > that is longer than what our UPS could handle, which is unfortunately > quite common on this campus. I can not afford that. I do run all machines (not only multi-user servers, but single user grad. student's workstations) in an assumption that bad guys are already inside. I have never seen privilege escalation attempts on single user machines, but I've seen a couple of times such attempts on multi-user machines. Unsuccessful for several reasons, still, that was fun to observer almost in real time ;-) So, I keep running all machines in an assumption that bad guys are already inside. Valeri > > -- > Yan Li > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > https://lists.centos.org/mailman/listinfo/centos > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos