On Tue, Feb 20, 2007 at 11:14:35PM -0600, Ron Johnson wrote: > On 02/20/07 17:41, Roberto C. Sanchez wrote: > > > > I too discovered checkrestart a while back. However, my experience with > > it was so disappointing, that I ended up cooking up my own script using > > lsof and the init scripts in /etc/init.d. > > Do you remember why it was disappointing? So far it has worked > great for me. > When I was on my uber-security kick, I read the "Securing Debian Manual" and tried to apply as many of the suggestions as I could to one of my servers. This included mounting /usr, /opt and /usr/local as read-only. Whenever something upgraded a shared library in /usr/lib, if the daemon(s) which had loaded that library are not restarted, then /usr fails to remount as ro because it is busy. Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature