[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: what's your Debian uptime?



I agree with Hans. For instance, I had a sid box back in the day which was my dhcp server (an old laptop). It was behind a firewall, and not accessible from the internet. (I know, no security is 100%, but i have defense in depth.) Plus, I too had built a minimal kernel.

In any case, my record is somewhere around 700 days, just short of 2 years. Then we had a power outage that burned through the UPS and the laptop battery...



On Wed, Apr 17, 2013 at 4:43 PM, Hans-J. Ullrich <hans.ullrich@loop.de> wrote:
It is interesting. Whenever I someone is telling of big uptime, the arguiment
is:

Your server can not be secure! You have an old kernel! You MUST install/update
the newest kernel and of course reboot.

But this is not correct. For which reason a new kernel is necessary?

1. If there are extrem changes in the environment (unsupported new hardware or
major software changes)

2. Security issues

But a kernel can stay very, verry long time. On machines, where you do not
change hard or software  (i.e. new filesystems like btrfs), an old kernel will
work perfectly.

Security issues, which affect modules, but not the kernel itself, may not cause
the need of a new kernel. When people lik me and others on this list, are
using a very small kernel, with minimalistic modules, and the security issues
affect modules, which are not built nor installed, then there is no need, to
install a new kernel.

So it is wrong to conclude and to say: Hey, your uptime is high, this
concludes to an unsecure host due to an old kernel. To say so, is a big
mistake!

Just to clear things. :)

Anyway, let's have fun at hacking.

Best regards

Hans




--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] 201304172243.28312.hans.ullrich@loop.de" target="_blank">http://lists.debian.org/[🔎] 201304172243.28312.hans.ullrich@loop.de



Reply to: