From owner-freebsd-security@FreeBSD.ORG Tue Oct 11 23:05:18 2011 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 517E1106566C for ; Tue, 11 Oct 2011 23:05:18 +0000 (UTC) (envelope-from gad@FreeBSD.org) Received: from smtp8.server.rpi.edu (smtp8.server.rpi.edu [128.113.2.228]) by mx1.freebsd.org (Postfix) with ESMTP id F2FF38FC16 for ; Tue, 11 Oct 2011 23:05:16 +0000 (UTC) Received: from gilead.netel.rpi.edu (gilead.netel.rpi.edu [128.113.124.121]) by smtp8.server.rpi.edu (8.13.1/8.13.1) with ESMTP id p9BLovVV025553; Tue, 11 Oct 2011 17:50:58 -0400 Message-ID: <4E94BA41.2020907@FreeBSD.org> Date: Tue, 11 Oct 2011 17:50:57 -0400 From: Garance A Drosehn User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.9) Gecko/20100722 Eudora/3.0.4 MIME-Version: 1.0 To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= References: <201110020411.p924BPqn037383@chilled.skew.org> <86d3e4j777.fsf@ds4.des.no> In-Reply-To: <86d3e4j777.fsf@ds4.des.no> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Bayes-Prob: 0.0001 (Score 0) X-RPI-SA-Score: 1.50 (*) [Hold at 12.00] COMBINED_FROM,RATWARE_GECKO_BUILD X-CanItPRO-Stream: outgoing X-Canit-Stats-ID: Bayes signature not available X-Scanned-By: CanIt (www . roaringpenguin . com) on 128.113.2.228 Cc: Mike Brown , freebsd-security@FreeBSD.org Subject: Re: Reasonable expectations of sysadmins X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Oct 2011 23:05:18 -0000 On 10/11/11 3:52 AM, Dag-Erling Smørgrav wrote: > Mike Brown writes: > >> Also, sometimes things go haywire after a reboot, especially after extended >> uptime and updates to the kernel or core libraries, so I'm in the habit of >> only shutting down when necessary. So if I don't see "and then reboot" in an >> update procedure - and most of the time, security updates don't require it - >> then I don't do it. >> > Actually, this is an argument in favor of rebooting regularly, or at > least after every major change, so you know the server will boot > unassisted if something happens (power outage, cleaning staff tripped > over the mains cable, etc.) I once spent an entire evening coaxing a > mission-critical database server back up after a simple disk replacement > because a predecessor had performed an in-place system upgrade without > verifying that the new configuration would boot cleanly. > > DES > FWIW: If I have a production server which has been up and running for more than six months, I often reboot the machine *before* making some significant change, just to make sure the machine is still in working order before I make that change. I then make the change, and reboot again. There are times where I have discovered problems in that first reboot. (also note that in my case, most production servers which have been up for more than six months have probably been up for more than a year) -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu