Full Disclosure mailing list archives
Re: Security Updates Without Rebooting
From: Tomasz Nidecki <tonid () hakin9 org>
Date: Tue, 8 Nov 2005 14:36:20 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 Tuesday, November 8, 2005, 2:48:28 AM, Valdis wrote:
Or, if you're able to identify "I only applied an Apache patch", you may very well be able to only restart that one service. For RedHat/Fedora systems, you'd do this with 'service httpd restart' (or replace httpd with the name of the /etc/init.d script that starts/stops the service in question). For other systems, you should be able to find a similar "stop then restart" for the specific daemon in question.
Well, if I could make a small suggestion, I never use the /etc/rc.d or /etc/init.d scripts on my servers. I have long ago switched to daemontools - http://cr.yp.to/daemontools.html [there are similar solutions for those who don't like daemontools, eg. a very similar one called runit - http://smarden.org/runit/]. There are a couple of security and ease-of-use reasons to do that: * a service such as daemontools or runit will make sure your service is running even if something causes it to fail temporarily, as it monitors the service every second and restarts it if necessary * for every service monitored all I need to do to restart it after a security update is "svc -t /service/servicename". Obviously, RPMs will not restart such services, so this is a drawback, but I find this a very good, platform-independent [eg. some distributions use the SysV scripts, some use other solutions] method to control services that also makes sure for me that the service is always running. The drawback is the fact that not all services can be run in the foreground [this is required for daemontools/runit] and that writing your own run scripts might sometimes be difficult [but the runit page contains a bunch of ready-made run scripts for most popular services]. - -- Tomasz Nidecki, Sekr. Redakcji / Managing Editor hakin9 magazine http://www.hakin9.org mailto:tonid () hakin9 org jid:tonid () tonid net Do you know what "hacker" means? http://www.catb.org/~esr/faqs/hacker-howto.html Czy wiesz, co znaczy slowo "haker"? http://www.jtz.org.pl/Inne/hacker-howto-pl.html -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUAQ3Cp10R7PdagQ735AQHllwP/Z1WjjO/dD2T8KWGJy6h1vJ4p3YTVfImE G3iXFv2mI9yrQA2TngNQsmZVvSTAhTxFRf3B9mctWZnbYbc80WA7qObt3OhzViB4 TXm/DeiJRsfIZz7+N2aUZmfZckIaRbiKpe/Gpi31bT8/qbLFYvN2vj0pxxdWOvhS B5njPTCWG7I= =5G0b -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Security Updates Without Rebooting Carlos Silva aka|Danger_Man| (Nov 07)
- Re: Security Updates Without Rebooting Stuart Low (Nov 07)
- Re: Security Updates Without Rebooting Valdis . Kletnieks (Nov 07)
- Re: Security Updates Without Rebooting Tomasz Nidecki (Nov 08)
- Re: Security Updates Without Rebooting Valdis . Kletnieks (Nov 07)
- Re: Security Updates Without Rebooting Alexander Sotirov (Nov 07)
- Re: Security Updates Without Rebooting Valdis . Kletnieks (Nov 07)
- Re: Security Updates Without Rebooting Marco Ermini (Nov 14)
- Re: Security Updates Without Rebooting Valdis . Kletnieks (Nov 07)
- Re: Security Updates Without Rebooting Joxean Koret (Nov 08)
- Re: Security Updates Without Rebooting Valdis . Kletnieks (Nov 08)
- Re: Security Updates Without Rebooting Joachim Schipper (Nov 09)
- Re: Security Updates Without Rebooting Stuart Low (Nov 07)