On 7/12/22 12:57, Ken Hornstein wrote:
Well, the default configuration is that heartbeats are turned off, so
the general impression I would take away from that is you should only
turn on heartbeats if you have some unusual requirement.
This has to be coordinated between the client and server as many of these
setting need to be. I can add some discussion to the man page that this is
recommended.
Errr ... does it?
I certainly turned them on all of our clients but did not on turn
them on our server. Did not cause any problems. I mean, yes, I could
see that turning them on the server might be helpful, but it doesn't
seem to be required to make them work; from my reading of the code that
the server will respond to a heartbeat message whether or not they
are configured, and since connections all initiate from the clients
that's the end that has to notice the connection has dropped.
I think what Steve was referring to is the tcp_client_max_idle setting,
which has a man page item saying it needs to be higher than the
heartbeat setting on the sending side.
And yes, some additional documentation might be helpful. Like if there
was a note in the man page that said, "Enabling heartbeats is the only
way to ensure that a connection will be retried if it is lost", that
might have clued me in that heartbeats are essentially required for
reliable connectivity (I am assuming we all agree that statement is
true; as far as I can tell, even with the latest code it still is!).
This may be true, doubtful it is the intent.
LCB
--
Lenny Bruzenak
MagitekLTD
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
