> From: "John Lauro" <john.la...@covenanteyes.com> > To: "David Sommerseth" <sl+us...@lists.topphemmelig.net> > Cc: "scientific-linux-users" <SCIENTIFIC-LINUX-USERS@fnal.gov>, > kei...@kl-ic.com > Sent: 15. februar 2015 14:33:25 > Subject: Re: systemd (again) > > Sounds just what hackers would like. A nice web interface that > doesn't even show up as a resource after it's been idle for 10 > minutes so admins might not even realize if it's wide open...
Gee ... if you look at netstat, I'm sure you'd notice that systemd is listening to that port. I'm sure any responsible sysadmin will always double check which ports are truly open. In addition, there is firewalling which any responsible sysadmin would not ignore to ensure is properly configured. The advantage is that no system resources are spent on processes not being actively in use. Yes, it requires another mindset. But those who depend on evaluating system security primarily based on the output of 'ps' does a fairly poor job. -- kind regards, David Sommerseth > ----- Original Message ----- >> From: "David Sommerseth" <sl+us...@lists.topphemmelig.net> >> To: kei...@kl-ic.com >> Cc: "scientific-linux-users" <SCIENTIFIC-LINUX-USERS@fnal.gov> >> Sent: Sunday, February 15, 2015 7:11:52 AM >> Subject: Re: systemd (again) >> >> Cockpit is not running by default, but if you go to >> https://$IPADDRESS_OF_SERVER:9090/ systemd starts it >> on-the-fly (through socket activation). In the moment it's been >> lingering idle for approx. 10 minutes, it is shut down again. >> So there's basically zero-footprint when it is not being used. > > This is one of the nice things about systemd.
