On 16/02/2015 2:29 AM, David Sommerseth wrote: >> From: "John Lauro" <john.la...@covenanteyes.com> >> To: "David Sommerseth" <sl+us...@lists.topphemmelig.net> >> Cc: "scientific-linux-users" <SCIENTIFIC-LINUX-USERS@fnal.gov>, >> kei...@kl-ic.com >> Sent: 15. februar 2015 14:33:25 >> Subject: Re: systemd (again) >> >> Sounds just what hackers would like. A nice web interface that >> doesn't even show up as a resource after it's been idle for 10 >> minutes so admins might not even realize if it's wide open... > > Gee ... if you look at netstat, I'm sure you'd notice that systemd > is listening to that port. I'm sure any responsible sysadmin will > always double check which ports are truly open. In addition, there > is firewalling which any responsible sysadmin would not ignore to > ensure is properly configured.
netstat isn't the default way anymore... In fact, on some systems it isn't even available anymore unless you include the net-tools package. > The advantage is that no system resources are spent on processes > not being actively in use. Yes, it requires another mindset. But > those who depend on evaluating system security primarily based on > the output of 'ps' does a fairly poor job. So its xinetd? :) I've done a little bit of work with Xen packages using SystemD - and to be honest, it isn't *that* bad. If systemd is needed at all is a different question - although we're just adding another wrapper layer around an initscript that now gets called via systemd. In the end, it doesn't do anything more functional than the old init system did - just now that instead of throwing stuff in /etc/init.d, you now have to write another file to then call the init script. Web interfaces and other junk aside, systemd doesn't seem to do much in the way of improvement - in fact, most features of priorities and parallel start exist in sysvinit - but were never implemented properly by distributions... So instead, we reinvent the wheel again... -- Steven Haigh Email: net...@crc.id.au Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897
signature.asc
Description: OpenPGP digital signature