On 02/15/2015 08:53 AM, Steven Haigh wrote:
On 16/02/2015 2:29 AM, David Sommerseth wrote:
From: "John Lauro" <john.la...@covenanteyes.com>
To: "David Sommerseth" <sl+us...@lists.topphemmelig.net>
Cc: "scientific-linux-users" <SCIENTIFIC-LINUX-USERS@fnal.gov>, kei...@kl-ic.com
Sent: 15. februar 2015 14:33:25
Subject: Re: systemd (again)
Sounds just what hackers would like. A nice web interface that
doesn't even show up as a resource after it's been idle for 10
minutes so admins might not even realize if it's wide open...
Gee ... if you look at netstat, I'm sure you'd notice that systemd
is listening to that port. I'm sure any responsible sysadmin will
always double check which ports are truly open. In addition, there
is firewalling which any responsible sysadmin would not ignore to
ensure is properly configured.
netstat isn't the default way anymore... In fact, on some systems it
isn't even available anymore unless you include the net-tools package.
? This has always been the case. Perhaps the improvement is the
reduction of dependencies that may have brought in net-tools by default
before. But this is a good thing. If you need/want net-tools (or
anything else for that matter) you install it.
The advantage is that no system resources are spent on processes
not being actively in use. Yes, it requires another mindset. But
those who depend on evaluating system security primarily based on
the output of 'ps' does a fairly poor job.
So its xinetd? :)
Yes, it replaces that as well.
I've done a little bit of work with Xen packages using SystemD - and to
be honest, it isn't *that* bad. If systemd is needed at all is a
different question - although we're just adding another wrapper layer
around an initscript that now gets called via systemd.
You're actually removing a bunch of shell scripting layers.
In the end, it doesn't do anything more functional than the old init
system did - just now that instead of throwing stuff in /etc/init.d, you
now have to write another file to then call the init script.
Web interfaces and other junk aside, systemd doesn't seem to do much in
the way of improvement - in fact, most features of priorities and
parallel start exist in sysvinit - but were never implemented properly
by distributions... So instead, we reinvent the wheel again...
It does a whole lot more that the old init system did, which an internet
search and a few minutes of reading would have made abundantly clear.
Just a couple points:
- It monitors the processes that is starts and can restart them if they die.
- It can configure the environment of the processes it starts in a
number of ways: cgroups, namespaces, etc.
- It can log the output in the journal that would have otherwise been lost.
Please people, let's do some research before just putting out our first
impressions as facts.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane or...@cora.nwra.com
Boulder, CO 80301 http://www.cora.nwra.com
