Rebooting
in [Suse]
|
From: Paul J Gans on 15 Jul 2010 13:30 Because of a needed hardware change, I rebooted my server. As uptime said just before reboot: 13:47:24 up 79 days, 22:12 I'm going to miss 11.1 when its gone. The machine is my web and mail server. I use it as a programming platform and to run programs. It is hit upon with great regularity by folks trying to break in (seemingly without success) and has endured heavy loads and a good bit of overheating thanks to our recent weather in New York. I love stable systems. The last one this stable was one of the versions of 9.X. -- --- Paul J. Gans
From: David Bolt on 15 Jul 2010 15:05 On Thursday 15 Jul 2010 18:30, while playing with a tin of spray paint, Paul J Gans painted this mural: > Because of a needed hardware change, I rebooted my server. As > uptime said just before reboot: > > 13:47:24 up 79 days, 22:12 > > I'm going to miss 11.1 when its gone. I haven't yet missed a release when it's been replaced. I've been glad once or twice, 7.0, 9.2 and 10.1 being the ones that I disliked the most, but even then they weren't really that bad. > The machine is my web and mail server. I like to split mine up a bit. Mail and web servers are on different machines, and mail's going to be moving to another one in the near future. > I use it as a programming > platform and to run programs. Testing out package building, some programming, and running programs here. > It is hit upon with great regularity > by folks trying to break in (seemingly without success) My router blocks that. I only allow ssh from a very select few IP addresses, so haven't had to worry too much about break-in attempts[0]. > and has > endured heavy loads and a good bit of overheating thanks to our > recent weather in New York. > > I love stable systems. The last one this stable was one of the > versions of 9.X. Unfortunately, I don't have the uptime recorded for my last 10.3 system[1], but it was running my web server and svn repository up until a week or two ago when I finally swapped it over to one running 11.1, and hadn't been rebooted for over six months. As for stable systems, I have a couple of machines have up-times of over 200 days: davjam(a)lion:~> uptime ; cat /etc/SuSE-release 7:53pm up 282 days 4:49, 8 users, load average: 1.00, 1.00, 1.00 openSUSE 11.1 (ppc) VERSION = 11.1 davjam(a)thargon:~> uptime ; cat /etc/SuSE-release 7:51pm up 446 days 5:26, 2 users, load average: 1.15, 1.04, 1.01 SuSE Linux 9.1 (i586) VERSION = 9.1 My others are all below 60 days, purely because I've shut them down to clean out the dust bunnies, topped up water cooling systems and, with some of them, made some hardware changes. [0] Yes, I know ssh isn't the only route in, but I do try to make sure that I have other possible avenues blocked. [1] Later on, I'll be mirroring the 11.3 repo and then updating it, and a couple of other machines to 11.3. Then it can go back to hosting the web server again. Regards, David Bolt -- Team Acorn: www.distributed.net | | openSUSE 11.3RC2 32b | openSUSE 11.1 64b | openSUSE 11.2 64b | | openSUSE 11.1 PPC | TOS 4.02 | RISC OS 4.02 | RISC OS 3.11
From: Paul J Gans on 15 Jul 2010 20:41 David Bolt <blacklist-me(a)davjam.org> wrote: >On Thursday 15 Jul 2010 18:30, while playing with a tin of spray paint, >Paul J Gans painted this mural: >> Because of a needed hardware change, I rebooted my server. As >> uptime said just before reboot: >> >> 13:47:24 up 79 days, 22:12 >> >> I'm going to miss 11.1 when its gone. >I haven't yet missed a release when it's been replaced. I've been glad >once or twice, 7.0, 9.2 and 10.1 being the ones that I disliked the >most, but even then they weren't really that bad. >> The machine is my web and mail server. >I like to split mine up a bit. Mail and web servers are on different >machines, and mail's going to be moving to another one in the near >future. >> I use it as a programming >> platform and to run programs. >Testing out package building, some programming, and running programs >here. >> It is hit upon with great regularity >> by folks trying to break in (seemingly without success) >My router blocks that. I only allow ssh from a very select few IP >addresses, so haven't had to worry too much about break-in attempts[0]. >> and has >> endured heavy loads and a good bit of overheating thanks to our >> recent weather in New York. >> >> I love stable systems. The last one this stable was one of the >> versions of 9.X. >Unfortunately, I don't have the uptime recorded for my last 10.3 >system[1], but it was running my web server and svn repository up until >a week or two ago when I finally swapped it over to one running 11.1, >and hadn't been rebooted for over six months. As for stable systems, I >have a couple of machines have up-times of over 200 days: >davjam(a)lion:~> uptime ; cat /etc/SuSE-release > 7:53pm up 282 days 4:49, 8 users, load average: 1.00, 1.00, 1.00 >openSUSE 11.1 (ppc) >VERSION = 11.1 >davjam(a)thargon:~> uptime ; cat /etc/SuSE-release > 7:51pm up 446 days 5:26, 2 users, load average: 1.15, 1.04, 1.01 >SuSE Linux 9.1 (i586) >VERSION = 9.1 >My others are all below 60 days, purely because I've shut them down to >clean out the dust bunnies, topped up water cooling systems and, with >some of them, made some hardware changes. >[0] Yes, I know ssh isn't the only route in, but I do try to make sure >that I have other possible avenues blocked. >[1] Later on, I'll be mirroring the 11.3 repo and then updating it, and >a couple of other machines to 11.3. Then it can go back to hosting the >web server again. >Regards, > David Bolt I had an early system that ran for somewhat over 200 days. Kernel patches make that difficult these days. I'm gearing up to have a second machine devoted to testing, compiling, etc., so that I can play at bit as well. -- --- Paul J. Gans
From: Vahis on 16 Jul 2010 06:44 On 2010-07-16, houghi <houghi(a)houghi.org.invalid> wrote: > David Bolt wrote: >> I like to split mine up a bit. Mail and web servers are on different >> machines, and mail's going to be moving to another one in the near >> future. > > I used to have multiple as well and then I thought "Why?". For the load > I am able to put on them there is really no reason to have different > machines. So now I have one that does everything and a portable. > I also came to that same conclusion a couple of years ago, soon after assembling my current quad core with 8 GB RAM. I have normally all servers + desktop running, and most of the time also three virtual machines running this and that :) >> Testing out package building, some programming, and running programs >> here. > > Hey, I also run programs on my PC. :-D > >> My router blocks that. I only allow ssh from a very select few IP >> addresses, so haven't had to worry too much about break-in attempts[0]. > > I also do not worry about SSH break in attempts. SSH is secure. I just > use BlockHosts to keep my logfiles clean. Same here. I don't restrict any addresses since my mobile things have different ones all the time, a Communicator and an EeePC. > Vahis -- http://waxborg.servepics.com openSUSE 11.3 (x86_64) 2.6.34-12-desktop 13:32pm up 3 days 15:09, 5 users, load average: 0.00, 0.00, 0.00
From: Moe Trin on 16 Jul 2010 23:01
On Fri, 16 Jul 2010, in the Usenet newsgroup alt.os.linux.suse, in article <20100716133254(a)usenet.waxborg.local>, Vahis wrote: >houghi <houghi(a)houghi.org.invalid> wrote: >> David Bolt wrote: >>> My router blocks that. I only allow ssh from a very select few IP >>> addresses, so haven't had to worry too much about break-in >>> attempts[0]. >> I also do not worry about SSH break in attempts. SSH is secure. I >> just use BlockHosts to keep my logfiles clean. Is anyone maintaining that Self-Denial-Of-Service tool? Last I looked it hadn't been revised since 2008. But then the other similar log readers ('blocksshd' last revised 2008, 'DenyHosts' last revised 2006 and 'fail2ban' last revised 09/2009) aren't any better. >Same here. Hope you are using 'sane' expire times. A system with several hundred individual host block rules - either in the firewall or libwrap - isn't going to be the fastest thing in town. A ten minute block is usually more than enough to discourage 'bots and skript kiddieZ. >I don't restrict any addresses since my mobile things have different >ones all the time, a Communicator and an EeePC. As of last night, there were 3106150536 IPv4 addresses allocated or assigned world wide (out of 3706452992 addresses not reserved by RFC5735. Are your systems really seeing that wide a selection? Or by using http://www.iana.org/assignments/ipv4-address-space.xml you may see how to narrow things down a bit. I tend to agree with David and only allow 1530 IPv4 addresses (2 /24s and a /22). When I travel, and have to allow connections from addresses not known in advance, a simple port knocking technique acts as an _additional_ block (still need the "regular" authentication scheme _after_ the port knock tells the server to unblock the firewall for "this" address for a minute). Old guy |