zarin at dscn.net
Mon Jan 5 03:59:38 PST 2004
On Mon, 2004-01-05 at 01:49, Thomas Sutton wrote:
> > Did I miss anything? LOL
> Seemed pretty good to me.
> How about the system itself? Attempting to protect the system from
> errors in its own code should also be fairly important. The system can
> be as remotely secure as it wants, but if it can reach an unstable
> state, its security has almost certainly failed due to none of the
> resources it provides/manages being available.
Indeed... That would fall under unknown and other threats. The
propolice and what not that ashes is currently working on protects
against many of those common <ahem> Bugs ;)
> Robustness could include using scripts to re-spaw essential daemons in
> the event of failure and service lockup, core support for watchdog
> timers, etc.
I am using that right now - an init replacement called runit - similar
in implimentation and operation to daemon tools. Each daemon or process
is supervised, and will automatically respawn if it errors out.
Obviously it needs alot of tweaking before it is ready for mainstream
use (ie. lots of scripts, both start and stop scripts, and someone will
need to harden the code itself, and probably design a more appropriate
installation than the default)
When we get to that stage, I will work on a runit implimentation to
supervise all the daeamons properly.
Rob Day (BOFH)
More information about the hlfs-dev