Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 10 Nov 2023 10:20:39 +0000
From:      Gary Jennejohn <garyj@gmx.de>
To:        Alexander Leidinger <Alexander@Leidinger.net>
Cc:        Philip Paeps <philip@freebsd.org>, freebsd-arch@freebsd.org
Subject:   Re: Any particular reason we don't have sshd oomprotected by default?
Message-ID:  <20231110112039.214c6343@ernst.home>
In-Reply-To: <a169e4461ddabf96afc536809dff5b48@Leidinger.net>
References:  <8b9484ba83e373ece0e322e14c924da6@Leidinger.net> <5F066A40-CD1D-4D32-850E-0A85D86AE499@freebsd.org> <a169e4461ddabf96afc536809dff5b48@Leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 10 Nov 2023 10:07:30 +0100
Alexander Leidinger <Alexander@Leidinger.net> wrote:

> Am 2023-11-09 12:18, schrieb Philip Paeps:
> > On 2023-11-09 15:54:22 (+0800), Alexander Leidinger wrote:
> >> We have syslogd oomprotected by default (/etc/defaults/rc.conf). Is
> >> there a particular reason we don't have sshd protected the same way?
> >>
> >> Any objections if I would commit such a change (sshd_oomprotect=3DYES=
 in
> >> defaults/rc.conf)?
> >
> > I don't have feelings about it either way.  It probably makes sense to
> > optimise for installations that don't have out of band access.
> >
> >> I was also thinking about which other daemon we should protect by
> >> default, but apart from the need to make sure important logs are
> >> written to find issues which may have caused the oom trigger, and the
> >> need to be able to login to such a troubled system, I didn't see any
> >> other service as such critical (we could argue about ntpd, but I send
> >> to be on the "may be protected" (not for my use cases) and not to be
> >> on the "has to be protected" side) to include it in this proposal.
> >
> > In the FreeBSD.org cluster, we set local_unbound_oomprotect=3D"YES" to=
o.
> > Without DNS, everything grinds to a halt.  Including SSH.
>
> https://reviews.freebsd.org/D42544
>

Fix the typos which bcr mentions and it will be ready to commit.

=2D-
Gary Jennejohn

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20231110112039.214c6343>