Date: Thu, 09 Nov 2023 19:18:53 +0800 From: Philip Paeps <philip@freebsd.org> To: Alexander Leidinger <Alexander@Leidinger.net> Cc: freebsd-arch@freebsd.org Subject: Re: Any particular reason we don't have sshd oomprotected by default? Message-ID: <5F066A40-CD1D-4D32-850E-0A85D86AE499@freebsd.org> In-Reply-To: <8b9484ba83e373ece0e322e14c924da6@Leidinger.net> References: <8b9484ba83e373ece0e322e14c924da6@Leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2023-11-09 15:54:22 (+0800), Alexander Leidinger wrote: > We have syslogd oomprotected by default (/etc/defaults/rc.conf). Is > there a particular reason we don't have sshd protected the same way? > > Any objections if I would commit such a change (sshd_oomprotect=YES in > defaults/rc.conf)? I don't have feelings about it either way. It probably makes sense to optimise for installations that don't have out of band access. > I was also thinking about which other daemon we should protect by > default, but apart from the need to make sure important logs are > written to find issues which may have caused the oom trigger, and the > need to be able to login to such a troubled system, I didn't see any > other service as such critical (we could argue about ntpd, but I send > to be on the "may be protected" (not for my use cases) and not to be > on the "has to be protected" side) to include it in this proposal. In the FreeBSD.org cluster, we set local_unbound_oomprotect="YES" too. Without DNS, everything grinds to a halt. Including SSH. Philip -- Philip Paeps Senior Reality Engineer Alternative Enterprises
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5F066A40-CD1D-4D32-850E-0A85D86AE499>