Re: Any particular reason we don't have sshd oomprotected by default?
Date: Fri, 10 Nov 2023 09:07:30 UTC
Am 2023-11-09 12:18, schrieb Philip Paeps: > On 2023-11-09 15:54:22 (+0800), Alexander Leidinger wrote: >> We have syslogd oomprotected by default (/etc/defaults/rc.conf). Is >> there a particular reason we don't have sshd protected the same way? >> >> Any objections if I would commit such a change (sshd_oomprotect=YES in >> defaults/rc.conf)? > > I don't have feelings about it either way. It probably makes sense to > optimise for installations that don't have out of band access. > >> I was also thinking about which other daemon we should protect by >> default, but apart from the need to make sure important logs are >> written to find issues which may have caused the oom trigger, and the >> need to be able to login to such a troubled system, I didn't see any >> other service as such critical (we could argue about ntpd, but I send >> to be on the "may be protected" (not for my use cases) and not to be >> on the "has to be protected" side) to include it in this proposal. > > In the FreeBSD.org cluster, we set local_unbound_oomprotect="YES" too. > Without DNS, everything grinds to a halt. Including SSH. https://reviews.freebsd.org/D42544 Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF