> From: "John Lauro" <[log in to unmask]>
> To: "David Sommerseth" <[log in to unmask]>
> Cc: "scientific-linux-users" <[log in to unmask]>, [log in to unmask]
> Sent: 15. februar 2015 14:33:25
> Subject: Re: systemd (again)
>
> Sounds just what hackers would like.  A nice web interface that 
> doesn't even show up as a resource after it's been idle for 10
> minutes so admins might not even realize if it's wide open...

Gee ... if you look at netstat, I'm sure you'd notice that systemd
is listening to that port.  I'm sure any responsible sysadmin will
always double check which ports are truly open.  In addition, there
is firewalling which any responsible sysadmin would not ignore to
ensure is properly configured.

The advantage is that no system resources are spent on processes
not being actively in use.  Yes, it requires another mindset.  But
those who depend on evaluating system security primarily based on
the output of 'ps' does a fairly poor job.


--
kind regards,

David Sommerseth


> ----- Original Message -----
>> From: "David Sommerseth" <[log in to unmask]>
>> To: [log in to unmask]
>> Cc: "scientific-linux-users" <[log in to unmask]>
>> Sent: Sunday, February 15, 2015 7:11:52 AM
>> Subject: Re: systemd (again)
>> 
>> Cockpit is not running by default, but if you go to
>> https://$IPADDRESS_OF_SERVER:9090/ systemd starts it
>> on-the-fly (through socket activation).  In the moment it's been
>> lingering idle for approx. 10 minutes, it is shut down again.
>> So there's basically zero-footprint when it is not being used.
> > This is one of the nice things about systemd.