On 16/02/2015 2:29 AM, David Sommerseth wrote:
>> From: "John Lauro" <[log in to unmask]>
>> To: "David Sommerseth" <[log in to unmask]>
>> Cc: "scientific-linux-users" <[log in to unmask]>, [log in to unmask]
>> Sent: 15. februar 2015 14:33:25
>> Subject: Re: systemd (again)
>>
>> Sounds just what hackers would like.  A nice web interface that 
>> doesn't even show up as a resource after it's been idle for 10
>> minutes so admins might not even realize if it's wide open...
> 
> Gee ... if you look at netstat, I'm sure you'd notice that systemd
> is listening to that port.  I'm sure any responsible sysadmin will
> always double check which ports are truly open.  In addition, there
> is firewalling which any responsible sysadmin would not ignore to
> ensure is properly configured.

netstat isn't the default way anymore... In fact, on some systems it
isn't even available anymore unless you include the net-tools package.

> The advantage is that no system resources are spent on processes
> not being actively in use.  Yes, it requires another mindset.  But
> those who depend on evaluating system security primarily based on
> the output of 'ps' does a fairly poor job.

So its xinetd? :)

I've done a little bit of work with Xen packages using SystemD - and to
be honest, it isn't *that* bad. If systemd is needed at all is a
different question - although we're just adding another wrapper layer
around an initscript that now gets called via systemd.

In the end, it doesn't do anything more functional than the old init
system did - just now that instead of throwing stuff in /etc/init.d, you
now have to write another file to then call the init script.

Web interfaces and other junk aside, systemd doesn't seem to do much in
the way of improvement - in fact, most features of priorities and
parallel start exist in sysvinit - but were never implemented properly
by distributions... So instead, we reinvent the wheel again...

-- 
Steven Haigh

Email: [log in to unmask]
Web: http://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897