this post was submitted on 27 Oct 2024
54 points (96.6% liked)
technology
23325 readers
314 users here now
On the road to fully automated luxury gay space communism.
Spreading Linux propaganda since 2020
- Ways to run Microsoft/Adobe and more on Linux
- The Ultimate FOSS Guide For Android
- Great libre software on Windows
- Hey you, the lib still using Chrome. Read this post!
Rules:
- 1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
- 2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
- 3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
- 4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
- 5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
- 6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
- 7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If there's a serious security bug, like Heartbleed, you should totally update and reboot the service. That is basically the only "must" for staying atop things. The rest is mostly personal preference.
In my job I maintain publically exposed Linux servers, and many of them don't get rebooted for years. I think our record is about five years.
Yes, if you want your server to be theoretically the rootinest tootinest securest setup ever, you should update about every 6 hours, but even then you're just more vulnerable to repo attacks (which have happened a few times lately). Apt upgrade every month or three is probably good practice to keep on top of bugs.
So really, how frequently do you need to reboot? Eh. So long as it works, there are no critical kernel vulnerabilities, and updates are available, I really would argue you should never "have" to.
Servers are horses for courses, if you're being heavily targeted by hackers, obviously stay on top of updates, but if your server is pootling along without harassment and doesn't contain life-altering stuff if it got leaked, then don't worry too much. A standard, barely-changing, 'stable' build is usually a very secure one.
Thanks! Very informative.