Re: Any particular reason we don't have sshd oomprotected by default?

Reply: Alexander Leidinger : "Re: Any particular reason we don't have sshd oomprotected by default?"
In reply to: Alexander Leidinger : "Re: Any particular reason we don't have sshd oomprotected by default?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Gary Jennejohn <garyj_at_gmx.de>
Date: Fri, 10 Nov 2023 10:20:39 UTC

On Fri, 10 Nov 2023 10:07:30 +0100
Alexander Leidinger <Alexander@Leidinger.net> wrote:

> Am 2023-11-09 12:18, schrieb Philip Paeps:
> > On 2023-11-09 15:54:22 (+0800), Alexander Leidinger wrote:
> >> We have syslogd oomprotected by default (/etc/defaults/rc.conf). Is
> >> there a particular reason we don't have sshd protected the same way?
> >>
> >> Any objections if I would commit such a change (sshd_oomprotect=YES in
> >> defaults/rc.conf)?
> >
> > I don't have feelings about it either way.  It probably makes sense to
> > optimise for installations that don't have out of band access.
> >
> >> I was also thinking about which other daemon we should protect by
> >> default, but apart from the need to make sure important logs are
> >> written to find issues which may have caused the oom trigger, and the
> >> need to be able to login to such a troubled system, I didn't see any
> >> other service as such critical (we could argue about ntpd, but I send
> >> to be on the "may be protected" (not for my use cases) and not to be
> >> on the "has to be protected" side) to include it in this proposal.
> >
> > In the FreeBSD.org cluster, we set local_unbound_oomprotect="YES" too.
> > Without DNS, everything grinds to a halt.  Including SSH.
>
> https://reviews.freebsd.org/D42544
>

Fix the typos which bcr mentions and it will be ready to commit.

--
Gary Jennejohn