2

A few weeks ago Canonical started offering livepatching for kernel updates without needing to reboot the server ( http://insights.ubuntu.com/2016/10/20/live-kernel-patching-from-canonical-now-available-for-ubuntu/ ).

Assume the following scenario: You have a webserver running on Ubuntu 16.04 with livepatch and unattended-upgrades enabled. Will it be possible to let it run for like a year without an server admin logging in and still be secure against known/patched exploits? Will also all other packages be running up to date (like openssl) or will you need to manually restart certain services to have them up to date?

H. Idden
  • 121
  • 2
  • Single-host uptime is overrated. If you truly need that level of availability, you're shooting yourself in the foot by doing things this way. It's far better to build a horizontally-scalable, programmatically-deployed infrastructure, where any one host can be taken down and re-built ex nihilo without affecting your application. So, while your question may be interesting from a point of curiosity, it's not a good way to run things. – EEAA Nov 11 '16 at 23:12
  • As a thought experiment: after a year or more of upgrades and patches, how certain are you that services will come up properly upon a cold boot, or even that the server will boot at all? – EEAA Nov 11 '16 at 23:16
  • @EEAA you are right that the question is mostly out of curiosity and you shouldn't be run a server this way in critical production environment. But I have seen some small companies who installed a server (often by a poorly trained employee or an external person or the nephew of the boss) and then let it run for years unpatched (some of the ones I saw were not updated for 5+ years). So I thought it reduce the security problem and in case it would fail, they would notice it and know they need to do something about it. – H. Idden Nov 11 '16 at 23:26
  • Automated processes are never a substitute for competent management of any software system. They can help alleviate some pain points, but relying on them is folly. – EEAA Nov 11 '16 at 23:28
  • @EEAA Interestingly most updates went very flawless (they mostly didn't have complex setup, just basic stuff) except for the one where I tried to upgrade from 10.04 to 16.04 where the upgrade process broke and I then decided to just rebuild the server from new. – H. Idden Nov 11 '16 at 23:29
  • Most do, until they don't. At which point they're down until someone can manually patch things back together. Not a good place to be... – EEAA Nov 11 '16 at 23:30
  • @EEAA yes, I have come across too many places who handled it this way and they asked me to "take a glance at their servers" in exchange for a coffee or other amenities and I wouldn't professionally recommend anyone to have a non-managed internet facing server running but the reality looks different. That's why the question came into my mind and for rebuilding I expect them to have a backup anyway. – H. Idden Nov 11 '16 at 23:36

0 Answers0