[BALUG-Admin] balug.org(/sf-lug.{org, com}) host OOM oops Re: (forw) linuxmafia.com 2017-09-30 11:02 System Events

Rick Moen rick@linuxmafia.com
Sun Oct 1 23:24:53 PDT 2017


I wrote:
 
> Incidentally, you and I should both transition from BIND9 to a better
> authoritative-only nameserver (such as NSD) and from Apache http to a
> lighter and more secure httpd (such as Lighty or nginx).

Also on the cutting block:  NTP Project ntpd, _also_ traditionally a
source of recurring security problems and notably overfeatured.  I'd
been thinking the leading alternative for my use case would be OpenBSD
Foundation's OpenNTPd, but the Red Hat-sponsored Chrony appears
surprisingly good:
https://www.coreinfrastructure.org/news/blogs/2017/09/securing-network-time

It's a pity that the security audit in question didn't include OpenNTPd.

(Implementations studied:  NTP Project ntpd, NTPSec, Chrony.  The study
notes that the NTPSec fork is still in early days, doing cleanup of NTP
Project legacy code, so current results don't necessarily predict well
what's coming.  The same can probably be said of OpenBSD Foundation's
project, likewise a fork of the reference codebase focussed on losing
legacy cruft and less-necessary features.  Chrony stands out as being a
from-scratch fresh implementaiton.)





More information about the BALUG-Admin mailing list