Hi,

I do believe from time to time there are important updates that need you to reboot your server, but how often? I’m thinking about kernel updates, let’s say every month… What are you practices and recommendations?

  • cbarrick@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Periodic reboots are useful for a hands-off approach to security patching.

    For most use cases, all software should be restarted after it receives a security patch.

    If your threat model allows a latency of, say, 14 days between patch release and patch applied, then the simplest solution is to just enable unattended updates to install patches as soon as they are released, and then impose a 14 day uptime limit to periodically restart the patched software.

    You could always take a more hands-on approach and pay attention to which software is updated and only restart the specific services that are patched. But that’s expensive, and humans are fallible. Almost everyone, from hobbyists to enterprises, is better off with a dumb uptime limit instead.

    Of course, if you’re just a hobbyists, then your threat model may be so lax that you don’t need to bother with any of this. Just reboot when you install kernel updates.