From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 95D1C139083 for ; Mon, 11 Dec 2017 22:00:27 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 70BB6E0F49; Mon, 11 Dec 2017 22:00:21 +0000 (UTC) Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E8DF5E0F2B for ; Mon, 11 Dec 2017 22:00:20 +0000 (UTC) Received: by mail-wm0-x22f.google.com with SMTP id f140so16881423wmd.2 for ; Mon, 11 Dec 2017 14:00:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=rh6ncvct1gf7GU3U/iaL1NQJH+6aSv1qzqYWTQpoNO4=; b=Qkz3pw4n/KZXrdIL+Yy9T/HsOJjH/Q9f33b1Br+ZPb4DzYnaAq8kKLmNiu60meSkFH HnpQYsaDC0KfvMCbtj3jC42ujABdCNjP9ZOxFGWsi5VJKBtXGgXFf1UZLl5f09y/DiQ3 tr4EY66+78xb9+EDb9aOA1f8EiasFkPiB5Ah2Y0glTanHY0349JBLJgAjuYDU5wOrNGO LPRnyLHdgShFx9gIRPYwPftqbDmlNaQ4Bgi46idBFZdIwiYKmxnjiuNtCky1gp0FJbJN nBYZAQ/d5DIBZVR1SFjU13O5lP3HzGCvisYPbTFR/3KqxuzL5qCYfOSVXc16wgiwujAv 54iA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=rh6ncvct1gf7GU3U/iaL1NQJH+6aSv1qzqYWTQpoNO4=; b=nDQKP0ZUgOtxYNH0G0TRaLrj2YYz57zKCuROAqUOaQeQnuSELaohJymT60IERAGSoe 9Spst1p3pzAekNwLtbfzmBISsF8vZN2k1RcEM7YJfNZKDcZ3LLq536okGEBHX+BBmbQW eRhOHDASSiRb5Komst8iNtjeKEVU99cnPXvwQiJGG5DJj6g4CyTc+PNYHhC0jqIlQSpr mLs/sv41PkB2hoxS0CqPGKSeMsQMVa4fywbCyc6E/9h/ORYWYS75gQrVLmgzW8lZXYHg B3YokS/nd1qiXXAedc006R6IxUta0YmBVXgyNa/fhAyBsVGaj0jdK9qMOgoIhBpSP4xK z6pQ== X-Gm-Message-State: AKGB3mJ/cm+Td91F8fbVjNEv9wJa5QAN0viIe3N790CuSZn8qtgj/w60 /gD/FdmRLWqYlk9CkY7lSrutJdrhfYdUXQqnWay+2Q== X-Google-Smtp-Source: ACJfBovTr7U6b04oYQT+6MozuWw+5y5/EhXunnmRTydiRAYPQBk6fostRfShxyBSotRbkYMIG2rqu2qOh9UzmI1T3DE= X-Received: by 10.28.125.85 with SMTP id y82mr1812674wmc.25.1513029619481; Mon, 11 Dec 2017 14:00:19 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.28.159.79 with HTTP; Mon, 11 Dec 2017 14:00:19 -0800 (PST) In-Reply-To: <20171211210321.GA12473@ACM> References: <6582741.F9gJHCEsXr@dell_xps> <2343494.DDJaQvByiF@dell_xps> <6cb25230-9803-2bd4-ee69-66504d0d1822@gmx.com> <5A2D04A1.6090101@youngman.org.uk> <20171210101330.GA5671@ACM> <20171211185602.7a1853c9@digimed.co.uk> <20171211210321.GA12473@ACM> From: Tom H Date: Mon, 11 Dec 2017 17:00:19 -0500 Message-ID: Subject: Re: [gentoo-user] Re: Is gnome becoming obligatory? To: Gentoo User Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: 192b1469-b187-408c-873d-2b9c42bd6072 X-Archives-Hash: b8f7619f35627ec0c511dc374d64344a On Mon, Dec 11, 2017 at 4:03 PM, Alan Mackenzie wrote: > On Mon, Dec 11, 2017 at 18:56:15 +0000, Neil Bothwick wrote: >> This may come as a surprise to some, but some things you hear on >> t'internet are not true... >> >> For example, the http server is there to allow access to logs from >> another machine without needing to grant SSH access. It is not enabled by >> default. > > OK. But it's still there taking up RAM, and (more importantly) makes a > systemd system a broader target for attacks. Whether a system has an > http server (or, for that matter, an SSH server), for whatever purpose, > should be for the system administrator to decide. I suspect this isn't > the case for systemd's http server. > > In any case, I don't want an http server on my system: I have no http to > serve. I installed sshd as one of the first things on my new system, to > facilitate the transfer of files to it (and, probably, reading logs from > it remotely). I don't use systemd on Gentoo but I assume that there's a USE flag for the http server, because, in binary distributions, this http server's in a standalone package - "systemd-journal-remote" on Ubuntu and "systemd-journal-gateway" on RHEL and clones. > I don't want a binary logging daemon either: that means having to learn > a special purpose utility to be able to read its logs, and, in general, > not being able to read that log from a remote machine. You can set "Storage=none" and "ForwardToSyslog=yes" in "/etc/systemd/journald.conf", install and enable rsyslog and you won't have binary logs when running systemd.