The point of system-autodeath


In a previous question I found a "system autodeath cron job" which would shut down my default network route daily.

As I have never heard of such a thing before, I would like to know what it exactly it is and what purpose does it serve?

Best Answer

The goal of system-autodeath is to take a machine off the network, every day until someone does something about it.

The man page:

system-autodeath is a cron job that runs daily, checking the current time versus a configured death date for the machine. Within one week of this date the system will emit log notices to syslog.alert notifying that the system with autodie on a specific date. On the date the system will have its default route deleted. It will continue to do this everyday until someone does something about it.

Glen Turner writes in his blog why it is exciting to have:

When I saw Paul Fenwick's blog on autodie my soul leapt towards Nirvana, since I've wanted an autodie facility in Linux for a long time. Then I read the article and found it wasn't what I thought it was at all.


Linux works. So some people don't update it. There's nothing wrong with that -- unless the machine on the Internet. In that case older and unsupported machines are very vulnerable to misuse. There's a lot of those machines about. I unplugged a machine running Red Hat Linux 5.2 the other day.

I'd love for all distributions to ship with an autodeath cron job. Ship the operating system with an expected expiry date, when that date arrives delete any default route. If the vendor extends maintenance then they can update the autodeath package as part of that maintenance. Similarly for an distribution "legacy" maintenance project.

This is actually very useful if you want to enforce updates. In a maintained network (f.e. a corporate network) it might be desirable to have the ability to enforce updates, and if the system is not updated to take it off the network for security reasons. So with every update the autodeath-date is pushed into the future, if there are no updates (for whatever reason) the machine is taken off the network until a sysadmin looks at it.

The implementation in Fedora seems to be from Seth Vidal, discussed in the Fedora Development Mailing List.

[In response to James Hubbard which asked for the necessity of such a system.]

As a former sysadmin who maintained a respin on multiple linux distro releases for people who then installed systems that I did not control the above [that system get wrecked by default] is exactly the intent.

If the grad students in the lab who installed the university linux distro decide to not keep up and monitor their system I would want it to drop the default route so then, at least, it is only accessible from the local network.

There's also the original inception of the idea in the mailing list.

As a matter of fact, I'm unable to find the blog post referenced by Glen Turner, except for the autodie tool for Perl, which seems to serve a completely different purpose. I'm also unable to find out if it is something coming up from the UNIX world or is an idea born just some years ago.

Anyway, this does have it's purpose, a very limited and specialized purpose, but still a purpose. In a bug report it is made very clear the system-autodeath never was in the default installation. If this ended up on your machine, you might have installed this by accident with another package (the folks at Fedora most likely would love to know that a package depends on this), or someone else was so kind to install it for you.

Related Question