[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
"Knowledge Base"
From: |
Christopher Browne |
Subject: |
"Knowledge Base" |
Date: |
Wed, 27 Sep 2000 22:51:15 -0500 |
On Sat, 23 Sep 2000 17:34:31 +0530, the world broke into rejoicing as
chetana <xchetana@india.ti.com> said:
> I am chetana, from TEXAS INSTRUMENTS, India. I needed some
> clarifications regarding the functionality
> of cfengine.
>
> Does cfengine have a knowledge-base about the Operating system's files?
> This means that, if one were to change the permissions for a system
> file, would cfengine be able to report the discrepency , without having
> the correct mode specified in the files section in the configuration
> file?
>
> I agree, this is most likely not possible , since ,if it were, it would
> have to maintain a knowledge base about many Operating systems! but this
> is just a thought... Kindly respond if there's any way to do it
> automatically..
As you suggest, this isn't something that could be _immediately_ reported
correctly, as the sets of permissions _and checksums_ will legitimately
vary from operating system to operating system.
However, it would be appropriate to accumulate checksums for files in
OS-related directories via the files facility. Thus, you might have
rules something like:
files:
/sbin checksum=md5 action=warnall recurse=inf owner=root,bin\
group=root,sys
/usr/sbin checksum=md5 action=warnall recurse=inf owner=root,bin\
group=root,sys
The _first_ time you run it, this will find _all_ the files as warnings
since they are all new; in subsequent runs, it should only locate those
files where the status has changed, and, in particular, the checksum
has changed.
You might want to start out by running a find command to locate all the
Solaris setuid files, and then build a rule that will ensure that those
are the only setuid files in future, warning of anything else that gets
setuid status.
You'll obviously need to trust that the _first_ time cfengine gets run,
everything is OK. After that, cfengine can help flag when configuration
changes.
This is exactly the same sort of thing that Tripwire does; you might
want to consult its docs as well for ideas.
--
aa454@freenet.carleton.ca - <http://www.ntlug.org/~cbbrowne/linux.html>
Would-be National Mottos:
USA: "We don't care where you come from. We can't find our *own*
country on a map..."