[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: find file changes
From: |
Hermann Biller |
Subject: |
Re: find file changes |
Date: |
Wed, 10 Oct 2001 10:11:09 +0200 (MES) |
Mark.Burgess@iu.hio.no wrote:
>
> On 9 Oct, Tony wrote:
> >
> > Conseptually I'd like to see something like tripwire or aide like
> > functionality integrated w/ cfengine.
> >
> > So my cfengine.conf would contain something like
> >
> > files:
> > AllMachines.FileMonitor::
> > /etc/TIMEZONE L
> > /etc/aliases L
> > /etc/auto_master L
> > /etc/bootparams L
> > /etc/bootptab L
> > /etc/datemsk L
> > /usr/bin R-tiger-rmd160-sha1
> > /usr/include R-tiger-rmd160-sha1
> > /usr/lib R-tiger-rmd160-sha1
> > /usr/libdata R-tiger-rmd160-sha1
> > /usr/libexec R-tiger-rmd160-sha1
> > /usr/local/bin R-tiger-rmd160-sha1
> > /usr/local/etc L
> > /usr/local/lib R-tiger-rmd160-sha1
> > /usr/local/libexec R-tiger-rmd160-sha1
> > /usr/local/sbin R-tiger-rmd160-sha1
> >
> > where L is an aide is a predefined macro for things about the file to check
> > for.
> >
>
>
> I don't reall understand why folks have not understood that this
> is all pretty much possible today and has been for some time.
> The specific features of tripwire which do not resemble cfengine's
> way if working are mainly omitted because I strongly feel that tripwire's
> approach is wrong.
>
> Tripwire is about binding people's time by just sending warnings.
> Cfengine is about saving time by keeping things right. I will
> never allow that to change. If cfengine really is missing something
> important (i.e. not just something traditional) then I will
> add it, but I do not add features just because other well known
> software has them. There has to be a defensible reason.
>
hmm... i just try to find a solution for possible situations:
i'ld like to have something like a tripwire functionality in combination with
a configuration engine.
the needs are:
- some of the systems needs a guarantee not to be changed without a formal
change request
- we want to know changes of configuration files. there might be an intruder
- cfengine installed in an other context lead to the following problem:
the sun staff had installed disksuite on one of the machines. their changes
has been
overwritten automatically by cfengine. it needed 2 days to resolve the
consequences.
- also we maintain systems in different responsability. to some of the systems
users have root access. for those system we want to be informed about the
change.
- sometimes we make manual changes for evaluation. the duty system
administrator should
be aware of this. (and define the duration)
so my proposal for an automated configuration will be:
- watch the systems for alien changes
- scripts to consolidate should be performed manually on request (cfagent
-DBaseConfig)
this does not follow the paradigmas of cfengine by 100%.
regards, hermann
- find file changes, Hermann Biller, 2001/10/09
- Re: find file changes, Tony, 2001/10/09
- Re: find file changes, Mark . Burgess, 2001/10/09
- Re: find file changes, Tony, 2001/10/09
- Re: find file changes,
Hermann Biller <=
- Re: find file changes, Mark . Burgess, 2001/10/10
- Re: find file changes, Hermann Biller, 2001/10/10
- Re: find file changes, Adrian Phillips, 2001/10/10
- Re: find file changes, Ted Zlatanov, 2001/10/10
- Re: find file changes, Mark Rowlands, 2001/10/10
- Re: find file changes, Ronan KERYELL, 2001/10/12
- Re: find file changes, cbbrowne, 2001/10/10
- Re: find file changes, Mark . Burgess, 2001/10/10