[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: find file changes
From: |
Hermann Biller |
Subject: |
Re: find file changes |
Date: |
Wed, 10 Oct 2001 11:05:56 +0200 (MES) |
Mark.Burgess@iu.hio.no wrote:
> >>
> >> I don't reall understand why folks have not understood that this
> >> is all pretty much possible today and has been for some time.
> >> The specific features of tripwire which do not resemble cfengine's
> >> way if working are mainly omitted because I strongly feel that tripwire's
> >> approach is wrong.
> >>
> >> Tripwire is about binding people's time by just sending warnings.
> >> Cfengine is about saving time by keeping things right. I will
> >> never allow that to change. If cfengine really is missing something
> >> important (i.e. not just something traditional) then I will
> >> add it, but I do not add features just because other well known
> >> software has them. There has to be a defensible reason.
> >>
> >
> > hmm... i just try to find a solution for possible situations:
> >
> > i'ld like to have something like a tripwire functionality in combination
> > with
> > a configuration engine.
> > the needs are:
> > - some of the systems needs a guarantee not to be changed without a formal
> > change request
> > - we want to know changes of configuration files. there might be an intruder
> > - cfengine installed in an other context lead to the following problem:
> > the sun staff had installed disksuite on one of the machines. their
> > changes has been
> > overwritten automatically by cfengine. it needed 2 days to resolve the
> > consequences.
>
>
> This is not cfengine's fault, it was the sunstaff's for not checking the
> policy in advance!
in fact it was my fault. in consequence i do not want to use cfengine in
a way
that configurations are done automatically (or "kept right" - see your
answer above).
>
>
> > - also we maintain systems in different responsability. to some of the
> > systems
> > users have root access. for those system we want to be informed about the
> > change.
> >
> > - sometimes we make manual changes for evaluation. the duty system
> > administrator should
> > be aware of this. (and define the duration)
> >
> >
> > so my proposal for an automated configuration will be:
> > - watch the systems for alien changes
> > - scripts to consolidate should be performed manually on request (cfagent
> > -DBaseConfig)
> >
> > this does not follow the paradigmas of cfengine by 100%.
>
>
> It certainly does. You have not mentioned a single thing which is
> not easily achievable now. I think it's back to the documentation
> for you!! And let's try to identify how it can be simplified to get
> going for start users.
i hoped to get hints from other cfengine users, already walked through this
questions.
regards, hermann
- find file changes, Hermann Biller, 2001/10/09
- Re: find file changes, Tony, 2001/10/09
- Re: find file changes, Mark . Burgess, 2001/10/09
- Re: find file changes, Tony, 2001/10/09
- Re: find file changes, Hermann Biller, 2001/10/10
- Re: find file changes, Mark . Burgess, 2001/10/10
- Re: find file changes,
Hermann Biller <=
- Re: find file changes, Adrian Phillips, 2001/10/10
- Re: find file changes, Ted Zlatanov, 2001/10/10
- Re: find file changes, Mark Rowlands, 2001/10/10
- Re: find file changes, Ronan KERYELL, 2001/10/12
- Re: find file changes, cbbrowne, 2001/10/10
- Re: find file changes, Mark . Burgess, 2001/10/10