Re: find file changes

[cbbrowne]

On Wed, 10 Oct 2001 10:11:09 +0200, the world broke into rejoicing as
"Hermann Biller" <hb@imp.ch>  said:
> Mark.Burgess@iu.hio.no wrote:
> > 
> > On  9 Oct, Tony wrote:
> > > 
> > > Conseptually I'd like to see something like tripwire or aide like
> > > functionality integrated w/ cfengine.
> > > 
> > > So my cfengine.conf would contain something like
> > > 
> > > files:
> > > AllMachines.FileMonitor::
> > > /etc/TIMEZONE             L
> > > /etc/aliases              L
> > > /etc/auto_master  L
> > > /etc/bootparams   L
> > > /etc/bootptab             L
> > > /etc/datemsk              L
> > > /usr/bin                R-tiger-rmd160-sha1
> > > /usr/include            R-tiger-rmd160-sha1
> > > /usr/lib                R-tiger-rmd160-sha1
> > > /usr/libdata            R-tiger-rmd160-sha1
> > > /usr/libexec            R-tiger-rmd160-sha1
> > > /usr/local/bin          R-tiger-rmd160-sha1
> > > /usr/local/etc          L
> > > /usr/local/lib          R-tiger-rmd160-sha1
> > > /usr/local/libexec      R-tiger-rmd160-sha1
> > > /usr/local/sbin         R-tiger-rmd160-sha1
> > > 
> > > where L is an aide is a predefined macro for things about the file to che
ck for.
> > > 
> > 
> > 
> > I don't reall understand why folks have not understood that this
> > is all pretty much possible today and has been for some time.
> > The specific features of tripwire which do not resemble cfengine's
> > way if working are mainly omitted because I strongly feel that tripwire's
> > approach is wrong.
> > 
> > Tripwire is about binding people's time by just sending warnings.
> > Cfengine is about saving time by keeping things right. I will
> > never allow that to change. If cfengine really is missing something
> > important (i.e. not just something traditional) then I will
> > add it, but I do not add features just because other well known
> > software has them. There has to be a defensible reason.
> > 
> 
> hmm... i just try to find a solution for possible situations:
> 
> i'ld like to have something like a tripwire functionality in combination with
> a configuration engine.
> the needs are:
> - some of the systems needs a guarantee not to be changed without a formal ch
ange request
> - we want to know changes of configuration files. there might be an intruder
> - cfengine installed in an other context lead to the following problem:
>   the sun staff had installed disksuite on one of the machines. their changes
 has been
>   overwritten automatically by cfengine. it needed 2 days to resolve the cons
equences.
> 
> - also we maintain systems in different responsability. to some of the system
s
>   users have root access. for those system we want to be informed about the c
hange.
> 
> - sometimes we make manual changes for evaluation. the duty system administra
tor should
>   be aware of this. (and define the duration)
>   
> 
> so my proposal for an automated configuration will be:
> - watch the systems for alien changes
> - scripts to consolidate should be performed manually on request (cfagent -DB
aseConfig)
> 
> this does not follow the paradigmas of cfengine by 100%.

This seems to be a circumstance where you properly need to use two
quite independent sets of programs.

"watching systems for changes" just isn't similar to "evolving system
configuration towards a more correct state."

It would be entirely reasonable to use cfengine to control how
Tripwire is configured; I don't see it being sensible to try to push
the functionality of Tripwire into cfengine.
--
(concatenate 'string "cbbrowne" "@cbbrowne.com")
http://www.cbbrowne.com/info/
Rules  of the  Evil  Overlord  #183. "Before  using  any device  which
transfers  energy  directly into  my  body,  I  will install  a  surge
suppressor." <http://www.eviloverlord.com/>