[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
checksum hashes in CFengine
From: |
Pe5kyTac0 |
Subject: |
checksum hashes in CFengine |
Date: |
Tue, 01 Feb 2005 21:51:22 -0800 |
User-agent: |
Mozilla Thunderbird 1.0 (Windows/20041206) |
Hi All
I have a basic working configuration. But to make it better I would like
to understand more about how cfengine is using crypto hashes. My
configuration has a working cfservd serving up files and the files copy
correctly across the network to a machine via it's cfagent.conf file.
Hence I am not trying to troubleshoot a specific problem. I just want to
make sure the design of my cfagent.conf file is designed correctly.
Q1: When using "copy:" we can specify the "type" of check as the
criteria to update the file. In my case I choose "checksum".
I noticed that it does not require a local Berkley database for this to
work. From reading the tutorial it seems to state that it takes a hash
of the file on the cfservd machine and the hash is compared with the
hash of the file on the machine local to the cfagent.conf file.
Q1a: Is this correct?
Q1b: If not, how does this work?
Q2: As per the cfengine reference, the (checksum|hash) is generated by
MD5 for the "copy:" class. But the "file:" class can choose MD5 or SHA.
So based on this, I have the following questions:
Q2a: Which SHA hash does CFengine use? (SHA1, SHA256, etc.)?
Q2b: If possible, how can the class "copy:" use a SHA hash?
Q3: I have not attempted "tripwire" like functions with the hashes yet.
I would like to do so.
Q3a: Will I need to set the ChecksumDatabase in the "control:" section.
Q3b: Does cfengine generate the database or do I need to generate it?
(I do the Berkley libs on my machine)
Q4: The CFenigne reference was not clear to me regarding the ability to
centralize the ChecksumDatabase. I would like to have the hashes stored
both locally and on the cfservd machine. Hence if the local machine was
compromised, I can use the saved hashes from the cfservd machine for a
starting point for forensics.
Q4a: Can cfengine do this?
Q4b: If so, how?
Q4c: Any gotchas (beside the one about Alerts, see Q5)
Q5: The CFengine Reference states "Note that it is also possible to use
a database file for cfservd's remote copying by checksum. If you use the
same file for both purposes you risk losing warnings."
Q5a: Are you saying that the "copy:" class can also store hashes so if
you wish to use it also for the "copy:" class generate a different database?
Q5b: If Q4a is true, is it also true for the "copy:" class?
--
Pe5ky Tac0
--------------
Yum, Fish Tacos !!
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- checksum hashes in CFengine,
Pe5kyTac0 <=