FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 10-17-2008, 04:41 PM
"Sean Carolan"
 
Default Recommended Configuration Control Software?

We have several dozen production Linux servers and I would like to
have better control over what files are changed, by whom, when they
were changed, etc. Because these are all production servers that are
in use 24x7, we do not have the luxury of simply doing a clean build,
taking md5sums of each file, and then doing fresh installations. I
need a system that can take in-place snapshots of each server's
configuration files, store them in some kind of database or text file,
and notify me whenever something changes.

I've used tripwire in the past - do you have any other recommendations
for this type of project?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-17-2008, 04:59 PM
"Stephen John Smoogen"
 
Default Recommended Configuration Control Software?

On Fri, Oct 17, 2008 at 10:41 AM, Sean Carolan <scarolan@gmail.com> wrote:
> We have several dozen production Linux servers and I would like to
> have better control over what files are changed, by whom, when they
> were changed, etc. Because these are all production servers that are
> in use 24x7, we do not have the luxury of simply doing a clean build,
> taking md5sums of each file, and then doing fresh installations. I
> need a system that can take in-place snapshots of each server's
> configuration files, store them in some kind of database or text file,
> and notify me whenever something changes.
>

aide comes with CentOS 4/5 and does part of what you want by doing
various checksums. Tripwire will also compile for those too. The issue
will be that you will want to turn off prelinking and you will want to
make sure that you have configured either program to watch those
programs. You can add in audit on EL-5 with a policy setup
(capp/niscom/customize) to watch those files and log who/what/when the
program was changed by.

However none of the programs stores originals of the config files etc
as you are wanting. In that case, your best bet is to turn the problem
around and have the config files you want on the servers, and push
them out from a central box. Then have the audit programs see if
something outside of your central management changed the program.


> I've used tripwire in the past - do you have any other recommendations
> for this type of project?
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



--
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-17-2008, 05:24 PM
Les Mikesell
 
Default Recommended Configuration Control Software?

Sean Carolan wrote:

We have several dozen production Linux servers and I would like to
have better control over what files are changed, by whom, when they
were changed, etc. Because these are all production servers that are
in use 24x7, we do not have the luxury of simply doing a clean build,
taking md5sums of each file, and then doing fresh installations. I
need a system that can take in-place snapshots of each server's
configuration files, store them in some kind of database or text file,
and notify me whenever something changes.


Anything that is installed via RPM is already databased and tracked. if
you edit something you have to track it yourself. I don't know of a
good tool for this. For the things I edit frequently and the changes
aren't obvious (like DNS zone files), I commit the changes to a CVS
server that has viewcvs for easy browsing and diff-ing against earlier
versions.



I've used tripwire in the past - do you have any other recommendations
for this type of project?


Tripwire doesn't help when you need to put things back the way they were
a version or two back. Backups are always a good thing and a
brute-force approach would be to rsync your /etc directories off to some
other machine, perhaps using the backup-dir option to keep some old
versions around. Running rsync with the -v and -n options will tell you
if anything changed compared to the last copy. I'm surprised that there
isn't a good tool built on top of one of the version control systems
that could treat similar machines as branches, though. What needs to be
done is very similar to other version control concepts and everyone
needs it.


--
Les Mikesell
lesmikesell@gmail.com

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-27-2008, 09:56 PM
Jeremiah Heller
 
Default Recommended Configuration Control Software?

On 17 Oct 2008, at 09:41, Sean Carolan wrote:


We have several dozen production Linux servers and I would like to
have better control over what files are changed, by whom, when they
were changed, etc. Because these are all production servers that are
in use 24x7, we do not have the luxury of simply doing a clean build,
taking md5sums of each file, and then doing fresh installations. I
need a system that can take in-place snapshots of each server's
configuration files, store them in some kind of database or text file,
and notify me whenever something changes.

I've used tripwire in the past - do you have any other recommendations
for this type of project?
you might want to look at dconf, from http://dag.wieers.com/home-made/dconf/
. probably not hard to script something to notify you when a new
snapshot is taken.

=====
If you run dconf, it will create a single-file snapshot of your system
(config-files, hardware config, system state). By default it will
store this file in /var/log/dconf and timestamp it, only when the
content is different from the previous run.


You can configure dconf to run from cron on an hourly, daily, weekly
or monthly basis and, in case of changes, have it send out a mail.
Dconf allows you to go back in time, compare older snapshots, rollback
changes or even compare systems with basic text-oriented tools.

=====

Jeremiah
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-27-2008, 10:16 PM
Jeremiah Heller
 
Default Recommended Configuration Control Software?

On 27 Oct 2008, at 15:56, Jeremiah Heller wrote:


On 17 Oct 2008, at 09:41, Sean Carolan wrote:


We have several dozen production Linux servers and I would like to
have better control over what files are changed, by whom, when they
were changed, etc. Because these are all production servers that are
in use 24x7, we do not have the luxury of simply doing a clean build,
taking md5sums of each file, and then doing fresh installations. I
need a system that can take in-place snapshots of each server's
configuration files, store them in some kind of database or text
file,

and notify me whenever something changes.

I've used tripwire in the past - do you have any other
recommendations

for this type of project?
you might want to look at dconf, from http://dag.wieers.com/home-made/dconf/
. probably not hard to script something to notify you when a new
snapshot is taken.

[snip]...


You can configure dconf to run from cron on an hourly, daily, weekly
or monthly basis and, in case of changes, have it send out a mail.


probably easier to read what I posted and see email notification is a
configurable option :P


Dconf allows you to go back in time, compare older snapshots,
rollback changes or even compare systems with basic text-oriented
tools.

=====


Jeremiah
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 05:31 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org