On a single server I'd like to be able to see changes to any files in /etc. This is because other users may carry out changes - and I'd like to monitor what changes to /etc/ are made by package installs.
(The server is running SLES 11 SP2. Normally, I'd use etckeeper which is a simple tool for putting /etc/* files into a local git repository but this is not available on SLES).
Could anyone point me at how to install puppet on this SLES server and what commands would be used to see any changes to /etc/* files. And then maybe how to add these changes into the current configs so I can see new changes again. I'm getting the Pro Puppet book today but though that what I'm asking for might be relatively simple.
On Friday, July 27, 2012 6:30:15 AM UTC-5, bailey86 wrote:
> I have a simple request.
> On a single server I'd like to be able to see changes to any files in > /etc. This is because other users may carry out changes - and I'd like to > monitor what changes to /etc/ are made by package installs.
That's simple to say, but not so simple to do. Especially so if you want to track multiple changes over time, notice creation of new files, etc.. Puppet really isn't designed for that sort of job. It's aimed at achieving and maintaining particular system states, not at recording changes in state over time.
I hadn't heard of etckeeper before, but using git for this sort of thing sounds particularly apropos. Although it may not be available pre-packaged for SLES, the code looks pretty simple. It shouldn't be hard to package it up, especially with the Debian packaging available as a guide.
Until Puppet has the important production-tracking / security / forensics feature you want, use the "exec" in Puppet and roll-your-own production-monitoring class.
One idea for implementation follows:
Backup /etc.
Then run the following, outputting it to "A" or "B" at time "t":
At time "t+<n>", rerun the above but output to the other of "A" or "B".
Backup /etc to a separate backup file.
Diff A and B.
If no difference (e.g. diff is empty), no data change (note: does not measure updates/"touches" that don't change data - for that, diff the successive output of a sorted "find /etc -ls {} \;" as well.)
If difference (diff is non-empty), the files(s) and/or directory that is added, removed, or changed, is shown with the before/after checksums.
Remove the 1st backup. 2nd backup becomes 1st backup for next run to accumulate 2nd backup, etc.
Testing the above with mkdir somedir, touch somedir/somefile, rm somedir/somefile, rmdir somedir
gave predictable md5 hashes returning to the prior state, a decent sign, though not a comprehensive test.
The reason you use find instead of cpio/tar and backup /etc twice is to have a before/after for forensics to find the changed file(s)
--Stuart
On Jul 27, 2012, at 4:30 AM, bailey86 <baile...@gmail.com> wrote:
> On a single server I'd like to be able to see changes to any files in /etc. This is because other users may carry out changes - and I'd like to monitor what changes to /etc/ are made by package installs.
> (The server is running SLES 11 SP2. Normally, I'd use etckeeper which is a simple tool for putting /etc/* files into a local git repository but this is not available on SLES).
> Could anyone point me at how to install puppet on this SLES server and what commands would be used to see any changes to /etc/* files. And then maybe how to add these changes into the current configs so I can see new changes again. I'm getting the Pro Puppet book today but though that what I'm asking for might be relatively simple.
> Thanks,
> Kevin Bailey
> -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group.
> To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/8DX-7Hhiz00J.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Unless someone want consider that a configuration management system is
also an integrity checker, i no for example, i suggest to use for this
sort of thing a specific tool. There are many, also sophisticated. A
very simple tool is aide, for example, or tripwire.
> On a single server I'd like to be able to see changes to any files in /etc.
> This is because other users may carry out changes - and I'd like to
> monitor what changes to /etc/ are made by package installs.
> (The server is running SLES 11 SP2. Normally, I'd use etckeeper which is a
> simple tool for putting /etc/* files into a local git repository but this
> is not available on SLES).
> Could anyone point me at how to install puppet on this SLES server and what
> commands would be used to see any changes to /etc/* files. And then maybe
> how to add these changes into the current configs so I can see new changes
> again. I'm getting the Pro Puppet book today but though that what I'm
> asking for might be relatively simple.
> Thanks,
> Kevin Bailey
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/8DX-7Hhiz00J.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
> Unless someone want consider that a configuration management system is > also an integrity checker, i no for example, i suggest to use for this > sort of thing a specific tool. There are many, also sophisticated. A > very simple tool is aide, for example, or tripwire.
> Best regards
> 2012/7/27, bailey86 <baile...@gmail.com>: > > I have a simple request.
> > On a single server I'd like to be able to see changes to any files in > /etc.
> > This is because other users may carry out changes - and I'd like to > > monitor what changes to /etc/ are made by package installs.
> > (The server is running SLES 11 SP2. Normally, I'd use etckeeper which > is a
> > simple tool for putting /etc/* files into a local git repository but > this > > is not available on SLES).
> > Could anyone point me at how to install puppet on this SLES server and > what
> > commands would be used to see any changes to /etc/* files. And then > maybe > > how to add these changes into the current configs so I can see new > changes > > again. I'm getting the Pro Puppet book today but though that what I'm > > asking for might be relatively simple.
> > Thanks,
> > Kevin Bailey
> > -- > > You received this message because you are subscribed to the Google > Groups > > "Puppet Users" group. > > To view this discussion on the web visit > > https://groups.google.com/d/msg/puppet-users/-/8DX-7Hhiz00J. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscribe@googlegroups.com. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en.
> On a single server I'd like to be able to see changes to any files in
> /etc. This is because other users may carry out changes - and I'd like
> to monitor what changes to /etc/ are made by package installs.
> (The server is running SLES 11 SP2. Normally, I'd use etckeeper which
> is a simple tool for putting /etc/* files into a local git repository
> but this is not available on SLES).
> Could anyone point me at how to install puppet on this SLES server and
> what commands would be used to see any changes to /etc/* files. And
> then maybe how to add these changes into the current configs so I can
> see new changes again. I'm getting the Pro Puppet book today but though
> that what I'm asking for might be relatively simple.
I would point you at etckeeper, which is designed for this purpose. It uses distributed VCS as backend, so you can choose between mercurial, bazaar, git or darcs. I prefer mercurial for this purpose.
You can also write post-commit hooks which will for example send you an email with list of changed files at every commit, and set up cron that will autocommit every night. You can also exclude files from versioning.
