Compliance and audit

44 views

Skip to first unread message

Phillip Rice

unread,

May 3, 2014, 5:35:57 AM5/3/14

to salt-...@googlegroups.com

For our first steps with salt we are looking to use it for compliance checking and audit. We don't want salt to make any updates to hosts

Has anybody had any experience of doing this and recommendations on the best ways to go about implementing

An example would be checking the time zone. All of out servers must be set to either GMT or UTC. So we would want to parse the output and end up with a list of server with the timezone and a flag to highlight if the result is true or false.

Thanks

Denis Witt

unread,

May 3, 2014, 9:22:18 AM5/3/14

to salt-...@googlegroups.com, Phillip Rice

Am 3. Mai 2014 bei 11:36:04, Phillip Rice (philli...@gmail.com) schrieb:

For our first steps with salt we are looking to use it for compliance checking and audit. We don't want salt to make any updates to hosts

Has anybody had any experience of doing this and recommendations on the best ways to go about implementing

Well, if you mean with checking and audit that you want to find/log differences to your expected config you can set up the desired states and always run Salt with the test=True parameter.

The result will be a list of all differences between your desired and your expected configuration. To fix those differences you can omit test=True later.

With salt-run jobs.list_jobs you can look up old jobs and can view their output with salt-run jobs.lookup_jid <job id number>

See http://docs.saltstack.com/en/latest/ref/configuration/master.html (job cache config settings) and http://docs.saltstack.com/en/latest/topics/jobs/index.html for details.