Re: change detection - md5 / sha1 databases? why both?

Thu, 12 May 2011 22:18:43 -0700 

Interesting.  What does "best" mean in this context?   (How does
"best" translate to MD5 and SHA1?  Is that on purpose?)   Why not just
use SHA1?  (i'm not criticizing, just want to understand.)

Thank you for the tip re detect_content body.

Aleksey

On Thu, May 12, 2011 at 10:05 PM, Eystein Måløy Stenberg
<eystein.stenb...@gmail.com> wrote:
> Hi Aleksey,
>
> You are right.
> If you look in cfengine_stdlib.cf, you would see
>
> ---
> body changes detect_all_change
>
> # This is fierce, and will cost disk cycles
>
> {
> hash           => "best";
> report_changes => "all";
> update_hashes  => "yes";
> }
> ---
>
> Consider using the detect_content body for a cheaper but less secure
> alternative.
>
> --
>
> Regards,
> Eystein
>
>
> On Thu, May 12, 2011 at 10:00 PM, Aleksey Tsalolikhin
> <atsaloli.t...@gmail.com> wrote:
>> Is it just me, or did Cfengine 3 used to use md5 databases for change
>> detection?  now I see both md5 and sha1 are used.  why is that?
>> (doesn't that double the cost of change detection?)
>>
>>
>> bundle agent example
>>
>> {
>> files:
>>
>>  "/etc"
>>
>>   changes      => detect_all_change,
>>   depth_search => recurse("inf");
>> }
>>
>>
>>
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>> ALERT: Hash (md5) for /etc/date.txt changed!
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>  -> Updating hash for /etc/date.txt to MD5=5e3e868b8f7f69bf2ffb651bf11b4f65
>> I: Made in version 'not specified' of
>> './00132_Security__detect_changes_in_etc.cf' near line 17
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>> ALERT: Hash (sha1) for /etc/date.txt changed!
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>  -> Updating hash for /etc/date.txt to
>> SHA=62f811f53d0547827b625397ba46f963eddb1efe
>> I: Made in version 'not specified' of
>> './00132_Security__detect_changes_in_etc.cf' near line 17
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>> ALERT: Last modified time for /etc/date.txt changed Thu May 12
>> 21:49:23 2011 -> Thu May 12 21:58:20 2011
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>> _______________________________________________
>> Help-cfengine mailing list
>> Help-cfengine@cfengine.org
>> https://cfengine.org/mailman/listinfo/help-cfengine
>>
>
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine

Reply via email to