|Does this help?
dpkg -L PACKAGENAME
|
On 06/08/2011 01:44 AM, Robin Lee Powell wrote:
(zombie thread raaaaar!)
Where this comes up for me is when I have packages set to "latest".
There's not really any way, I don't think, to integrate samhain into
this process (that is, to say "I just installed this package with
apt, so update those files").
which is pretty unfortunate, really; that seems like a fairly basic
feature for something like samhain. Something like "run this, and
update every file it touches cuz I'm OK with that".
-Robin
On Fri, Jan 08, 2010 at 09:06:13PM -0500, Trevor Vaughan wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Vince,
If you really want to do this, I would do the first scenario you
describe with a few key points.
1) Let puppet run
2) Have an exec in puppet that runs a job in the background that does
the following:
- Waits until all puppet instances have finished running
- Runs a samhain check against the system and e-mails/syslogs it to
the admin
- Re-initializes the database.
This way, you're sure that puppet is done running and you get a copy of
the last 'change' state of the system in case someone has planted
something since the last run.
Basically, you're effectively defeating a great deal of the purpose of
samhain, which is to protect against unknown changes. If you
automatically reinitialize the database, then you run the high risk of
someone being able to plant something during the next initialization.
You also are going to be putting a heavy load on your system on a fairly
regular basis.
What I would instead suggest is to only use samhain to monitor those
items that Puppet is not already watching. Puppet will, of course,
change any file to its proper state, so having samhain watch it as well
is redundant effort on the part of your system.
You may, however, have perfectly good reasons for doing it this way.
If you're using a Linux or Solaris system, you may also want to look at
the built in auditing subsystems and/or inotify for real-time
notification functionality.
Trevor
On 01/08/2010 04:41 PM, Vince wrote:
We just starting using samhain on our servers.
Since updates to our puppet manifests tend to change files on the
system that samhain monitors, I'm looking for a good way to
reinitialize the samhain database whenever puppet changes something on
the system to reduce notifications that samhain produces. I'm
wondering if anyone has an elegant way of dealing with this.
Ideally we do something like this:
1. let puppet run
2. if any files changed during the puppet run, then puppet will
automatically reinitialize samhain
or even if we can do something like this it would be fine:
1. have puppet disable samhain before it processes its manifests
2. apply manifest changes
3. reinitialize the samhain database
4. enable samhain
Any suggestions would be very helpful.
Thanks.
- --
Trevor Vaughan
Vice President, Onyx Point, Inc.
email: tvaug...@onyxpoint.com
phone: 410-541-ONYX (6699)
- -- This account not approved for unencrypted sensitive information --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAktH5JEACgkQyWMIJmxwHpTUQQCgrGD90YQcMiUV7SbsrNNIrY7h
884An0f6XKVrqGKnXKVkWfoFwBPbtQfC
=wp0h
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
