[LRUG] Idempotency vs the cloud
Tom Ward
tom at popdog.net
Fri Jul 19 03:21:49 PDT 2013
An alternative auditing strategy might be using a tool like blueprint[1] to
reverse engineer your server's setup, then diff the results. N.B. I've
never tried blueprint in anger, so have no idea how successful its
reverse-engineering is.
[1] https://github.com/devstructure/blueprint
Tom
On 17 July 2013 23:14, Paul Battley <pbattley at gmail.com> wrote:
> On 17 July 2013 22:22, Gareth Rushgrove <gareth at morethanseven.net> wrote:
> > Running puppet/chef/whatever every x minutes doesn't just have the
> > ability to change things to be how you described them, it has the
> > ability to tell you that something in the world is different to how
> > you think it should be.
>
> I'm a bit sceptical of this claim. I know that's what everyone would
> like their configuration management system to be doing, and if it were
> true it would save a lot of problems, but what everyone really does is
> start with an off the shelf distro and configure parts of the system
> to meet their desired spec, leaving the bulk of it to the underlying
> distro. That will tell you if the parts of the system you've
> configured have diverged, but unless I've missed something, that seems
> to leave a whole lot of blind spots. I'm not saying that's not useful,
> but Puppet[0] isn't really an intrusion detection system.
>
> If you were to set up Linux from Scratch using Puppet etc., then you
> probably could get a pretty complete overall view of this, but I think
> you'd need a combine harvester, the ability to warp time, and
> near-infinite patience to shave that yak.
>
> Paul.
>
> [0]: For Puppet, read "configuration management system of your choice"
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20130719/ab5468fd/attachment-0003.html>
More information about the Chat
mailing list