<p dir="ltr"><br>
On 17 Jul 2013 23:14, "Paul Battley" <<a href="mailto:pbattley@gmail.com">pbattley@gmail.com</a>> wrote:<br>
><br>
> On 17 July 2013 22:22, Gareth Rushgrove <<a href="mailto:gareth@morethanseven.net">gareth@morethanseven.net</a>> wrote:<br>
> > Running puppet/chef/whatever every x minutes doesn't just have the<br>
> > ability to change things to be how you described them, it has the<br>
> > ability to tell you that something in the world is different to how<br>
> > you think it should be.<br>
><br>
> I'm a bit sceptical of this claim. I know that's what everyone would<br>
> like their configuration management system to be doing, and if it were<br>
> true it would save a lot of problems, but what everyone really does is<br>
> start with an off the shelf distro and configure parts of the system<br>
> to meet their desired spec, leaving the bulk of it to the underlying<br>
> distro. That will tell you if the parts of the system you've<br>
> configured have diverged, but unless I've missed something, that seems<br>
> to leave a whole lot of blind spots. I'm not saying that's not useful,<br>
> but Puppet[0] isn't really an intrusion detection system.<br>
><br>
> If you were to set up Linux from Scratch using Puppet etc., then you<br>
> probably could get a pretty complete overall view of this, but I think<br>
> you'd need a combine harvester, the ability to warp time, and<br>
> near-infinite patience to shave that yak.<br>
></p>
<p dir="ltr">Better that yak than the keep my spreadsheets up to date yak.</p>
<p dir="ltr">The advantage you have with the rest of the OS is tools like auditd tend to already do a good job, and everything is a package and dpkg (or yum or whatever) will tell you about changes pretty easily.</p>
<p dir="ltr">Having said that there are a few tools that will generate (horrible) puppet code from everything installed on a machine. I've certainly met folks from huge companies who use Puppet this way, though I wouldn't recommend going there if you're just starting out and you're not audited. </p>
<p dir="ltr">G</p>
<p dir="ltr">> Paul.<br>
><br>
> [0]: For Puppet, read "configuration management system of your choice"<br>
</p>