Linked by Dedoimedo on Mon 15th Nov 2010 15:46 UTC
Linux How do you audit your Linux environment? How do you track after changes to your files? What kind of processes are running on your system at any given moment? What uses the most resources? Valid questions, all. Special contributor Dedoimedo gives us the straight scoop on "audit.". Editor's note: Call for submissions: are you an OS expert? Can you provide some special insight, some tips and tricks, or just plain illuminate an obscure feature in your OS of choice? We'd like to publish it.
Permalink for comment 450048
To read all comments associated with this story, please click here.
Maybe I'm missing the point...
by Vanders on Mon 15th Nov 2010 21:34 UTC
Member since:

An alternative is configuration management, like cfengine. This could work, too. You will have a static baseline to revert to, deleting any unwanted changes to your files. However, you will not know, in between period runs, who made changes to your files - or why.

Maybe it's just me being bloody minded, but why should I care if someone made a local change to a file managed by my configuration management system and the change gets over written? That's the entire point of configuration management such as cfengine or Puppet. The configuration management system is canonical. If someone attempts to make a local change outside of configuration management:

a) They're Doing It Wrong and therefore shouldn't be making such a change anyway.
b) I want their changes to be overwritten due to the above.

Audit tools such as tripwire and audit are useful for finding potentially malicious changes to key system files, but I don't see why you'd try to use something like this as a replacement for something like Puppet. It's Apples and Oranges.

Reply Score: 3