I have a simple request. On a single server I''d like to be able to see changes to any files in /etc. This is because other users may carry out changes - and I''d like to monitor what changes to /etc/ are made by package installs. (The server is running SLES 11 SP2. Normally, I''d use etckeeper which is a simple tool for putting /etc/* files into a local git repository but this is not available on SLES). Could anyone point me at how to install puppet on this SLES server and what commands would be used to see any changes to /etc/* files. And then maybe how to add these changes into the current configs so I can see new changes again. I''m getting the Pro Puppet book today but though that what I''m asking for might be relatively simple. Thanks, Kevin Bailey -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/8DX-7Hhiz00J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On Friday, July 27, 2012 6:30:15 AM UTC-5, bailey86 wrote:> > I have a simple request. > > On a single server I''d like to be able to see changes to any files in > /etc. This is because other users may carry out changes - and I''d like to > monitor what changes to /etc/ are made by package installs. >That''s simple to say, but not so simple to do. Especially so if you want to track multiple changes over time, notice creation of new files, etc.. Puppet really isn''t designed for that sort of job. It''s aimed at achieving and maintaining particular system states, not at recording changes in state over time. I hadn''t heard of etckeeper before, but using git for this sort of thing sounds particularly apropos. Although it may not be available pre-packaged for SLES, the code looks pretty simple. It shouldn''t be hard to package it up, especially with the Debian packaging available as a guide. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/DnY9y7zrq5cJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Good idea.
Until Puppet has the important production-tracking / security / forensics
feature you want, use the "exec" in Puppet and
roll-your-own production-monitoring class.
One idea for implementation follows:
Backup /etc.
Then run the following, outputting it to "A" or "B" at time
"t":
find /etc -exec md5sum {} \; | sort -k 34 | md5sum
At time "t+<n>", rerun the above but output to the other of
"A" or "B".
Backup /etc to a separate backup file.
Diff A and B.
If no difference (e.g. diff is empty), no data change (note: does not measure
updates/"touches" that don''t change data -
for that, diff the successive output of a sorted "find /etc -ls {} \;"
as well.)
If difference (diff is non-empty), the files(s) and/or directory that is added,
removed, or changed, is shown with the before/after checksums.
Remove the 1st backup. 2nd backup becomes 1st backup for next run to accumulate
2nd backup, etc.
Testing the above with mkdir somedir, touch somedir/somefile, rm
somedir/somefile, rmdir somedir
gave predictable md5 hashes returning to the prior state, a decent sign, though
not a comprehensive test.
The reason you use find instead of cpio/tar and backup /etc twice is to have a
before/after for forensics to find the changed file(s)
--Stuart
On Jul 27, 2012, at 4:30 AM, bailey86 <bailey86@gmail.com> wrote:
> I have a simple request.
>
> On a single server I''d like to be able to see changes to any files
in /etc. This is because other users may carry out changes - and I''d
like to monitor what changes to /etc/ are made by package installs.
>
> (The server is running SLES 11 SP2. Normally, I''d use etckeeper
which is a simple tool for putting /etc/* files into a local git repository but
this is not available on SLES).
>
> Could anyone point me at how to install puppet on this SLES server and what
commands would be used to see any changes to /etc/* files. And then maybe how
to add these changes into the current configs so I can see new changes again.
I''m getting the Pro Puppet book today but though that what I''m
asking for might be relatively simple.
>
> Thanks,
>
> Kevin Bailey
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/8DX-7Hhiz00J.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Sorry for the top posting. Unless someone want consider that a configuration management system is also an integrity checker, i no for example, i suggest to use for this sort of thing a specific tool. There are many, also sophisticated. A very simple tool is aide, for example, or tripwire. Best regards 2012/7/27, bailey86 <bailey86@gmail.com>:> I have a simple request. > > On a single server I''d like to be able to see changes to any files in /etc. > > This is because other users may carry out changes - and I''d like to > monitor what changes to /etc/ are made by package installs. > > (The server is running SLES 11 SP2. Normally, I''d use etckeeper which is a > > simple tool for putting /etc/* files into a local git repository but this > is not available on SLES). > > Could anyone point me at how to install puppet on this SLES server and what > > commands would be used to see any changes to /etc/* files. And then maybe > how to add these changes into the current configs so I can see new changes > again. I''m getting the Pro Puppet book today but though that what I''m > asking for might be relatively simple. > > Thanks, > > Kevin Bailey > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/8DX-7Hhiz00J. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- Inviato dal mio dispositivo mobile -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Fully agree. Kevin, you may also consider some system distribution help as, for example, "Remote Filesystem Checker". Needless to say, you must manage legitimate changes, as for updates, allowing automatic file checksum baseline regeneration after updates. Regards, Paolo Il giorno sabato 28 luglio 2012 10:07:35 UTC+2, yersinia.spiros ha scritto:> > Sorry for the top posting. > > Unless someone want consider that a configuration management system is > also an integrity checker, i no for example, i suggest to use for this > sort of thing a specific tool. There are many, also sophisticated. A > very simple tool is aide, for example, or tripwire. > > Best regards > > 2012/7/27, bailey86 <bailey86@gmail.com>: > > I have a simple request. > > > > On a single server I''d like to be able to see changes to any files in > /etc. > > > > This is because other users may carry out changes - and I''d like to > > monitor what changes to /etc/ are made by package installs. > > > > (The server is running SLES 11 SP2. Normally, I''d use etckeeper which > is a > > > > simple tool for putting /etc/* files into a local git repository but > this > > is not available on SLES). > > > > Could anyone point me at how to install puppet on this SLES server and > what > > > > commands would be used to see any changes to /etc/* files. And then > maybe > > how to add these changes into the current configs so I can see new > changes > > again. I''m getting the Pro Puppet book today but though that what I''m > > asking for might be relatively simple. > > > > Thanks, > > > > Kevin Bailey > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Puppet Users" group. > > To view this discussion on the web visit > > https://groups.google.com/d/msg/puppet-users/-/8DX-7Hhiz00J. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscribe@googlegroups.com. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > > > > > -- > Inviato dal mio dispositivo mobile >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/GkffJuxZomoJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
On 07/27/2012 01:30 PM, bailey86 wrote:> I have a simple request. > > On a single server I''d like to be able to see changes to any files in > /etc. This is because other users may carry out changes - and I''d like > to monitor what changes to /etc/ are made by package installs. > > (The server is running SLES 11 SP2. Normally, I''d use etckeeper which > is a simple tool for putting /etc/* files into a local git repository > but this is not available on SLES). > > Could anyone point me at how to install puppet on this SLES server and > what commands would be used to see any changes to /etc/* files. And > then maybe how to add these changes into the current configs so I can > see new changes again. I''m getting the Pro Puppet book today but though > that what I''m asking for might be relatively simple.I would point you at etckeeper, which is designed for this purpose. It uses distributed VCS as backend, so you can choose between mercurial, bazaar, git or darcs. I prefer mercurial for this purpose. You can also write post-commit hooks which will for example send you an email with list of changed files at every commit, and set up cron that will autocommit every night. You can also exclude files from versioning. -- Jakov Sosic www.srce.unizg.hr -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Or you could just mount /etc as NILFS, and let the OS do the work for you. Am I right in thinking, this is a single server solution? I wrote a blog post, how to use it on User-Mode Linux instances (linode). http://blog.binarytemple.co.uk/2012/06/nilfs-versioned-filesystem-on-linode.html Presumably SLES ships with it packaged; if not, as an install option. Is that the case? Regards, Bryan Hunt -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/F3R3nMpsw9YJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.