Puppet users - Oct 2013 - File integrity monitoring and expected Puppet changes

Hi all,

How can I retrieve a file''s most recent checksum as reported by puppet?
 I''m running Puppet 3.1, PuppetDB 1.4, and Foreman 1.2, and have looked
through the various APIs as well as /var/lib/puppet/ on each node, but 
can''t find a specific field for the checksum.  I think it used to be in
/var/lib/puppet/state/state.yaml, but was removed in recent puppet versions due 
to inconsistencies <http://projects.puppetlabs.com/issues/5301>.  I see 
ways to return a node report, but they don''t seem to contain the
checksum.
 I suppose just checking that the file was changed via puppet is sufficient 
in saying that this was an expected change, but it would be nice to also 
compare the sum in puppet vs. the file integrity monitor.


In general, I want to have my real-time file integrity monitor check 
against expected puppet changes so I don''t receive alerts from
100''s of
servers.  I''ve seen a little discussion on this topic here and there,
but
would love to see some more light shed on this particular subject.  I 
realize that there is a risk involved with NOT sending an alert because 
"this change was expected per puppet", but this to me is better than 
getting thousands of alerts each day and actually missing something 
important due to info overload.

How do you guys monitor file integrity across many hosts?

I''m using OSSEC syscheck, but still evaluating so I''m open to
other tools
and general thoughts on the subject.

Thanks!
Jason


-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.