James Harper <[email protected]> writes: > I need something that can scan my network for Linux machines and then > log in to anything it can find and check configs to make sure > everything is set up correctly, eg things like that ssh settings are > correct, smartd is configured and enabled (if physical machine), no > blank passwords, permissions on sensitive config files, etc. This is > more of an automatic check of the install process than a tripwire to > check for malicious reconfiguration (I just found a machine with a > failed harddisk on which I hadn't enabled smartd!)
The problem domain you describe is called "configuration management". As others have said, puppet is probably the best-known at present. I'm not enthusiastic about any of them - haven't tried ansible yet. What I currently do is keep a BCP checklist (e.g. "install etckeeper") and go through it when I first deploy a host. If I add to the list after a host is deployed, that's generally just too bad for that host. :-( _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
