On Mon, 2010-03-22 at 09:14 -0700, Luke Kanies wrote: > There are two easy answers: > > 1) Our customers actually want to get rid of Tripwire (for multiple > reasons) and if we could just track file changes we've got the most > important replacement functionality.
To really replace tripwire you actually need to encrypt/sign the state file which I'm not sure we're doing for the moment. You also need to be able to store it elsewhere in a non-tamperable storage, with the possibility to manually overwrite it (it remembers me when we were doing this on CD-R :-)). In other words, it's much more than just comparing and firing events. > 2) The ability to track any parameter on any resource is a far cry > from just tracking file content. E.g., you could do things like track > password changes for root, which would be essentially impossible for a > tool like Tripwire because it lacks the semantic richness. Agreed. Even though, osiris is able to track more things than files it's not as powerful as Puppet can be. > And here's a bonus reason, for free: > > 3) It's a great way for people to start managing - first monitor the > state so you know what the current operational mode is, and only once > you have that baseline do you start managing. > > And this would only ever slow things down if you used it, just like > noop. And even then it shouldn't be slow - it should actually be > faster than actually managing a resource, because you're just > retrieving and comparing, rather than those two plus writing. That's correct. -- Brice Figureau Follow the latest Puppet Community evolutions on www.planetpuppet.org! -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
