Sure, but I don't see any way to tell samhain "these files right here have changed; trust the new values". I only see "accept everything".
-Robin On Wed, Jun 08, 2011 at 02:11:34AM -0400, vagn scott wrote: > |Does this help? > > dpkg -L PACKAGENAME > | > > > > On 06/08/2011 01:44 AM, Robin Lee Powell wrote: > >(zombie thread raaaaar!) > > > >Where this comes up for me is when I have packages set to "latest". > >There's not really any way, I don't think, to integrate samhain into > >this process (that is, to say "I just installed this package with > >apt, so update those files"). > > > >which is pretty unfortunate, really; that seems like a fairly basic > >feature for something like samhain. Something like "run this, and > >update every file it touches cuz I'm OK with that". > > > >-Robin > > > >On Fri, Jan 08, 2010 at 09:06:13PM -0500, Trevor Vaughan wrote: > >>-----BEGIN PGP SIGNED MESSAGE----- > >>Hash: SHA1 > >> > >>Vince, > >> > >>If you really want to do this, I would do the first scenario you > >>describe with a few key points. > >> > >>1) Let puppet run > >>2) Have an exec in puppet that runs a job in the background that does > >>the following: > >> - Waits until all puppet instances have finished running > >> - Runs a samhain check against the system and e-mails/syslogs it to > >>the admin > >> - Re-initializes the database. > >> > >>This way, you're sure that puppet is done running and you get a copy of > >>the last 'change' state of the system in case someone has planted > >>something since the last run. > >> > >>Basically, you're effectively defeating a great deal of the purpose of > >>samhain, which is to protect against unknown changes. If you > >>automatically reinitialize the database, then you run the high risk of > >>someone being able to plant something during the next initialization. > >> > >>You also are going to be putting a heavy load on your system on a fairly > >>regular basis. > >> > >>What I would instead suggest is to only use samhain to monitor those > >>items that Puppet is not already watching. Puppet will, of course, > >>change any file to its proper state, so having samhain watch it as well > >>is redundant effort on the part of your system. > >> > >>You may, however, have perfectly good reasons for doing it this way. > >> > >>If you're using a Linux or Solaris system, you may also want to look at > >>the built in auditing subsystems and/or inotify for real-time > >>notification functionality. > >> > >>Trevor > >> > >>On 01/08/2010 04:41 PM, Vince wrote: > >>>We just starting using samhain on our servers. > >>> > >>>Since updates to our puppet manifests tend to change files on the > >>>system that samhain monitors, I'm looking for a good way to > >>>reinitialize the samhain database whenever puppet changes something on > >>>the system to reduce notifications that samhain produces. I'm > >>>wondering if anyone has an elegant way of dealing with this. > >>> > >>>Ideally we do something like this: > >>> > >>>1. let puppet run > >>>2. if any files changed during the puppet run, then puppet will > >>>automatically reinitialize samhain > >>> > >>>or even if we can do something like this it would be fine: > >>> > >>>1. have puppet disable samhain before it processes its manifests > >>>2. apply manifest changes > >>>3. reinitialize the samhain database > >>>4. enable samhain > >>> > >>>Any suggestions would be very helpful. > >>> > >>>Thanks. > >>> > >>- -- Trevor Vaughan > >> Vice President, Onyx Point, Inc. > >> email: [email protected] > >> phone: 410-541-ONYX (6699) > >> > >>- -- This account not approved for unencrypted sensitive information -- > >>-----BEGIN PGP SIGNATURE----- > >>Version: GnuPG v1.4.9 (GNU/Linux) > >> > >>iEYEARECAAYFAktH5JEACgkQyWMIJmxwHpTUQQCgrGD90YQcMiUV7SbsrNNIrY7h > >>884An0f6XKVrqGKnXKVkWfoFwBPbtQfC > >>=wp0h > >>-----END PGP SIGNATURE----- > >>-- > >>You received this message because you are subscribed to the Google Groups > >>"Puppet Users" group. > >>To post to this group, send email to [email protected]. > >>To unsubscribe from this group, send email to > >>[email protected]. > >>For more options, visit this group at > >>http://groups.google.com/group/puppet-users?hl=en. > >> > >> > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which "this parrot is dead" is "ti poi spitaki cu morsi", but "this sentence is false" is "na nei". My personal page: http://www.digitalkingdom.org/rlp/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
