On Mon, Sep 16, 2013 at 8:11 PM, huang ming wrote:
>
> I want the puppetmaster can sign the manifest. avoid some guys publish
> dangerous manifest to agent. like exec{"foo": command=>"rm / -rf";}
>
> there is a software named samhain. it's a integrity checker and host
> intrusion detection sys
Hi,
The fact that someone can upload malicious manifests onto your master is
your own responsibility.
For example, if you chose to deploy your code from Github you can sign
every commit and release with a GPG key and validate those signatures,
including the file's checksums, before moving them
I want the puppetmaster can sign the manifest. avoid some guys publish
dangerous manifest to agent. like exec{"foo": command=>"rm / -rf";}
there is a software named samhain. it's a integrity checker and host
intrusion detection system . when compile the source code of the software,
you can
The security of the puppetmaster is, indeed, important, although to
varying degrees depending on the details of the implementation.
However, puppet itself does not manage modifications to the manifests
on the masters - that's up to the implementation.
I don't think it's inherently any safer to cr
hi,guys
when you use the puppet manage all you production server. the
security of the puppet master is very very very very import.
because if the hacker control the puppet master server. the can control
you all servers. and can do anythings he want.
I think most compan
