[Spacewalk-list] Config management questions
Brian Kinney
brian.kinney at memeo-inc.com
Tue Apr 28 14:27:26 UTC 2015
We use AIDE to watch over files for deltas. Simple script that compares
last scan stats (size age permissions) for any changes.
If you touch something you run an update script sending email with your
description of the changes.
On Apr 27, 2015 9:09 AM, "Will Beldman" <wbeldma at uwo.ca> wrote:
> I'm trying to do a better job in my organization managing changes to
> configuration files.
>
> Most of our authentication and authorization I'd like to defer to LDAP so I
> figured monitoring some local user management config files would be a good
> start (eg. /etc/passwd, /etc/shadow, /etc/group). My idea was that if a
> sysadmin tried to add a local user, Spacewalk could alert me to the change
> because it would no longer match my centrally manged files.
>
> However, I've already realized that I have a problem with my /etc/shadow
> file
> because the hash associated with the root password will obviously be
> different
> for every machine so I cannot manage it centrally.
>
> I tried to use macros like so:
> =====================================
> root:{| rhn.system.custom_info(root_hash) |}::0:99999:7:::
> ...
> =====================================
> and this works but I've realized that this means I am loading the root
> password hash onto every system as a custom info value which is probably
> not a
> good idea security-wise. If my Spacewalk server were compromised, the
> /etc/shadow file for every system is also compromised.
>
> Is there any ability to do things like ignore certain lines or put in regex
> wildcards so I can just say "put whatever you want in here"? Or is there a
> feature request for this?
>
>
> Also, can I get some idea, philosophically, on how to leverage config
> management in Spacewalk to it's potential. I think I really need to put up
> a
> config management server (Puppet/Chef/etc) to do what I really want, but in
> the interim, I was hoping to get some ideas on common uses for config
> management in Spacewalk.
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20150428/b566c2a8/attachment.htm>
More information about the Spacewalk-list
mailing list