[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Versioned Conffiles was Re: Contrasting BSIGN and TRIPWIRE

Oscar Levi wrote:

> My next project is to implement version control for system
> configuration files.  This can integrate with bsign, too, in that the
> administrator can sign (bless) the edited config files as part of the
> standard process.  If someone is really paranoid, he can use a
> smartcard for signature generation and/or a NFS mount of the system
> being adminstered to isolate encryption from a vulnerable system.

I would like to see RCS support for system configuration files - something like:

If when the user says they would like to install a new conffile from the
package, then
 If there is an RCS directory for the conffile then check in the old version,
 and check in the new Debian version, giving it a suitable label (saying which
 package version it came from etc.

This could supplement (where RCS was available) the various different systems
which keep multiple old conf files (such as the rotated apache conf files 
system - which I really like BTW)

	John Lines

Reply to: