[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Versioned Conffiles was Re: Contrasting BSIGN and TRIPWIRE

On Mon, Dec 14, 1998 at 08:07:59AM +0000, John Lines wrote:
> Oscar Levi wrote:
> > My next project is to implement version control for system
> > configuration files.  This can integrate with bsign, too, in that the
> > administrator can sign (bless) the edited config files as part of the
> > standard process.  If someone is really paranoid, he can use a
> > smartcard for signature generation and/or a NFS mount of the system
> > being adminstered to isolate encryption from a vulnerable system.
> > 
> I would like to see RCS support for system configuration files - something like:
> If when the user says they would like to install a new conffile from the
> package, then
>  If there is an RCS directory for the conffile then check in the old version,
>  and check in the new Debian version, giving it a suitable label (saying which
>  package version it came from etc.
> This could supplement (where RCS was available) the various different systems
> which keep multiple old conf files (such as the rotated apache conf files 
> system - which I really like BTW)

cfengine to a great degree supports this (since it uses cvs) it is not
supported by dpkg tho.

-----    -- - -------- --------- ----  -------  -----  - - ---   --------
Ben Collins <b.m.collins@larc.nasa.gov>                  Debian GNU/Linux
UnixGroup Admin - Jordan Systems Inc.                 bcollins@debian.org
------ -- ----- - - -------   ------- -- The Choice of the GNU Generation

Reply to: