Steve Wray said on Fri, Oct 10, 2003 at 01:22:48PM +1300: > The answer we came up with was to update boxes by rsync > with --delete You may want to look at systemimager; it already does this, and it already knows to exclude the stuff that you don't want to rsync. I've been doing something like this for over a year now, and it works really well. > For completeness and added security, before the rsync takes place, > we upload statically linked rsync and md5sum binaries. This way, > the remote rsync program (set with --rsync-path) should be trustworthy. I don't, however, do this. This is a good idea. > Also, the rsync process runs some scripts on the target machine, > so any binaries used by these scripts are compared with > a record of what they are supposed to be (these are held > on the server), using the uploaded statically linked md5sum binary. Hrm, I would use a static tripwire or equiv, but yeah, this is also a good idea. Of course, if you trust your rsync, then you don't have to worry about the md5sums on the client. You may want to look into using CVS + CVSup to distribute configs per client, too. M
Attachment:
pgpGkTQ8spaK8.pgp
Description: PGP signature