Re: aide, apt-get and remote management...
On 10 Dec 2003, Douglas F. Calvert wrote:
> With all the recent discussions about debsigs and file integrity I
> have been trying to figure out the best way to deal with apt-get
> uprgades on remote machines with aide running. Does anyone have a
> good system for the management of the aide database and system
> upgrades? Or just any good aide tips would be nice as well.
Here's how I do that. I have a tightly secured well-protected
machine. It holds file integrity databases. Every night it runs AIDE
on a bunch of remote machines (AIDE binary is uploaded, then
signatures are collected and output is shipped back to the secure
machine). AIDE reports are generated on the machine that initiated
the check. Nothing on a remote machine indicates signatures are
That's the file integrity part. As for upgrades and updates, I never
install anything automatically, but I have a cron job which checks if
updates are available. And if there are, I would log on to a machine
and install new packages myself.
Peter Solodov | Concordia University
http://alcor.concordia.ca/~peter | Montreal, QC, Canada