[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: aide, apt-get and remote management...

On 10 Dec 2003, Douglas F. Calvert wrote:
> With all the recent discussions about debsigs and file integrity I
> have been trying to figure out the best way to deal with apt-get
> uprgades on remote machines with aide running. Does anyone have a
> good system for the management of the aide database and system
> upgrades? Or just any good aide tips would be nice as well.

Here's how I do that.  I have a tightly secured well-protected
machine.  It holds file integrity databases.  Every night it runs AIDE
on a bunch of remote machines (AIDE binary is uploaded, then
signatures are collected and output is shipped back to the secure
machine).  AIDE reports are generated on the machine that initiated
the check.  Nothing on a remote machine indicates signatures are

That's the file integrity part.  As for upgrades and updates, I never
install anything automatically, but I have a cron job which checks if
updates are available.  And if there are, I would log on to a machine
and install new packages myself.

        - Peter

Peter Solodov                    | Concordia University 
http://alcor.concordia.ca/~peter | Montreal, QC, Canada

Reply to: