Re: aide, apt-get and remote management...
Would you mind charing some of the scripting involved?
Joh
On Wed, 10 Dec 2003 23:26:21 -0500
Peter Solodov <peter@alcor.concordia.ca> wrote:
> On 10 Dec 2003, Douglas F. Calvert wrote:
> > With all the recent discussions about debsigs and file integrity I
> > have been trying to figure out the best way to deal with apt-get
> > uprgades on remote machines with aide running. Does anyone have a
> > good system for the management of the aide database and system
> > upgrades? Or just any good aide tips would be nice as well.
>
> Here's how I do that. I have a tightly secured well-protected
> machine. It holds file integrity databases. Every night it runs AIDE
> on a bunch of remote machines (AIDE binary is uploaded, then
> signatures are collected and output is shipped back to the secure
> machine). AIDE reports are generated on the machine that initiated
> the check. Nothing on a remote machine indicates signatures are
> collected.
>
> That's the file integrity part. As for upgrades and updates, I never
> install anything automatically, but I have a cron job which checks if
> updates are available. And if there are, I would log on to a machine
> and install new packages myself.
>
> - Peter
>
> --
> Peter Solodov | Concordia University
> http://alcor.concordia.ca/~peter | Montreal, QC, Canada
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
Reply to: