[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: aide, apt-get and remote management...

Would you mind charing some of the scripting involved?

Joh

On Wed, 10 Dec 2003 23:26:21 -0500
Peter Solodov <peter@alcor.concordia.ca> wrote:

> On 10 Dec 2003, Douglas F. Calvert wrote:
> > With all the recent discussions about debsigs and file integrity I
> > have been trying to figure out the best way to deal with apt-get
> > uprgades on remote machines with aide running. Does anyone have a
> > good system for the management of the aide database and system
> > upgrades? Or just any good aide tips would be nice as well.
> 
> Here's how I do that.  I have a tightly secured well-protected
> machine.  It holds file integrity databases.  Every night it runs AIDE
> on a bunch of remote machines (AIDE binary is uploaded, then
> signatures are collected and output is shipped back to the secure
> machine).  AIDE reports are generated on the machine that initiated
> the check.  Nothing on a remote machine indicates signatures are
> collected.
> 
> That's the file integrity part.  As for upgrades and updates, I never
> install anything automatically, but I have a cron job which checks if
> updates are available.  And if there are, I would log on to a machine
> and install new packages myself.
> 
>         - Peter
> 
> -- 
> Peter Solodov                    | Concordia University 
> http://alcor.concordia.ca/~peter | Montreal, QC, Canada
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
>
Reply to: