Hi, I'm thinking through what it would take to manage a large installation of AIDE (thousands of machines), and am wondering if there are some whitepapers, blog posts, transcripts, recollections, or other musings from some who have done this before. Managing the AIDE configuration files themselves will be relatively easy using our existing configuration management system; I'm much more interested in how to collect, analyze, process, and act upon the information AIDE generates about each system. It's obviously trivial to overwhelm myself with data about each system, especially if I don't do a good job of describing the expected changes in the system ahead of time, but there are likely many more caveats I'd love to hear about from one who's been there.
Ideally, I'm looking for a method of aggregating the reports from each host, so that I may * get reports of which hosts are not conforming to spec * create rules about specific subsets of hosts that are allowed to be out of spec in certain ways * act upon those reports in an automated way (for example, email a product owner or (in the extreme) automatically trigger a remote power off for hosts that violate some very specific rules) Does anybody out there have some good links I should read? Thanks, -ben
_______________________________________________ Aide mailing list [email protected] https://mailman.cs.tut.fi/mailman/listinfo/aide
