On Fri, 10 Oct 2003 13:56, Mark Ferlatte wrote: > Steve Wray said on Fri, Oct 10, 2003 at 01:22:48PM +1300: > > The answer we came up with was to update boxes by rsync > > with --delete > > You may want to look at systemimager; it already does this, and it already > knows to exclude the stuff that you don't want to rsync. I've been doing > something like this for over a year now, and it works really well.
We had to put something together fairly rapidly and considering the amount of rsync expertise we have in-house we decided that it would be the best solution for us. Granted there are possibly better tools out there! [snip] > > Also, the rsync process runs some scripts on the target machine, > > so any binaries used by these scripts are compared with > > a record of what they are supposed to be (these are held > > on the server), using the uploaded statically linked md5sum binary. > > Hrm, I would use a static tripwire or equiv, but yeah, this is also a good > idea. Of course, if you trust your rsync, then you don't have to worry > about the md5sums on the client. Ahhh but we run scripts on the target before and after the rsync; to prep it up and so forth, as well as patching some things in /etc (we use a diff 'n' sed|patch system for some things in etc) Hence, the binaries on the target that these scripts run need to be verified. But yes, tripwire is ultimately the right tool! :)