On Tue, May 13, 2014 at 10:45 AM, Joey STANFORD <j...@canonical.com> wrote:
> Howdy, > > > On Tue, May 13, 2014 at 08:04:14AM +0400, John Meinel wrote: > >> I actually think this isn't about someone doing "juju set-env" but someone >> just ssh'ing into the machine and changing things with a text editor. >> > > Yes, this is my top concern. > If you want this, there are tools that can help (puppet being one, the already mentioned tripwire being another) both of which can be used with juju. Once we have full modeling of a charms storage and installed "resources" we might be able to do *more* in juju itself. But for now the way to prevent this would be to write charms using puppet and doing enforcement that way, deploying a properly configured tripwire like subordinate, or for properly "scale out" workloads, just adding a new unit and killing any unit with any SSH sessions that might have resulted in questionable activity. --Mark Ramm
-- Juju mailing list Juju@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
