Sure, but I don't see any way to tell samhain "these files right
here have changed; trust the new values".  I only see "accept
everything".

-Robin

On Wed, Jun 08, 2011 at 02:11:34AM -0400, vagn scott wrote:
> |Does this help?
> 
> dpkg -L PACKAGENAME
> |
> 
> 
> 
> On 06/08/2011 01:44 AM, Robin Lee Powell wrote:
> >(zombie thread raaaaar!)
> >
> >Where this comes up for me is when I have packages set to "latest".
> >There's not really any way, I don't think, to integrate samhain into
> >this process (that is, to say "I just installed this package with
> >apt, so update those files").
> >
> >which is pretty unfortunate, really; that seems like a fairly basic
> >feature for something like samhain.  Something like "run this, and
> >update every file it touches cuz I'm OK with that".
> >
> >-Robin
> >
> >On Fri, Jan 08, 2010 at 09:06:13PM -0500, Trevor Vaughan wrote:
> >>-----BEGIN PGP SIGNED MESSAGE-----
> >>Hash: SHA1
> >>
> >>Vince,
> >>
> >>If you really want to do this, I would do the first scenario you
> >>describe with a few key points.
> >>
> >>1) Let puppet run
> >>2) Have an exec in puppet that runs a job in the background that does
> >>the following:
> >>   - Waits until all puppet instances have finished running
> >>   - Runs a samhain check against the system and e-mails/syslogs it to
> >>the admin
> >>   - Re-initializes the database.
> >>
> >>This way, you're sure that puppet is done running and you get a copy of
> >>the last 'change' state of the system in case someone has planted
> >>something since the last run.
> >>
> >>Basically, you're effectively defeating a great deal of the purpose of
> >>samhain, which is to protect against unknown changes.  If you
> >>automatically reinitialize the database, then you run the high risk of
> >>someone being able to plant something during the next initialization.
> >>
> >>You also are going to be putting a heavy load on your system on a fairly
> >>regular basis.
> >>
> >>What I would instead suggest is to only use samhain to monitor those
> >>items that Puppet is not already watching.  Puppet will, of course,
> >>change any file to its proper state, so having samhain watch it as well
> >>is redundant effort on the part of your system.
> >>
> >>You may, however, have perfectly good reasons for doing it this way.
> >>
> >>If you're using a Linux or Solaris system, you may also want to look at
> >>the built in auditing subsystems and/or inotify for real-time
> >>notification functionality.
> >>
> >>Trevor
> >>
> >>On 01/08/2010 04:41 PM, Vince wrote:
> >>>We just starting using samhain on our servers.
> >>>
> >>>Since updates to our puppet manifests tend to change files on the
> >>>system that samhain monitors, I'm looking for a good way to
> >>>reinitialize the samhain database whenever puppet changes something on
> >>>the system to reduce notifications that samhain produces. I'm
> >>>wondering if anyone has an elegant way of dealing with this.
> >>>
> >>>Ideally we do something like this:
> >>>
> >>>1. let puppet run
> >>>2. if any files changed during the puppet run, then puppet will
> >>>automatically reinitialize samhain
> >>>
> >>>or even if we can do something like this it would be fine:
> >>>
> >>>1. have puppet disable samhain before it processes its manifests
> >>>2. apply manifest changes
> >>>3. reinitialize the samhain database
> >>>4. enable samhain
> >>>
> >>>Any suggestions would be very helpful.
> >>>
> >>>Thanks.
> >>>
> >>- -- Trevor Vaughan
> >>  Vice President, Onyx Point, Inc.
> >>  email: tvaug...@onyxpoint.com
> >>  phone: 410-541-ONYX (6699)
> >>
> >>- -- This account not approved for unencrypted sensitive information --
> >>-----BEGIN PGP SIGNATURE-----
> >>Version: GnuPG v1.4.9 (GNU/Linux)
> >>
> >>iEYEARECAAYFAktH5JEACgkQyWMIJmxwHpTUQQCgrGD90YQcMiUV7SbsrNNIrY7h
> >>884An0f6XKVrqGKnXKVkWfoFwBPbtQfC
> >>=wp0h
> >>-----END PGP SIGNATURE-----
> >>-- 
> >>You received this message because you are subscribed to the Google Groups 
> >>"Puppet Users" group.
> >>To post to this group, send email to puppet-users@googlegroups.com.
> >>To unsubscribe from this group, send email to 
> >>puppet-users+unsubscr...@googlegroups.com.
> >>For more options, visit this group at 
> >>http://groups.google.com/group/puppet-users?hl=en.
> >>
> >>
> >
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
> 

-- 
http://singinst.org/ :  Our last, best hope for a fantastic future.
Lojban (http://www.lojban.org/): The language in which "this parrot
is dead" is "ti poi spitaki cu morsi", but "this sentence is false"
is "na nei".   My personal page: http://www.digitalkingdom.org/rlp/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to