Justin Mason <jm <at> jmason.org> writes: > On Mon, Mar 2, 2009 at 22:13, Roger Marquis <marquis <at> roble.com> wrote: > > David Morton wrote: > >>> > >>> As full time mail/systems admins we get invaluable data from > >>> tripwire/integrit, 'postconf -n', dconf, 'rpm -qa', 'dpkg -l \*', > >>> 'pkg_info -a', ... whose output is checked in to RCS daily. This provides > >>> a nice configuration snapshot and historical record but its real > >>> usefulness comes from rcsdiff piped into a daily report. > >> > >> That is the coolest idea I've heard today! And it's so obvious, yet easily > >> missed, I suppose. > >> > >> Do you have the whole thing scripted and automated? > > > > Yes and no. It is scripted but not packaged. Would probably take a few > > hours to complete. Wish I had the time to do it for free. > > > > OTOH, if you have scripting skills it's pretty straightforward. The only > > time consuming part is parsing the data down to just the essential elements > > and formatting it for easy reading. A few dozen iterations and voila. > > this is a pretty compelling idea!
You might get a leg up using NetBSD's /etc/security, one of the available daily audits -- there's a short routine in there for backing up and diffing. It pulls in /etc/rc.subr for some of the routines. In addition, it might be nice to have SA config output dividable between rules and other config. RSK
