[Freedombox-discuss] Chef and Puppet experts?
Nick Daly
nick.m.daly at gmail.com
Thu Sep 15 13:52:04 UTC 2011
On Thu, Sep 15, 2011 at 6:47 AM,
<FreedomBox-Discuss.NeoPhyte_Rep at ordinaryamerican.net> wrote:
>
> Preseeding seems to work for configuring an initial installation and
> reconfiguring after a reasonable attempt to upgrade automagically, but
> what is/are the tool(s) for monitoring the stability of the system and
> for working the recovery from an identified attack? Does Debian
> implement a Trusted Computing Base (TCB) or something similar? (I
> understand the TCB to be a checksum type approach on verifying the
> stability of a core set of operating system files.)
Try taking a read through the "System Preconfiguration" section of my
PlugServer setup [0]. It lists the bare minimum you should consider
to be able to detect (alerting you to the need to recover from)
attacks or accidents. Using a configuration tool (Puppet/Chef) as an
intrusion detection tool seems like tool misuse. How do P/C support
intrusion detection/file modification alerts?
Helpfully, the Debian-specific tools are also less likely to register
intrusion-detection false-positives for files that can be changed
through normal system use. While you could configure Tripwire (or
P/C?) to monitor ``/var/log``, you wouldn't want to.
Nick
0: https://bitbucket.org/nickdaly/plugserver
More information about the Freedombox-discuss
mailing list