[Freedombox-discuss] Chef and Puppet experts?

Nick Daly nick.m.daly at gmail.com
Thu Sep 15 13:52:04 UTC 2011

On Thu, Sep 15, 2011 at 6:47 AM,
<FreedomBox-Discuss.NeoPhyte_Rep at ordinaryamerican.net> wrote:
> Preseeding seems to work for configuring an initial installation and
> reconfiguring after a reasonable attempt to upgrade automagically, but
> what is/are the tool(s) for monitoring the stability of the system and
> for working the recovery from an identified attack?  Does Debian
> implement a Trusted Computing Base (TCB) or something similar?  (I
> understand the TCB to be a checksum type approach on verifying the
> stability of a core set of operating system files.)

Try taking a read through the "System Preconfiguration" section of my
PlugServer setup [0].  It lists the bare minimum you should consider
to be able to detect (alerting you to the need to recover from)
attacks or accidents.  Using a configuration tool (Puppet/Chef) as an
intrusion detection tool seems like tool misuse.  How do P/C support
intrusion detection/file modification alerts?

Helpfully, the Debian-specific tools are also less likely to register
intrusion-detection false-positives for files that can be changed
through normal system use.  While you could configure Tripwire (or
P/C?) to monitor ``/var/log``, you wouldn't want to.


0: https://bitbucket.org/nickdaly/plugserver

More information about the Freedombox-discuss mailing list