[Infrastructures] Change Audit Trail

[Kyle Moore]

This is a multi-part message in MIME format.
--------------040904050801040006060203
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

How do you maintain an audit trail with a system like ISConf, Radmind or 
Cfengine? I'm in a tightly audited environment and am going to implement 
Cobit for the company and, more specifically, ITIL for Service 
Management. Cornerstones of these three things are reporting to 
Executive Management and auditing agencies (FDIC, Banking Commission, 
SEC, NASD, SAS70).

In the research I have done to determine which system to use I don't see 
how ISConf, Radmin or Cfengine deal with producing reports detailing the 
actual change. We have a change management system that gives much of 
what we need but the other piece I need is a system-generated listing of 
what exactly changed on the system, who made the change, when was it 
made, etc. The only thing I can think of is to use Tripwire in addition 
to one of these tools to track the changes.

Commercial systems like Opsware, BladeLogic, BMC Marimba and IBM Tivoli 
  seem to offer full-blown configuration management databases that have 
prebuilt and custom reporting like I describe above.

Thanks for reading.

-- 
Kyle Moore


--------------040904050801040006060203
Content-Type: text/x-vcard; charset=utf-8;
 name="kmoore.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="kmoore.vcf"

begin:vcard
fn:Kyle Moore
n:Moore;Kyle
adr:;;5283 S Holland St;Littleton ;CO;80123;United States of America
email;internet:kmoore@mooreimages.com
tel;home:720-981-5977
x-mozilla-html:TRUE
url:http://www.mooreimages.com
version:2.1
end:vcard


--------------040904050801040006060203--