[Infrastructures] Tripwire
Wesley Craig
wes@umich.edu
Mon, 25 Jul 2005 10:28:55 -0400
On 25 Jul 2005, at 10:15, Tillman Hodgson wrote:
> Tripwire examines an installed system and monitors filesystem changes.
> That's it. It won't tell you if the configuration is correct for that
> host, it'll only tell you if it's changed recently. It runs
> according to
> a schedule and checks your chosen objects on that schedule. It's
> fairly
> heavyweight, especially when checking all filesystem objects --
> that's a
> lot of disk churn and checksum generation. It's useful as an
> filesystem-level IDS and very useful as part of your change control
> process.
>
> Conversely, cfengine is a tool that will configure your hosts to match
> the description. The filesystems likely won't exactly match across
> identically configured hosts (inodes will likely be different for a
> given file, for example) but the effects of the configuration
> should be
> identical across hosts. It generally does anything only when
> changes are
> needed and is relatively lightweight since it only needs to touch a
> small number of described files.
This tool:
http://radmind.org
is very much like a combination of Tripwire & cfengine, in the sense
that it will both tell you that something has changed *and* will
configure your hosts to match a centrally managed description.
:wes