Re: [Integrit-users] Re: integrit
Brought to you by:
ecashin
Menu
▾
▴
Re: [Integrit-users] Re: integrit
|
From: <lie...@pa...> - 2001-03-15 17:55:59
|
I would prefer multiple configs myself... On 14 Mar 2001, Ed L Cashin wrote: > (Cc'ed to the integrit-users mailing list. To join, see: > http://sourceforge.net/mail/?group_id=15369) > > "Cott Lang" <co...@in...> writes: > > > First let me say - excellent program. :) I've been wanting an open source > > Tripwire like program for a while, but don't have much free time to > > implement one. Integrit works great! > > Thank you very much for the input. :) > > > I have only one suggestion. > > > > I maintain large farms of servers... and to me, unless I'm missing > > something, there's one major shortcoming. That's specifying the database > > names INSIDE the config file. That way, you just use the same config file > > for every machine in a 20 machine farm with separate databases. If there > > was just some way to specify > > known and current databases on the command line instead of the config file, > > this would work perfectly. :) > > > > Please tell me if I'm an idiot and am missing a way of making this work in > > the current rev... :) > > No, you are correct, if you mean that because each host must read from > its own database then each host must have a separate configuration > file. > > This was a concious trade off between complex convenience and > simplicity. The current solution is, as you guessed, to have twenty > configuration files -- looks messy but is trivial to generate with > UN*X tools like sed, awk, perl, sh, etc. > > What do the others think? Is it worth making the command-line options > more complex in order to accomodate cases like this where the > configuration would be identical save the database specifications? > > My initial reaction is always conservative, since the two main design > goals are simplicity and a small memory footprint, and since UN*X > tools can provide the flexibility that might otherwise be achieved by > making integrit more complex. > > The assumption is that the simplicity will naturally lead to > convenience, since integrit is a new tool to learn, but users will > already know perl, Bourne shell, or awk ... that's my first reaction, > but just thinking ... > > /mnt/secsrv/integrit -C /mnt/secsrv/general.conf \ > -k /mnt/secsrv/known-`hostname`.cdb \ > -n /root/current.cdb > > ... since "-c" is already taken, the "-n" (for "new") option would > specify the location of the current-state database. > > That's eight command-line options total. Databases would be required > in config files only if not listed on the command line. Command line > database options would override config file database specifications. > > With that many command-line options, long-style options might be > necessary. > > -- > --Ed Cashin PGP public key: > ec...@te... http://www.terry.uga.edu/~ecashin/pgp/ > > > _______________________________________________ > Integrit-users mailing list > Int...@li... > http://lists.sourceforge.net/lists/listinfo/integrit-users > |
