On Sat, Aug 22, 2009 at 6:49 AM, Bill Campbell<centos at celestial.com> wrote: > I review daily reports from over 50 systems every morning, checking changes > found, usually taking no more than 10 minutes a day. The key is to keep > the reports simple, and to make updating easy (and to have procedures that > monitor systems to be sure they's still alive and reporting in). So how do you track the inevitable changes? Not saying you can't, just curious. For me, when I look at a batch of changes, some of them are obviously stuff I've done, other stuff not so obvious. I also filter reports through a script that sort of does a diff and makes an attempt to limit the boilerplate. Sometimes it is a bit too terse. > We create a file system initially, the same size as ``/'', and make a copy > of ``/'' in it identical except for the /etc/fstab entry. This is not > mounted in normal operations, but the system can be booted from it to get > to a clean system. Wow, elaborate. How do you protect this file system from intruders? Exterrnal and powerred off? Dave