On Fri, Oct 17, 2008 at 10:41 AM, Sean Carolan <scarolan at gmail.com> wrote: > We have several dozen production Linux servers and I would like to > have better control over what files are changed, by whom, when they > were changed, etc. Because these are all production servers that are > in use 24x7, we do not have the luxury of simply doing a clean build, > taking md5sums of each file, and then doing fresh installations. I > need a system that can take in-place snapshots of each server's > configuration files, store them in some kind of database or text file, > and notify me whenever something changes. > aide comes with CentOS 4/5 and does part of what you want by doing various checksums. Tripwire will also compile for those too. The issue will be that you will want to turn off prelinking and you will want to make sure that you have configured either program to watch those programs. You can add in audit on EL-5 with a policy setup (capp/niscom/customize) to watch those files and log who/what/when the program was changed by. However none of the programs stores originals of the config files etc as you are wanting. In that case, your best bet is to turn the problem around and have the config files you want on the servers, and push them out from a central box. Then have the audit programs see if something outside of your central management changed the program. > I've used tripwire in the past - do you have any other recommendations > for this type of project? > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice"