[CentOS] OT: Managing change control in servers, LDAP, firewalls and switches question

Michael Grinnell grinnell at american.edu
Fri Jan 23 17:26:58 UTC 2009

Les Mikesell wrote:
> Erick Perez wrote:
>> Currently we manage several switches,firewalls and MS LDAP and Centos
>> OpenLDAP installations.
>> We are looking for a "man in the middle" or "framework" to manage
>> change on our network devices and LDAP-based servers.

>> We are looking into a similar solution (Quest Software does not have
>> that for devices) to perform change and control on the routers,
>> switches and firewalls.
> There was a tool called pancho (http://www.pancho.org/) that claimed to 
> to do automated router and switch management, but it seems to no longer 
> be supported, and personally, I'd trust a person more than a script with 
> that sort of job.  On the other hand, maintaining backup copies of 
> configurations before/after changes is something very worthwhile and not 
> difficult for anything that has text based configurations.  Just make 
> sure that changes are copied back and committed to a central version 
> control system like cvs or svn (which you can wrap with viewvc for easy 
> display of history and changes).  A tool called rancid 
> (http://www.shrubbery.net/rancid/) will automate this for many routers, 
> switches and firewalls, and will also pick up any unexpected changes.

Rancid is a great tool, and has worked well for us as a configuration 
monitor and config repository.  Another new alternative that is similar 
is ZipTie, now called NetworkAuthority Inventory 
(http://inventory.alterpoint.com/).  For a pay solution, I believe 
SolarWinds has some products.

Michael Grinnell
Information Security Engineer
The American University

More information about the CentOS mailing list