Kompost : how to work with integrit
integrit, a "file verification system", is/will be monitoring our vservers and the host system.
How do we work with this ?
First, please have a look to
integrit's website, especially to the
brief introduction and
brief howto ; please, really, take 5 minutes to get these basic concepts/knowledge. Otherwise, you won't understand (or understand in a bad way) neither my email, nor its purpose, nor how to work with integrit without discarding all the added security.
A real-world scenario, now
1. You work on, say, lombric (the rsync vserver). You apt-get stuff, edit config files.
2. A couple hours after, integrit is launched by kompost's
/etc/cron.daily/integrit :
- it compares the old
/var/lib/integrit/lombric/known.cdb with the current filesystem state, and sends us a report
- it generates a new
/var/lib/integrit/lombric/current.cdb
3. You receive by email a report speaking of the stuff you've edited.
4. You carefully read this report, checking it only contains changes you've made yourself.
5. If it's ok, you can overwrite lombric's
known.cdb with the newly generated
current.cdb.
5 bis. If it's not ok... things get more complicated :
- either the changes are "normal" changes, and they should be ignored by integrit ; this implies to understand deeply the config file's syntax, as explained in the relevant chapter of integrit's documentation
- or another of us has worked on this vserver too ; the Changelog / metche reports should tell you if it's the case.
- or lombric might be compromised.
I hope this will get clearer with practice
to top
