Kompost : how to work with integrit

integrit, a "file verification system", is/will be monitoring our vservers and the host system.

How do we work with this ?

First, please have a look to integrit's website, especially to the brief introduction and brief howto ; please, really, take 5 minutes to get these basic concepts/knowledge. Otherwise, you won't understand (or understand in a bad way) neither my email, nor its purpose, nor how to work with integrit without discarding all the added security.

A real-world scenario, now smile

1. You work on, say, lombric (the rsync vserver). You apt-get stuff, edit config files.

2. A couple hours after, integrit is launched by kompost's /etc/cron.daily/integrit :
  • it compares the old /var/lib/integrit/lombric/known.cdb with the current filesystem state, and sends us a report
  • it generates a new /var/lib/integrit/lombric/current.cdb

3. You receive by email a report speaking of the stuff you've edited.

4. You carefully read this report, checking it only contains changes you've made yourself.

5. If it's ok, you can overwrite lombric's known.cdb with the newly generated current.cdb.

5 bis. If it's not ok... things get more complicated :
  • either the changes are "normal" changes, and they should be ignored by integrit ; this implies to understand deeply the config file's syntax, as explained in the relevant chapter of integrit's documentation
  • or another of us has worked on this vserver too ; the Changelog / metche reports should tell you if it's the case.
  • or lombric might be compromised.

I hope this will get clearer with practice smile
Topic revision: r1 - 30 Jun 2005, IntRigeri
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback