How Configuration Management supports Systems Security

Published: 2008-05-04
Last Updated: 2008-05-04 23:31:20 UTC
by David Goldsmith (Version: 1)
1 comment(s)

How do you know if what is in various configuration files is what is supposed to be there?  Did a hacker break-in and add some entries?  Did a system administrator accidentally change a file?  Did a security administrator make a mistake when modifying multiple lines in a firewall policy?  And how do you easily restore what should be there?

File integrity analysis tools, like Aide, Samhain and Tripwire can be configured to let you know that a file has changed but they don't correct the change.

Version control systems, like RCS, CVS and SVN, give you the ability to see when changes where made to a file and what changes were made at those times.  You can easily rollback to a prior version of a file if needed.

System configuration automation tools like cfengine and Puppet allow you to define configurations for specific servers, or classes of servers, and ensure that the related software and configuration files exist on the servers and are the correct versions.  If someone edits a configuration file manually on one of the servers and changes it from the expected contents, cfengine and puppet can detect the change and restore the correct file contents from an associated version control system repository.

We use Kickstart to build all our new Linux servers, quickly and repeatedly with our standard minimal footprint and then we use Puppet to  install the specific software required for that server, be it a web server, database server, VPN gateway, or other.

The tools listed above are predominantly for Linux servers, and most are open-source; this happens to be the environment that I work in and am most familiar with.

What are other version control systems or system configuration automation tools that you use in your environments?  Send in answers and I'll update this diary with people's responses.

David Goldsmith
SANS / ISC Handler

Keywords:
1 comment(s)

Comments

cwqwqwq
eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>
WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]
dwqqqwqwq mashood
[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)
[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]
What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/

Diary Archives