JP Vossen on 30 Mar 2008 13:35:45 -0700 |
> Date: Sat, 29 Mar 2008 22:07:36 -0400 > From: "Mag Gam" <magawake@gmail.com> > Subject: Re: [PLUG] Compare servers > > Thanks for the response Dan. Yes, cluster as HA. I want to compare things > such as passwd, groups, network settings, etc..etc.. Tripwire (or better yet, other, new clones) are a Good Idea in general, but may be overkill for this purpose. Here are several possible solutions. _Classic Shell Scripting_ (http://www.oreilly.com/catalog/shellsrptg/) "8.2 Automating Software Builds" pages 192-222 has an *excellent* treatment of this issue, albeit from the slightly different perspective of automating software builds on multiple machines. See ./sh/build-all.sh in http://examples.oreilly.com/shellsrptg/css-2005-06-11.zip. http://www.stearns.org/fanout/ Run commands on remote machines simultaneously http://sourceforge.net/projects/clusterssh/ ClusterSSH controls a number of xterm windows via a single graphical console window to allow commands to be interactively run on multiple servers over an ssh connection. http://www.linux.com/articles/52131 Execute commands simultaneously on multiple servers (excerpted from Linux Server Hacks, Volume Two) http://expect.nist.gov/example/multixterm.man.html multixterm - drive multiple xterms separately or together OR, you could just roll your own using a trivial script with SSH. You'd need to set up SSH keys so the command could access the other machines without a password [1], then perhaps do something like: # ssh root@server1 'md5sum /etc/passwd /etc/group; netstat -rn' \ > /some/path/server1.new ffbf549c354e2ca10077424946594683 /etc/passwd 8a536258fb9edcd2d9d0b6a1f59c4851 /etc/group Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.99.1 0.0.0.0 UG 0 0 0 eth0 Add to the SSH command as needed. Then you can diff "server1.new" against "server1.old" or against some known/desired values, or whatever. Or possibly have some cron job on each machine that dumps the correct files and output--possibly with per machine tweaks as needed to normalize the data--someplace, then share it via NFS/http/SSH and analyze it on the master machine periodically. Lots of possibilities... :-) [1] The SSH book covers using SSH without a password, as do I in _bash Cookbook_ in "14.21 Using SSH without a Password" pages 308-216. I use the SSH Agent with the "keychain" script and SSH keys. It's tedious but not really difficult to set up and get working, but once you do it's pretty cool and about as secure as you're going to get right now. > Also, is tripwire actively being developed? IIRC, the free/open source version is not, though http://www.tripwire.com/products/enterprise/ost/compare.cfm is unclear on that point. As mentioned there are lots of newer clones: http://www.la-samhna.de/library/scanners.html File Integrity Checker comparison http://la-samhna.de/samhain/index.html Open Source file integrity checker and HIDS http://www.cs.tut.fi/~rammer/aide.html GNU Tripwire clone (UNIX only) http://integrit.sourceforge.net/ Simpler alternative to file integrity verification programs like tripwire and aide http://osiris.shmoo.com/ A Tripwire clone for Windows or Unix (w/ Windows installer) http://www.ossec.net/ OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection http://www.pedestalsoftware.com/ Security products, SCM/KSA superset, others. Cool! http://www.freeveracity.org/ DISCONTINUED. A FREE, client/server integrity checker Of related interest is this giant DB of hashes from "known" OS files: http://www.nsrl.nist.gov/ NIST National Software Reference Library (NSRL) I'd love to see this used as part of a malware detection tool. I was toying with trying to write one in Perl, my my copious spare time (ha!) or for my next book. Good luck, JP ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| jp{at}jpsdomain{dot}org My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- "Microsoft Tax" = the additional hardware & yearly fees for the add-on software required to protect Windows from its own poorly designed and implemented self, while the overhead incidentally flattens Moore's Law. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|