[Aide] DARC - Distributed Aide Runtime Controller

[jacob martinson]

All,

A couple years ago I wrote a tool to automate aide monitoring in large
environments -

http://www.info234.com/~jmartinson/darc.html

I've used it in production environments, but I still consider it a
proof of concept and plan to reimplement it in python when I have
time.

Please let me know if you see any significant security issues with my
code or the process in general.

The process works like this:

- For each host being monitored, a platform-specific aide binary is
copied by sftp to the target host.  The filename can be made random if
you have a random text generator available on the management system.
- The aide binary is executed over ssh in "initialize" mode with the
configuration fed to aide's stdin.
- The resulting databases are written to aide's stdout and captured to
the filesystem of the management server, and the remote binaries are
deleted over sftp.
- Aide processes on the management system compare the new databases to
existing baselines and a single report is generated with output from
any "differences found" reports.

It's implemented in shell and is in a working, but crude state at this
point.  The python version will have the following improvements:

- easier configuration
- better error handling and reporting 
- pluggable/configurable alert methods
- "nicer" reporting, with summary/executive info at the top (# hosts
checked, # hosts with violations, # hosts we were unable to check b/c
of network or authentication problems, etc)
- better concurrency control for really large environments

Thanks!

Jacob Martinson