[Aide] DARC - Distributed Aide Runtime Controller
jacob martinson
martinson.jacob at gmail.com
Thu May 26 20:53:19 EEST 2005
All,
A couple years ago I wrote a tool to automate aide monitoring in large
environments -
http://www.info234.com/~jmartinson/darc.html
I've used it in production environments, but I still consider it a
proof of concept and plan to reimplement it in python when I have
time.
Please let me know if you see any significant security issues with my
code or the process in general.
The process works like this:
- For each host being monitored, a platform-specific aide binary is
copied by sftp to the target host. The filename can be made random if
you have a random text generator available on the management system.
- The aide binary is executed over ssh in "initialize" mode with the
configuration fed to aide's stdin.
- The resulting databases are written to aide's stdout and captured to
the filesystem of the management server, and the remote binaries are
deleted over sftp.
- Aide processes on the management system compare the new databases to
existing baselines and a single report is generated with output from
any "differences found" reports.
It's implemented in shell and is in a working, but crude state at this
point. The python version will have the following improvements:
- easier configuration
- better error handling and reporting
- pluggable/configurable alert methods
- "nicer" reporting, with summary/executive info at the top (# hosts
checked, # hosts with violations, # hosts we were unable to check b/c
of network or authentication problems, etc)
- better concurrency control for really large environments
Thanks!
Jacob Martinson
More information about the Aide
mailing list