[Aide] large installations of AIDE?

[Ben Hartshorne]

Hi,

I'm thinking through what it would take to manage a large installation of
AIDE (thousands of machines), and am wondering if there are some
whitepapers, blog posts, transcripts, recollections, or other musings from
some who have done this before.  Managing the AIDE configuration files
themselves will be relatively easy using our existing configuration
management system; I'm much more interested in how to collect, analyze,
process, and act upon the information AIDE generates about each system.
It's obviously trivial to overwhelm myself with data about each system,
especially if I don't do a good job of describing the expected changes in
the system ahead of time, but there are likely many more caveats I'd love to
hear about from one who's been there.

Ideally, I'm looking for a method of aggregating the reports from each host,
so that I may
* get reports of which hosts are not conforming to spec
* create rules about specific subsets of hosts that are allowed to be out of
spec in certain ways
* act upon those reports in an automated way (for example, email a product
owner or (in the extreme) automatically trigger a remote power off for hosts
that violate some very specific rules)


Does anybody out there have some good links I should read?

Thanks,

-ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.cs.tut.fi/pipermail/aide/attachments/20110404/abacdc70/attachment.html