[chef] Auditing file checksums


Chronological Thread 
  • From: Daniel Gutierrez < >
  • To: " " < >
  • Subject: [chef] Auditing file checksums
  • Date: Thu, 25 Sep 2014 11:45:45 -0700

Hello Chefs,

We are trying to migrate all of our Puppet security audit functionality to Chef,
however, we don't see an easy way to monitor file checksums
for security audits. For example in Puppet this is easy with a line like:

file {"/etc/at.deny": mode=>"600", owner=>"root", group=>"root", checksum=>"
md5", audit=>all; }

Puppet will log the checksum of a file, and compare it on each subsequent run.
The Chef file resource has no checksum, or audit option similar to the Puppet file resource.
I found some references to the "remote_file" resource but this seems geared toward
downloading files remotely, not auditing files in place.

Has anyone done something like this with Chef before?
Any pointers would be greatly appreciated.

Regards,

Daniel



Archive powered by MHonArc 2.6.16.

§