(forgot to CC chef list)
On Thu, Sep 25, 2014 at 12:08 PM, DV < " target="_blank"> > wrote:
Daniel,
Indeed the file resource doesn't have a checksum, but I think that makes sense because when you use a file resource in Chef, you must also specify file contents right there in Chef. Only with remote_file resource the file contents come outside of Chef, so checksum applies here.
Here's what you can specify as remote_file's source:
>The location (URI) of the source file. This value may also specify HTTP (http://), FTP (ftp://), or local (file://) source file locations.
I haven't tested this out, but perhaps you can make the source and destination the same and add checksum like following:
remote_file "/etc/at.deny" dosource "file://etc/at.deny"checksum "12345abdcef.."end--
On Thu, Sep 25, 2014 at 11:45 AM, Daniel Gutierrez < " target="_blank"> > wrote:
Hello Chefs,
We are trying to migrate all of our Puppet security audit functionality to Chef,
however, we don't see an easy way to monitor file checksumsfor security audits. For example in Puppet this is easy with a line like:
file {"/etc/at.deny": mode=>"600", owner=>"root", group=>"root", checksum=>"
md5", audit=>all; }
Puppet will log the checksum of a file, and compare it on each subsequent run.
The Chef file resource has no checksum, or audit option similar to the Puppet file resource.I found some references to the "remote_file" resource but this seems geared toward
downloading files remotely, not auditing files in place.
Has anyone done something like this with Chef before?Any pointers would be greatly appreciated.
Regards,
Daniel
Best regards, Dmitriy V.
--
Best regards, Dmitriy V.
Archive powered by MHonArc 2.6.16.