help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

checksum hashes in CFengine

From: Pe5kyTac0
Subject: checksum hashes in CFengine
Date: Tue, 01 Feb 2005 21:51:22 -0800
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206) 
Hi All
I have a basic working configuration. But to make it better I would like to understand more about how cfengine is using crypto hashes. My configuration has a working cfservd serving up files and the files copy correctly across the network to a machine via it's cfagent.conf file. Hence I am not trying to troubleshoot a specific problem. I just want to make sure the design of my cfagent.conf file is designed correctly.
Q1: When using "copy:" we can specify the "type" of check as the criteria to update the file. In my case I choose "checksum". I noticed that it does not require a local Berkley database for this to work. From reading the tutorial it seems to state that it takes a hash of the file on the cfservd machine and the hash is compared with the hash of the file on the machine local to the cfagent.conf file. 
        Q1a: Is this correct?
        Q1b: If not, how does this work?
Q2: As per the cfengine reference, the (checksum|hash) is generated by MD5 for the "copy:" class. But the "file:" class can choose MD5 or SHA. 
So based on this, I have the following questions:
        Q2a: Which SHA hash does CFengine use? (SHA1, SHA256, etc.)?
        Q2b: If possible, how can the class "copy:" use a SHA hash?

Q3: I have not attempted "tripwire" like functions with the hashes yet.
I would like to do so.
        Q3a: Will I need to set the ChecksumDatabase in the "control:" section.
Q3b: Does cfengine generate the database or do I need to generate it? (I do the Berkley libs on my machine)
Q4: The CFenigne reference was not clear to me regarding the ability to centralize the ChecksumDatabase. I would like to have the hashes stored both locally and on the cfservd machine. Hence if the local machine was compromised, I can use the saved hashes from the cfservd machine for a 
starting point for forensics.
        Q4a: Can cfengine do this?
        Q4b: If so, how?
        Q4c: Any gotchas (beside the one about Alerts, see Q5)
Q5: The CFengine Reference states "Note that it is also possible to use a database file for cfservd's remote copying by checksum. If you use the same file for both purposes you risk losing warnings."
Q5a: Are you saying that the "copy:" class can also store hashes so if you wish to use it also for the "copy:" class generate a different database? 
        Q5b: If Q4a is true, is it also true for the "copy:" class?



--
Pe5ky Tac0
--------------
Yum, Fish Tacos !!
reply via email to
[Prev in Thread] Current Thread [Next in Thread]