Article on Cfengine

I'm researching issues relating to administrating dozens or hundreds of similarly configured FreeBSD systems. I think I will try to use Cfengine to enforce configuration management. Kirk Bauer just wrote a Linux Journal article on Cfengine, which appears in the ports tree as sysutils/cfengine2.

I'm looking at using Nagios to gather system status and Samhain for file integrity. I'll probably centralize log collection with syslog-ng. I'd like to use binary updates installed from my own update server. I may place various server applications within jails. I'm also keeping an eye on the FreeBSD port of systrace.

For remote access I'd like the systems to be equipped with something like the PC Weasel 2000 to send BIOS data to a serial port. I'm also thinking about having a modem for emergency dial-in access. Remotely power cycling the box is a last resort, but a device like this from WTI could save a drive or flight to a remote location. This box would need to work with a good external modem, perhaps like this or this from US Robotics.

I've been playing with 5.2.1 a little and trying to determine the best filesystem layout for a sensor. I think I will use the following. It assumes a 8 GB (8191 MB) hard drive with 256 MB RAM. I installed the "developer" and ports collections, plus the Linux ABI, bash, lynx, and portupgrade. This is my "base OS" install.

Slice Size MB Used
----- ------- ----

/ 256 35 MB
swap 512 --
/usr 3456 925 MB
/var 512 214 KB
/var/db 1024 1.1 MB
/nsm 2048 4 KB
/tmp 383 6 KB

I use /var for system logs and /var/db for database files. I don't include a separate /home because this system will not have general users. /nsm contains network security monitoring data like pcap files and session logs.

Comments

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics