Educause Security Discussion mailing list archives
Re: Change Management
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 3 Aug 2006 10:31:57 -0400
On Thu, 03 Aug 2006 07:27:37 EDT, "Christoffersen, Mark John" said:
I am investigating change management\auditing applications to be used against our servers. We have a need to monitor all changes to our server and generate reports based on those changes. Our initial investigation pointed us to TRIPWIRE. We have demoed that product and are in the process of pricing. I was wondering if others in this community are using this product or similar. Opinions? Suggestions?
Tripwire (or its follow-on produce AIDE) totally rocks for change *detection*. It's a truly great way to find out that somebody tweaked a file. However, it's only one component of a change *management* system - it provides absolutely no tracking of who did what *intended* changes, or provide backup copies, or all the other things you need to manage it. In addition, using Tripwire on a large actively modified directory tree (such as your average webserver's HTML tree) is problematic, as it will tend to throw a comment on every modified file - and telling Tripwire that a given change is OK is problematic (for starters, it requires sysadmin intervention).
Attachment:
_bin
Description:
Current thread:
- Change Management Christoffersen, Mark John (Aug 03)
- <Possible follow-ups>
- Re: Change Management Lopez, Diego (District) (Aug 03)
- Re: Change Management Valdis Kletnieks (Aug 03)