Re: Change Management

[Valdis Kletnieks <Valdis.Kletnieks () VT EDU>]

On Thu, 03 Aug 2006 07:27:37 EDT, "Christoffersen, Mark John" said:

> I am investigating change management\auditing applications to be used
> against our servers.  We have a need to monitor all changes to our
> server and generate reports based on those changes.  Our initial
> investigation pointed us to TRIPWIRE.  We have demoed that product and
> are in the process of pricing.  I was wondering if others in this
> community are using this product or similar.  Opinions?  Suggestions?

Tripwire (or its follow-on produce AIDE) totally rocks for change *detection*.
It's a truly great way to find out that somebody tweaked a file.  However,
it's only one component of a change *management* system - it provides absolutely
no tracking of who did what *intended* changes, or provide backup copies, or
all the other things you need to manage it.

In addition, using Tripwire on a large actively modified directory tree
(such as your average webserver's HTML tree) is problematic, as it will tend
to throw a comment on every modified file - and telling Tripwire that a given
change is OK is problematic (for starters, it requires sysadmin intervention).

Attachment: _bin
Description: