Darc - config file

Ted M Harapat ted.harapat at planetdiscover.com
Thu May 4 10:55:25 EDT 2006


Jacob,

I completely agree about not seeing positive email responses being a bad 
practice. Initially I thought it would be more convenient to try to cut 
back the amount of email reports I get each morning but I came to the 
same conclusion that you just brought up.

I'll probably end up filtering the ones that have "0 failed" and "0 
unchecked" to a temporary folder where I examine the mail each day 
before sending it to the final trash folder.

I can see people using it though. Especially the people who think 
security is more of a nuisance rather than a necessity and don't want to 
see anything about the subject if its not a problem.

-ted



jacob martinson wrote:
> Ted,
>
> I just put another version out there.  I didn't add code to make sure
> the local binaries are executable (there are a number of different
> binaries darc runs on the management system and I'm not in a position
> at the moment to make all the changes to check everywhere) but I did
> improve the error reporting so instead of getting the ambiguous
> message you saw earlier you'll see this:
>
> 'Error running aide in compare mode'
> nice: /usr/local/bin/aide: Permission denied
>
> or whatever the details are for the particular problem that was
> encountered.  I'm hoping that will at least reduce the amount of time
> it takes to track down the problem.  I thought that was how it worked
> before but I had made a mistake in my code that prevented the detailed
> errors from coming through.
>
> Also, I added a new option...  --only-email-failures
>
> This causes the email reports to only be sent if one or more hosts
> failed a check or was unable to be checked for some reason.  I didn't
> include that option initially because I think it could give the admin
> a false sense of security.  If he gets used to not seeing reports come
> in he won't know if something breaks that causes reporting to not work
> - like the mail server getting owned for instance.  But... to each his
> own... it wasn't difficult to add and you've been so much help I
> couldn't say no =)
>
> I also changed the name of the sample config from config.py to
> sample_config.py so you *should* be able to just unpack the binaries
> on top of the old ones to upgrade.
>
> Also, I changed the default recipient list so my gmail account isn't
> in there.  Thanks for that one =)
>
> -jacob



More information about the darc mailing list