Auditing file checksums


#1

Hello Chefs,

We are trying to migrate all of our Puppet security audit functionality to Chef,

however, we don’t see an easy way to monitor file checksums
for security audits. For example in Puppet this is easy with a line like:

file {"/etc/at.deny": mode=>“600”, owner=>“root”, group=>“root”, checksum=>“
md5”, audit=>all; }

Puppet will log the checksum of a file, and compare it on each subsequent run.

The Chef file resource has no checksum, or audit option similar to the Puppet file resource.
I found some references to the “remote_file” resource but this seems geared toward

downloading files remotely, not auditing files in place.

Has anyone done something like this with Chef before?
Any pointers would be greatly appreciated.

Regards,

Daniel


#2

On Sep 25, 2014, at 11:45 AM, Daniel Gutierrez daniel_gutierrez_99@yahoo.com wrote:

Hello Chefs,

We are trying to migrate all of our Puppet security audit functionality to Chef,
however, we don’t see an easy way to monitor file checksums
for security audits. For example in Puppet this is easy with a line like:

file {"/etc/at.deny": mode=>“600”, owner=>“root”, group=>“root”, checksum=>“
md5”, audit=>all; }

Puppet will log the checksum of a file, and compare it on each subsequent run.
The Chef file resource has no checksum, or audit option similar to the Puppet file resource.
I found some references to the “remote_file” resource but this seems geared toward
downloading files remotely, not auditing files in place.

Has anyone done something like this with Chef before?
Any pointers would be greatly appreciated.

What is the advantage of this over just having Chef manage the file contents? If you are looking for a file integrity manager, you can use Chef to deploy something like Tripwire, OSSSec, or Samhain.

–Noah