Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

config status

  

 
SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


rsk-gmane at misinformation

Feb 26, 2009, 8:12 AM

Post #1 of 16 (4831 views)
Permalink
config status
Is there a feature like PostFix's `postconf` to display the currently parsed and
calculated config?

If not, how do I submit a feature request?

Thanks,

RSK


guenther at rudersport

Feb 26, 2009, 11:09 AM

Post #2 of 16 (4717 views)
Permalink
Re: config status [In reply to]
On Thu, 2009-02-26 at 16:12 +0000, Ray wrote:
> Is there a feature like PostFix's `postconf` to display the currently parsed and
> calculated config?

That pretty much equals your local.cf, no? The non-default settings,
similar to postconf -n, that is. For the complete picture including all
default settings, base that off of 10_default_prefs.cf.


> If not, how do I submit a feature request?

There is no such SA tool. Why would you need one?

Also, keep in mind, that users are allowed to change certain settings in
their user_prefs, and thus the results are likely to not reflect the
actual settings used for the user anyway.


--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}


mkettler_sa at verizon

Feb 26, 2009, 4:25 PM

Post #3 of 16 (4692 views)
Permalink
Re: config status [In reply to]
Karsten Bräckelmann wrote:
> On Thu, 2009-02-26 at 16:12 +0000, Ray wrote:
>
>> Is there a feature like PostFix's `postconf` to display the currently parsed and
>> calculated config?
>>
>
> That pretty much equals your local.cf, no? The non-default settings,
> similar to postconf -n, that is. For the complete picture including all
> default settings, base that off of 10_default_prefs.cf.
>
Well, that doesn't cover all your rules, etc.

However, a complete parsed config would be huge (several megs of output,
possibly tens of megs), as it would contain all the rules etc.

I don't think such a complete parsed config would end up being human
readable due to its volume.
>
>
>> If not, how do I submit a feature request?
>>
>
> There is no such SA tool. Why would you need one?
>
Well there is a tool for submitting a feature request at least. That's
the "bugs" link off the main website.


me at junc

Feb 28, 2009, 7:28 AM

Post #4 of 16 (4693 views)
Permalink
Re: config status [In reply to]
On Thu, February 26, 2009 17:12, Ray wrote:
> Is there a feature like PostFix's `postconf` to display the
> currently parsed and calculated config?

spamassassin -D --lint

> If not, how do I submit a feature request?

if needed

--
http://localhost/ 100% uptime and 100% mirrored :)


rsk-gmane at misinformation

Feb 28, 2009, 1:02 PM

Post #5 of 16 (4689 views)
Permalink
Re: config status [In reply to]
Karsten Bräckelmann <guenther <at> rudersport.de> writes:

> On Thu, 2009-02-26 at 16:12 +0000, Ray wrote:
> > Is there a feature like PostFix's `postconf` to display the currently parsed
> > and calculated config?
>
> That pretty much equals your local.cf, no?

No, the currently effective config is not equal to my local.cf (even for
postconf -n equivalency) because, as you say, users can change their user_prefs.

So we're lead to "Isn't that your local.cf plus your user_prefs?" Well, not
just local.cf, IIUC, but potentially any of the 47 files in my hosting
provider's /usr/share/spamassassin and /etc/mail/spamassassin dirs (or any
others if they happen to have configured such), plus my user_prefs file
(_except_ any items which are prohibited from being overridden (except the
privileged settings which are actually allowed by allow_user_rules (except those
privileged settings which are actually "administrator" privileged settings which
cannot be allowed via allow_user_rules))), but minus misspellings and possibly
minus rules following misspellings in any of the config files.

Have I missed anything? _I don't know._

If manual parsing is really the way to know for sure what my effective SA config
is, is this the procedure I need?

* determine all site-wide SA config dirs
* locate hosting provider's config dirs, manually parse four dozen files
- perhaps know any config item interdependencies
- understand the impact of config aberrations like misspellings
* modulo this result with my user_prefs file
- know which config items cannot be overriden

That looks pretty ugly, but theoretically it's not so bad. Except the
open-ended search to learn the distinct parts when coming new to SA. There's
lots of very good documentation, but it's fragmented. Meaning, if I want to
know for sure exactly what results in the effective config, do I consult the
POD? Or maybe the POD and the man pages, and perhaps a particular wiki article
and that's it, period.

You come upon another party's camp in the icy wastes and chase off the raiders.
With moderate effort you find two people strewn among the wreckage, and with a
little more you find a third, and you bring them all back to your base camp.
But if you'd looked a little harder you would have found another.

I imagine just about every SA admin here has played out the scenario repeatedly
and knows the locations of the bodies. "Come on, there are only four." Heck,
even though I didn't install the SA here and I'm coming at this as a total noob
I may already have all the critical details I need. But how am I to know that?
This is what I mean by open-ended.

Maybe there are no noob SA admins, so maybe the postconf-reveals-all-the-bodies
desire I have is weird and just a byproduct my unusually ignorant perspective?
That feels very unlikely, but I'm keeping an open mind about it.

Maybe my being a "user" versus a site-wide administrator is the atypical thing
here?

RSK


martin at gregorie

Feb 28, 2009, 1:35 PM

Post #6 of 16 (4703 views)
Permalink
Re: config status [In reply to]
On Sat, 2009-02-28 at 21:02 +0000, Ray wrote:
> Karsten Bräckelmann <guenther <at> rudersport.de> writes:
>
> > On Thu, 2009-02-26 at 16:12 +0000, Ray wrote:
> > > Is there a feature like PostFix's `postconf` to display the currently parsed
> > > and calculated config?
> >
> > That pretty much equals your local.cf, no?
>
> No, the currently effective config is not equal to my local.cf (even for
> postconf -n equivalency) because, as you say, users can change their user_prefs.
>
Bystander's and sometime sysadmin's comment:

I can see a use for a 'postconf -n' equivalent in larger installations
which permit users to change their own prefs. This hypothetical tool
would be run in the user's login environment to report his SA
environment, i.e. the parameters and local rules in force after
configuration changes set by files in /etc/mail/spamassassin have been
overrridden by the content of files in the user's .spamassassin
directory.

Asking a user to run the tool and mail its output to the mail admin may
often be faster and more accurate than visiting said user or phoning him
to get this information. The support time saved may well make writing
the tool worthwhile.


Martin


guenther at rudersport

Feb 28, 2009, 1:58 PM

Post #7 of 16 (4682 views)
Permalink
Re: config status [In reply to]
> > That pretty much equals your local.cf, no?
>
> No, the currently effective config is not equal to my local.cf (even for
> postconf -n equivalency) because, as you say, users can change their user_prefs.
>
> So we're lead to "Isn't that your local.cf plus your user_prefs?" Well, not
> just local.cf, IIUC, but potentially any of the 47 files in my hosting
> provider's /usr/share/spamassassin and /etc/mail/spamassassin dirs (or any

Aah... no. :) The stuff in /usr/share/spamassassin (granted, plus
the .pre files) is exactly the *base*. Stock SA. No user-servicable
parts inside. This dir won't even be used, after an sa-update.

Frankly, there are some important differences between SA and postfix
"configuration". Just to start the list, not exhaustive:

'postconf' without the handy -n switch dumps about 500 lines. The
equivalent dump for SA including the rules is about 6000 lines. And
that's a plain dump, *without* following and unfolding meta rules or
anything.

Also, frankly, I don't think SA rules are really the same as settings.


There are exactly two (sensible) possible places for custom configu-
ration. /etc/mail/spamassassin and the user_prefs, if any.


> others if they happen to have configured such), plus my user_prefs file
> (_except_ any items which are prohibited from being overridden (except the
> privileged settings which are actually allowed by allow_user_rules (except those
> privileged settings which are actually "administrator" privileged settings which
> cannot be allowed via allow_user_rules))), but minus misspellings and possibly
> minus rules following misspellings in any of the config files.

Hell, no! Assuming there are mis-spellings is inherently broken. Do
lint check your configuration after *any* change. No complaints, no
mis-spellings.


> [...] Meaning, if I want to
> know for sure exactly what results in the effective config, do I consult the
> POD? Or maybe the POD and the man pages, and perhaps a particular wiki article
> and that's it, period.

POD == man pages.

Anyway, you're contradicting yourself. POD plus a single wiki page -- to
grok the FULL configuration? That's what you requested to be dumped by a
postconf-alike. Right, 6000 lines full of meta-rules and ghastly REs.
Understood after the tiny bit of lecture you mentioned? No way.


> I imagine just about every SA admin here has played out the scenario repeatedly
> and knows the locations of the bodies. "Come on, there are only four." Heck,
> even though I didn't install the SA here and I'm coming at this as a total noob
> I may already have all the critical details I need. But how am I to know that?
> This is what I mean by open-ended.

As a "noob", you aren't interested in the full postconf dump, are you?
You want your custom settings, -n...

I guess you're approaching this from the wrong end. It's almost like you
don't trust the default config. The first thing for a new user after
installing any application (and ensuring it works) is to customize it.
Not to dissect and anatomize its deepest innards.


Maybe you should try to ask specific questions, and explain what you
want to accomplish.


--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}


rsk-gmane at misinformation

Feb 28, 2009, 5:24 PM

Post #8 of 16 (4690 views)
Permalink
Re: config status; rewrite_header not taking [In reply to]
Karsten Bräckelmann <guenther <at> rudersport.de> writes:

> > just local.cf, IIUC, but potentially any of the 47 files in my hosting
> > provider's /usr/share/spamassassin and /etc/mail/spamassassin dirs (or any
>
> Aah... no. :) The stuff in /usr/share/spamassassin (granted, plus the .pre
> files) is exactly the *base*. Stock SA. No user-servicable parts inside. This
> dir won't even be used, after an sa-update.

Ah, okay, that's good to learn, thanks. That's not a detail I found out from
the docs (but I should have understood it from the directory hierarchy).

> Frankly, there are some important differences between SA and postfix
> "configuration". Just to start the list, not exhaustive:
>
> 'postconf' without the handy -n switch dumps about 500 lines. The
> equivalent dump for SA including the rules is about 6000 lines. And
> that's a plain dump, *without* following and unfolding meta rules or
> anything.
>
> Also, frankly, I don't think SA rules are really the same as settings.

This is maybe one of the communication difficulties here. When I think "config"
I'm really thinking what you're calling "settings". At this point I'm not as
interested in the rules. (I haven't gotten past grokking the more fundamental
"config" of the system, which I feel I should understand before I move on to
rules.) Perhaps the confusion here arises from the fact that rule definition is
a subset of "proper" config? (I don't even know if this is the case for sure as
I haven't gotten to rules.)

> There are exactly two (sensible) possible places for custom configu-
> ration. /etc/mail/spamassassin and the user_prefs, if any.

I'm not assured a sensible installation when I am not the person who did the
installation. (Perhaps not even then.) But, again, good to learn this
information. Thank you. I note that so far this seems like orally-transmitted
folk knowledge more so than documented system nature.

> > others if they happen to have configured such), plus my user_prefs file
> > (_except_ any items which are prohibited from being overridden (except the
> > privileged settings which are actually allowed by allow_user_rules (except
> > those privileged settings which are actually "administrator" privileged
> > settings which cannot be allowed via allow_user_rules))), but minus
> > misspellings and possibly minus rules following misspellings in any of the
> > config files.
>
> Hell, no! Assuming there are mis-spellings is inherently broken. Do lint
> check your configuration after *any* change. No complaints, no mis-spellings.

I'm not sure I understand you here.

I think that assuming there are _no_ misspellings in someone else's site-wide
config is leaving a door open to problems. As you appear to indicate, lint
checking the config to validate it is very important. No complaints and I can
then assume that the effective config is not modulated by errors, which is a
good (yet additional) step toward knowing the effective config. I would be
sorely pressed to understand the implications of lint complaints that I couldn't
understand like:

[.> check: no loaded plugin implements 'check_main': cannot scan! at
[.> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 164.

The response here may be "that's not a lint message, and you can safely ignore
it". But my point is that I'm required to understand this to know its effect on
the config if I am manually parsing the config and don't have a tool to show the
effective config.

I'm not sure if I'm clear with where I've been going with all this. To know the
effective config I am having to search for more bodies. And the process appears
to be unbounded. Thankfully I have SA sherpas to help out, but I really didn't
want to bother you guys in the first place and I think that it would be nicer if
noobs like me didn't bother you guys. Not that I want to encourage surliness
and "RTFM!" from the natives, but an in-effect config printer might help, as it
might also help a lot of debugging.

> > [...] Meaning, if I want to know for sure exactly what results in the
> > effective config, do I consult the POD? Or maybe the POD and the man pages,
> > and perhaps a particular wiki article and that's it, period.
>
> POD == man pages.
>
> Anyway, you're contradicting yourself. POD plus a single wiki page -- to grok
> the FULL configuration? That's what you requested to be dumped by a
> postconf-alike. Right, 6000 lines full of meta-rules and ghastly REs.
> Understood after the tiny bit of lecture you mentioned? No way.

I imagine the full config with rules would be awful, yeah. But what about
config aside from rules? That's really what I'm talking about. (postconf
doesn't really output "rules".) Isn't there something of a semantic distinction
between "bayes_auto_learn" and "redirector_pattern"? I think the Conf POD page
gives one just about everything one needs to understand any non-rule config.

Don't folks ever want to list out non-rule configs? The response here may be
"if I change a config I can see the effects". What happens if you can't? Maybe
one never runs into a situation where the config one places in user_prefs fails
to go into effect exactly as intended?

> > I imagine just about every SA admin here has played out the scenario
> > repeatedly and knows the locations of the bodies. "Come on, there are only
> > four." Heck, even though I didn't install the SA here and I'm coming at
> > this as a total noob I may already have all the critical details I need.
> > But how am I to know that? This is what I mean by open-ended.
>
> As a "noob", you aren't interested in the full postconf dump, are you? You
> want your custom settings, -n...

Right. Either the non-rule settings, or the custom (non-default) settings.
Preferrably option for either.

> I guess you're approaching this from the wrong end. It's almost like you don't
> trust the default config. The first thing for a new user after installing any
> application (and ensuring it works) is to customize it. Not to dissect and
> anatomize its deepest innards.

Not "default config", site-wide config.

The Vim installation at this hosting provider is twitted so it can't syntax
highlight, among other problems. I take that and the above `spamassassin -D`
error message as signs that I ought not necessarily trust the SA config.

Together, the untrustworthiness of the site-wide config and the complexity and
folk knowledge required to parse out the effective config, combined with config
documentation syntax underspecification (I'll get to this in a moment) lead me
to wishing I had a simple way to check the effective config.

I'm not asking to dissect to deepest innards. If I could just say something
like `spamassassin --print-config rewrite_header`, that would do it.

> Maybe you should try to ask specific questions, and explain what you want to
> accomplish.

I maintain that a config printer (at least without rules) is a good idea, but
I'll stop trying to persuade about it.

One specific problem I'm having is that my user_prefs config for undoing the
site-wide rewrite_header does not appear to be working. How does a user stop SA
from rewriting the header? (Note that this effort is a step towards the goal of
preserving spam for later manually-directed `sa-learn` training.)

RSK


guenther at rudersport

Feb 28, 2009, 7:28 PM

Post #9 of 16 (4692 views)
Permalink
Re: config status; rewrite_header not taking [In reply to]
Skipping all the "print my config" stuff. Maybe tomorrow. For now,
there's more important things than custom config...


On Sun, 2009-03-01 at 01:24 +0000, Ray wrote:
> Karsten Bräckelmann <guenther <at> rudersport.de> writes:

> > > those privileged settings which are actually "administrator" privileged
> > > settings which cannot be allowed via allow_user_rules))), but minus
> > > misspellings and possibly minus rules following misspellings in any of the
> > > config files.
> >
> > Hell, no! Assuming there are mis-spellings is inherently broken. Do lint
> > check your configuration after *any* change. No complaints, no mis-spellings.
>
> I'm not sure I understand you here.

You must not assume or allow for mis-spelled configuration keywords or
otherwise illegal syntax. Just lint check. If it comes back clean, all
is good. If it doesn't, you NEED to fix it anyway.


> I think that assuming there are _no_ misspellings in someone else's site-wide
> config is leaving a door open to problems. As you appear to indicate, lint
> checking the config to validate it is very important.

Yes, you must exactly assume that. There are no site-wide mis-spellings.
And you can verify it easily.

> No complaints and I can
> then assume that the effective config is not modulated by errors, which is a
> good (yet additional) step toward knowing the effective config. I would be
> sorely pressed to understand the implications of lint complaints that I couldn't
> understand like:
>
> [.> check: no loaded plugin implements 'check_main': cannot scan! at
> [> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 164.

Ahem. Your SA is crippled. It does nothing. It can't. (And no, this is
not about a mis-spelling...)

At this point, back down and take a deep breath. By chasing a non-
functional rewrite_header setting, you are seriously barking up the
wrong tree. Don't care about that setting. Don't care about any such
setting. SA doesn't work -- this is what you need to check.

The above is supposed to be enabled by /etc/mail/spamassassin/v320.pre:
loadplugin Mail::SpamAssassin::Plugin::Check

A stock and most vital part. If it isn't, your install is seriously
broken. To stress this part again -- the stock, vanilla v320.pre ships
with that very line.

Unless you messed with these .pre files, removing loadplugin settings, I
suggest you go back to square one -- install SA properly. Which might
involve telling your hoster to do so.


FWIW, if that line exists, another explanation is a missing Perl module.
In either case it's about the equivalent of a missing .so in your
postfix analogy. postconf would be useless here...


> The response here may be "that's not a lint message, and you can safely ignore
> it". But my point is that I'm required to understand this to know its effect on
> the config if I am manually parsing the config and don't have a tool to show the
> effective config.

Nope, this is by far *worse* than a failing lint check.


> > I guess you're approaching this from the wrong end. It's almost like you don't
> > trust the default config. The first thing for a new user after installing any
> > application (and ensuring it works) is to customize it. Not to dissect and
> > anatomize its deepest innards.
>
> Not "default config", site-wide config.
>
> The Vim installation at this hosting provider is twitted so it can't syntax
> highlight, among other problems. I take that and the above `spamassassin -D`
> error message as signs that I ought not necessarily trust the SA config.
>
> Together, the untrustworthiness of the site-wide config and the complexity and
> folk knowledge required to parse out the effective config, combined with config
> documentation syntax underspecification (I'll get to this in a moment) lead me
> to wishing I had a simple way to check the effective config.

I don't know about general trustworthiness of site-wide config in your
case. The above is a gross failure. Which might just be a broken install
and simply needs to be fixed. Bad, but not necessarily affecting trust.
Trustworthiness is much more -- it involves not breaking or even
changing without knowledge. If you can't trust your system admin, switch
your system.


> One specific problem I'm having is that my user_prefs config for undoing the
> site-wide rewrite_header does not appear to be working. How does a user stop SA
> from rewriting the header? (Note that this effort is a step towards the goal of
> preserving spam for later manually-directed `sa-learn` training.)

It looks more like SA isn't doing anything, cause basically SA has never
been run on your system. See above.

First, install SA properly, and make it run. Then check back with the
custom settings again.


--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}


marquis at roble

Feb 28, 2009, 9:58 PM

Post #10 of 16 (4696 views)
Permalink
Re: config status [In reply to]
Karsten Bräckelmann wrote:
> 'postconf' without the handy -n switch dumps about 500 lines. The
> equivalent dump for SA including the rules is about 6000 lines. And
> that's a plain dump, *without* following and unfolding meta rules or
> anything.

Whether 6K or 60K would not necessarily make a difference to how I would
like to use an SA 'postconf -n' equivalent. That use is change management.
The intent is not in the full report itself but in its deltas.

As full time mail/systems admins we get invaluable data from
tripwire/integrit, 'postconf -n', dconf, 'rpm -qa', 'dpkg -l \*', 'pkg_info
-a', ... whose output is checked in to RCS daily. This provides a nice
configuration snapshot and historical record but its real usefulness comes
from rcsdiff piped into a daily report. These are (usually) relatively
concise, and IMO, absolutely essential for monitoring production Unix/Linux
systems.

Roger Marquis


rsk-gmane at misinformation

Feb 28, 2009, 10:03 PM

Post #11 of 16 (4687 views)
Permalink
Re: config status; rewrite_header not taking [In reply to]
Karsten Bräckelmann <guenther <at> rudersport.de> writes:

> You must not assume or allow for mis-spelled configuration keywords or
> otherwise illegal syntax. Just lint check. If it comes back clean, all
> is good. If it doesn't, you NEED to fix it anyway.

I don't have privs, and conceivably a misspelling isn't fatal.

The power is not mine to allow or deny misspellings in site-wide config.

> > I think that assuming there are _no_ misspellings in someone else's
> > site-wide config is leaving a door open to problems. As you appear to
> > indicate, lint checking the config to validate it is very important.
>
> Yes, you must exactly assume that. There are no site-wide mis-spellings. And
> you can verify it easily.

But it's not called "assuming" if you verify? I must be missing you here,
sorry. I would side with "you must verify" rather than "you must assume".

> > [> check: no loaded plugin implements 'check_main': cannot scan! at
> > [> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line
> > [> 164.
>
> Ahem. Your SA is crippled. It does nothing. It can't. (And no, this is
> not about a mis-spelling...)

I'm trying not to come across as unnecessarily contrary; please pardon me when I
say that you are wrong here. The SA installation works well enough to score and
judge (add X-Spam-Score, e.g.), and it's doing a pretty good job so far. It
even marks up subject lines in a way I don't like. It's pretty clear it's
operating.

It seems likely then that this config check error is from my account running
jailed. They've given me visibility to things like /usr/share/spamassasin, but
it's likely they haven't given me the entirety of what's driving the site-wide
SA. Since I'm not the user that spamd runs as, it's probably not critical to
give me access to all of this hosts's SA config.

(Querying for the in-effect config becomes especially important if the site-wide
config is in part hidden from my account. But it also becomes more complicated
-- IPC with spamd? I don't know how spamd is architected. Anyway, sorry, I
said I'd stop harping on this.)

I'll bypass the portion of your message predicated on SA not operating. Let me
know if there's anything in that I shouldn't bypass.

> I don't know about general trustworthiness of site-wide config in your case.
> The above is a gross failure. Which might just be a broken install and simply
> needs to be fixed. Bad, but not necessarily affecting trust. Trustworthiness
> is much more -- it involves not breaking or even changing without knowledge.
> If you can't trust your system admin, switch your system.

I feel I can trust the competence of the site admins to mostly run a pretty good
system. They've locked things down pretty hard, though. This is a difficulty,
but the validity of ... well, I wasn't going to talk about that. Anyway the
following topic still stands:

> > One specific problem I'm having is that my user_prefs config for undoing the
> > site-wide rewrite_header does not appear to be working. How does a user
> > stop SA from rewriting the header? (Note that this effort is a step towards
> > the goal of preserving spam for later manually-directed `sa-learn`
> > training.)

I _can_ in fact adjust required_score. Is there any reason I wouldn't be able
to adjust rewrite_header?

RSK


mortonda at dgrmm

Feb 28, 2009, 10:34 PM

Post #12 of 16 (4691 views)
Permalink
Re: config status [In reply to]
Roger Marquis wrote:

> As full time mail/systems admins we get invaluable data from
> tripwire/integrit, 'postconf -n', dconf, 'rpm -qa', 'dpkg -l \*',
> 'pkg_info
> -a', ... whose output is checked in to RCS daily. This provides a nice
> configuration snapshot and historical record but its real usefulness
> comes
> from rcsdiff piped into a daily report.

That is the coolest idea I've heard today! And it's so obvious, yet
easily missed, I suppose.

Do you have the whole thing scripted and automated?


kremels at kreme

Feb 28, 2009, 11:21 PM

Post #13 of 16 (4675 views)
Permalink
Re: config status [In reply to]
On 28-Feb-2009, at 23:34, David Morton wrote:
> Roger Marquis wrote:
>> As full time mail/systems admins we get invaluable data from
>> tripwire/integrit, 'postconf -n', dconf, 'rpm -qa', 'dpkg -l \*',
>> 'pkg_info
>> -a', ... whose output is checked in to RCS daily. This provides a
>> nice
>> configuration snapshot and historical record but its real usefulness
>> comes
>> from rcsdiff piped into a daily report.
>
> That is the coolest idea I've heard today! And it's so obvious, yet
> easily missed, I suppose.
>
> Do you have the whole thing scripted and automated?


Count me in onw wanting to know more about this, sounds like nerdvana :)

--
"Yes," said the skull. "Quit while you're a head, that's what I
say."


marquis at roble

Mar 2, 2009, 2:13 PM

Post #14 of 16 (4677 views)
Permalink
Re: config status [In reply to]
David Morton wrote:
>> As full time mail/systems admins we get invaluable data from
>> tripwire/integrit, 'postconf -n', dconf, 'rpm -qa', 'dpkg -l \*',
>> 'pkg_info
>> -a', ... whose output is checked in to RCS daily. This provides a nice
>> configuration snapshot and historical record but its real usefulness
>> comes
>> from rcsdiff piped into a daily report.
>
> That is the coolest idea I've heard today! And it's so obvious, yet
> easily missed, I suppose.
>
> Do you have the whole thing scripted and automated?

Yes and no. It is scripted but not packaged. Would probably take a few
hours to complete. Wish I had the time to do it for free.

OTOH, if you have scripting skills it's pretty straightforward. The only
time consuming part is parsing the data down to just the essential elements
and formatting it for easy reading. A few dozen iterations and voila.

Roger Marquis


jm at jmason

Mar 3, 2009, 2:25 AM

Post #15 of 16 (4644 views)
Permalink
Re: config status [In reply to]
On Mon, Mar 2, 2009 at 22:13, Roger Marquis <marquis [at] roble> wrote:
> David Morton wrote:
>>>
>>> As full time mail/systems admins we get invaluable data from
>>> tripwire/integrit, 'postconf -n', dconf, 'rpm -qa', 'dpkg -l \*',
>>> 'pkg_info
>>> -a', ... whose output is checked in to RCS daily. This provides a nice
>>> configuration snapshot and historical record but its real usefulness
>>> comes
>>> from rcsdiff piped into a daily report.
>>
>> That is the coolest idea I've heard today!  And it's so obvious, yet
>> easily missed, I suppose.
>>
>> Do you have the whole thing scripted and automated?
>
> Yes and no.  It is scripted but not packaged.  Would probably take a few
> hours to complete.  Wish I had the time to do it for free.
>
> OTOH, if you have scripting skills it's pretty straightforward.  The only
> time consuming part is parsing the data down to just the essential elements
> and formatting it for easy reading.  A few dozen iterations and voila.

this is a pretty compelling idea!

Could you open a feature request on the SA bugzilla about this?
it should be quite easy to dump all lines read, given a command
line option.

Patches to do it would be most likely to make it happen, btw ;)

--j.


rsk-gmane at misinformation

Mar 3, 2009, 9:51 AM

Post #16 of 16 (4639 views)
Permalink
Re: config status [In reply to]
Justin Mason <jm <at> jmason.org> writes:
> On Mon, Mar 2, 2009 at 22:13, Roger Marquis <marquis <at> roble.com> wrote:
> > David Morton wrote:
> >>>
> >>> As full time mail/systems admins we get invaluable data from
> >>> tripwire/integrit, 'postconf -n', dconf, 'rpm -qa', 'dpkg -l \*',
> >>> 'pkg_info -a', ... whose output is checked in to RCS daily. This provides
> >>> a nice configuration snapshot and historical record but its real
> >>> usefulness comes from rcsdiff piped into a daily report.
> >>
> >> That is the coolest idea I've heard today! And it's so obvious, yet easily
> >> missed, I suppose.
> >>
> >> Do you have the whole thing scripted and automated?
> >
> > Yes and no. It is scripted but not packaged. Would probably take a few
> > hours to complete. Wish I had the time to do it for free.
> >
> > OTOH, if you have scripting skills it's pretty straightforward. The only
> > time consuming part is parsing the data down to just the essential elements
> > and formatting it for easy reading. A few dozen iterations and voila.
>
> this is a pretty compelling idea!

You might get a leg up using NetBSD's /etc/security, one of the available daily
audits -- there's a short routine in there for backing up and diffing. It pulls
in /etc/rc.subr for some of the routines.

In addition, it might be nice to have SA config output dividable between rules
and other config.

RSK

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.