CONFAUDIT(8) BSD System Manager's Manual CONFAUDIT(8)NAMEconfaudit — configuration auditor
SYNOPSISconfaudit [-s] [-q] [-d]
confaudit-h
DESCRIPTION
The confaudit utility is designed to report differences between the
confman(8) repository and the live filesystem. While its behavior is very
similar to confman audit, confaudit is intended to be invoked via
cron(8).
The -s option will cause confaudit to run in sleep mode. In this mode,
confaudit will sleep for CONF_AUDIT_SLEEP seconds before executing. This
can be used to stagger the execution of confaudit across multiple managed
hosts.
When invoked with -q, confaudit will report only whether files differ and
not the actual differences (See diff(1)).
The -d option can be used to print additional debugging information.
When launched with -h, confaudit will display the usage statement and
exit.
confaudit uses the export file that is generated by confexport(8), and as
such, requires that CONF_EXPORT_URI be defined in confman.conf(5).
SECURITY CONSIDERATIONS
This functionality can provide insight into whether a System Administra‐
tor has been lazy about using confman for revision control. It could also
be run as part of your daily security runs to possibly identify an unau‐
thorized presence on the host. However, as the utility and snapshot are
all stored on local disk, it is not meant as a replacement for a proper
IDS.
SEE ALSOconfman(8), confexport(8), confman.conf(5), cron(8), diff(1)AUTHORS
Chris Cowart ⟨ccowart@timesinks.net⟩
BSD May 06, 2009 BSD