Ryan Nowakowski | 10 Mar 07:09 2009

isconf 4 trac down?

Hey Folks,

Is the isconf 4 trac server(trac.t7a.org) down for good?  I can't reach it.
http://downforeveryoneorjustme.com/http://trac.t7a.org

Google seems to have a cached copy from March 2.
http://74.125.77.132/search?q=cache:tYG1TKoNOAcJ:trac.t7a.org/isconf/+isconf&hl=en&ct=clnk&cd=6&gl=us

Anyone have a copy of isconf 4 that you can send me?

Thanks,

Ryan
Timur Izhbulatov | 18 Nov 17:15 2007

ISconf patch

Hi,

I've been playing with ISconf.GPG and this resulted in a small patch (attached).

It allows to avoid writing debugging messages to stdout. One can use the
verbose argument of the constructor to pass a callable object which will be
used to write debugging messages somehere else. I pesonally use it like this:

      gpg = isconf.GPG.GPG(GPG, verbose=lambda arg: log.debug(str(arg)))

, where log is a Logger instance from the standard logging module.

Also, the patch adds few methods to fix AttributeError exceptions which I got
with my version of GnuPG (1.4.6).

Best Regards,
Attachment (trunk.diff): text/x-patch, 1458 bytes
Breno Jacinto | 16 Oct 01:41 2007
Picon

Do we like the same books?

I just joined Shelfari to connect with other book lovers. Come see the books I love and see if we have any in common. Then pick my next book so I can keep on reading.

Click below to join my group of friends on Shelfari!

http://www.shelfari.com/

Breno Jacinto


Shelfari is a free site that lets you share book ratings and reviews with friends and meet people who have similar tastes in books. It also lets you build an online bookshelf, join book clubs, and get good book recommendations from friends. You should check it out.

You have received this email because Breno Jacinto (brenojac <at> gmail.com) directly invited you to join his/her community on Shelfari.

It is against Shelfari's policies to invite people who you don't know directly. Follow this link to prevent future invitations to this address. If you believe you do not know this person, you may view his/her Shelfari page or report him/her in our feedback section.

Shelfari, 616 1st Ave #300, Seattle, WA 98104

Aleksey.Tsalolikhin | 15 Apr 05:28 2007

Re: looking for 'rabbit' program


Thanks, Sean!

I ended up using pdsh (Parallel Distributed SHell, http://www.llnl.gov/linux/pdsh/) as an ad hoc change tool.

I did in 1 minute what used to take me 20.  Good stuff!

Any plans to update the data on infrastructures.org?

We just exceeded 50 boxes at my site and I'm switching from managing them as individual servers to managing them as a system.   I just created a global sudoers file, for example.

I have to setup a configuration management system; we have mostly Red Hat and HP-UX boxes, and I am leaning towards CFengine as it's part of HP-UX now (included in the Distributed Systems Administration Utilities kit).

Truly,
Aleksey


--
This e-mail and any attachments are intended only for use by the addressee(s) named herein and may contain confidential information. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email and any attachments is strictly prohibited. If you receive this email in error, please immediately notify me by return email and permanently delete the original, any copy and any printout thereof.  The integrity and security of e-mail cannot be guaranteed.
Aleksey.Tsalolikhin | 13 Apr 05:25 2007

looking for 'rabbit' program

Hi.  I am new to ISconf.  Just downloaded it and looking for the "rabbit" 
program mentioned on www.infrastructures.org, to make ad hoc change to a 
number of systems.

Don't seem to see it...  Is it packaged separately?

Thanks,
Aleksey
--

-- 
This e-mail and any attachments are intended only for use by the 
addressee(s) named herein and may contain confidential information. If you 
are not the intended recipient of this e-mail, you are hereby notified any 
dissemination, distribution or copying of this email and any attachments 
is strictly prohibited. If you receive this email in error, please 
immediately notify me by return email and permanently delete the original, 
any copy and any printout thereof.  The integrity and security of e-mail 
cannot be guaranteed.
Aleksey.Tsalolikhin | 12 Apr 13:49 2007

Does ISconf run on HP-UX?


Hi.

Does ISconf run on HP-UX, please?

My environment consists of Red Hat and HP-UX.  I couldn't find a list of supported operating systems on www.ISconf.org.

Best,
Aleksey Tsalolikhin
Unix Systems Administrator
--
This e-mail and any attachments are intended only for use by the addressee(s) named herein and may contain confidential information. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email and any attachments is strictly prohibited. If you receive this email in error, please immediately notify me by return email and permanently delete the original, any copy and any printout thereof.  The integrity and security of e-mail cannot be guaranteed.
Graham Todd | 16 Mar 05:12 2007

isconf on FreeBSD


Anyone else up and running on FreeBSD in "production" environments?  If so
are there any informal ports/packages yet?  There's nothing in ports I was
thinking of making one as I continue my testing of the application.

Cheers,

--

-- 
Graham Todd - Bellanet <at> IDRC
Steve Traugott | 16 Mar 02:24 2007

#infrastructures irc channel

Hi Folks,

I've started an #infrastructures channel on irc.infrastructures.org.
You should find me hanging out there from 1900-0700 UTC most days.
Nothing fancy yet, no logging, no chanserv, no info bot.  (If someone
gets a chance to set up a logger that dumps its output to someplace
Google will crawl, that would be great.)

I've found that there just isn't any other decent place to bounce
ideas off of people if you're in the middle of a project and need a
second opinion on something before you write the next line of code --
#lopsa is closest, but lacks the mindset we share on this list.

I've also found myself having more discussions with people by Jabber,
IM or IRC lately anyway, rather than mail.  (I won't say what this
says about the future of e-mail, but I hope signed messages or DKIM
become the norm sooner rather than later.)

Hope to see you there,

Steve
--

-- 
Stephen G. Traugott (KG6HDQ) -- http://www.stevegt.com
Managing Partner, TerraLuna LLC -- http://www.t7a.org
Dir. Engineering, CD International Technology -- http://www.cdint.com
Brendan Strejcek | 27 Oct 20:27 2006

Re: Distributing private key information at install time

(Sorry in advance if I got some of the attribution wrong, the quotes
and forwardings made it a bit complicated.)

<Menno.Willemse <at> johnguest.co.uk> on 04 October 2006 wrote:

> That's secure, but it involves walking up to the machine, which I
> don't want to do. They are in locked rooms or on remote locations.
> Maybe the best solution is just to leave a CD, HD partition or
> floppy in the machine with its crypto-information.

I use a trick to get around this. If I have to install a fresh
operating system on a truly blank machine, I need to physically be at
the console. In that case, however, the machine was usually just
delivered and has not been deployed yet. Once a machine has been
installed, it has the ability to remotely reinstall itself with
several supported operating systems. I use alternative kernels and the
boot loader to accomplish this. Thus, once a machine has been
installed physically once (in most cases) it can be reinstalled
remotely.

> All security
> flies out of the window as soon as someone  can touch the machine
> anyway.

That is not totally true. They may be able to take over the machine,
but they will not be able to compromise confidentiality (that is, you
can encrypt data on the disk).

> If you want to do hands-off, unattended installs, I suppose there
> just isn't a way that's 100% secure.

Yeah, true. There will likely be some trade-off between security and
convenience.

Best,
Brendan

--
http://praksys.blogspot.com
Brendan Strejcek | 27 Oct 20:15 2006

Re: Distributing private key information at install time

(Wesley sent me a message off-list, but said it was fine to repost to the list.)

On 10/6/06, Wesley Craig <wes <at> umich.edu> wrote:

> On 06 Oct 2006, at 10:40, Brendan Strejcek wrote:
>
> > Are you using any sort of centralized configuration management system?
> > How do you propagate configuration changes to live machines?
>
> The question is how do you deal with a machine whose hardware you are
> replacing.  It's all fine to store this data centrally, but how do
> you bootstrap security from a naked machine?

Hooks can be added to any automated installation procedure. The
security of this initial bootstrap will depend upon the particular
installation method. For example, a custom install CD could easily
include various security bits, such as server public keys. Another
example would be a PXE boot on an isolated network where a server
decides what credentials to issue to a new machine based on ethernet
address.

Best,
Brendan

--
http://praksys.blogspot.com
Willemse, Menno | 4 Oct 12:05 2006
Picon

Distributing private key information at install time

Hello World,

Thanks to all those who responded. The prevailing wisdom seems to be that you use a boot CD with a temporary
key to do the re-install, or that you somehow keep the old keys on the system where they won't be erased by the
reinstall. A different hard disk was suggested, but a USB key, floppy or a CD would probably work just as
well. All of these methods are of course sensitive to the media being stolen, but that's something we'll
just have to live with.

I think I'll set things up so that the install image has a key in that allows you to get the proper key from the
install server. The installation image will only be NFS-exported to the machines that need it, as long as
they need it. This will lead to exposure while the machine downloads its install images, but so be it.

I'll also have a good look at ssh-keyscan and centralising the known_hosts file. That may be another way
around this problem: after a reinstall, scan the box' host key and have all other machines pull down the
file on a regular basis.

Cheers,
Menno 

--

-- 
Menno Willemse - John Guest IT Department
Tel: 01895-449233 ext 290 Email: menno.willemse <at> johnguest.co.uk
There is no Cabal.

Internet communications are not secure and therefore John Guest companies do not accept legal
responsibility for the contents of this message.  Any views or opinions presented are solely those of the
author and do not necessarily represent those of John Guest companies.

Gmane