Check for manual manipulation

We do patching using ansible , but one of our clients is asking if there is a way to test for “drift” …not sure what that means , so they elaborated and asked if there was a way to detect if a system has been manually manipulated , configuration changed. I could just dump previous md5 and compare to current md5 but I am not sure how to approach this

https://aide.github.io/

2 Likes

There are two ways that I think about the question.

1 - Its a question of configuration management and enforcement. If Ansible configured a setting, you can ensure it hasn’t been changed by running it again. This is the easier problem to tackle if you’ve done a good job with idempotency. Stick that job on a schedule and you verify the configuration as often as your schedule permits.

2 - Its a larger question about changes to the system that may happen outside of the files that Ansible directly manages. For that I would suggest Aide, or tools like it. That is purpose built for identify changes to the system and logging them for audits and review.

1 Like