[osiris] Re: Changing host config file
Hari Sekhon
hpsekhon at googlemail.com
Mon Sep 10 04:26:53 EDT 2007
Dave wrote:
> This is a bug in md_scan.c:scan_host(). Regardless of whether or not
> you push-config a new config out to a host, osirismd will always use the
> config associated with that host's baseline database. One way to fix
> this would be to have scan_host() first check to see if the remote
> daemon has a scan config in memory already, if so, use that config; if
> not, load the baseline database's config.
>
This would have a slight problem. If the running daemon had been
compromised, would it not scan the wrong thing, perhaps intentionally
missing some area of evil stuff...
The management console should be authoritative for a reason I think...
Problem is, if this is a bug, has it been fixed yet? I didn't see it in
the changelog.
What should I do then, scan and then immediately re-initialize the host?
This could be a serious problem if I want to reconfigure more hosts...
I will try to get the latest version and see if that helps...
-h
More information about the osiris
mailing list