[osiris] Re: Changing host config file

[dave at terriblelies.net]

Hari Sekhon wrote:
>> If you scan, and then re-init the host, the host will have the baseline
>> database from the re-init and no changes will be shown to you between the
>> first scan and the re-init.
>>
> yes but the window of opportunity is very small and basically the
> re-initialized baseline should be the same as the last known scan state
> if run __immediately__ in sequence. You will still get any changes
> thereafter and the baseline should have the same content as the last
> scan so the integrity of the host should be pretty much consistent,
> should it not?

That assumes the config files are scanning the same areas of the system. 
An init <host> will tell osirismd to drop the old baseline database and
take a new snapshot of the system with whatever config you issued it in
the init.

In this manner, if you tell it to use a new config you will not see
changes between the old config and the new config when the system is
initialized (or thereafter).

I suppose the implementation of this depends on what a user's requirements
are for the usage of push-config.  Should a push-config reset the baseline
database and not warn of changes between the two configs?  Or should a
push-config simply tell the host to start using a new config and warn of
any changes between the new config and the last scan using the old config?

I personally feel the second route is in the original spirit of
push-config.  If you want to accomplish the first scenario, an init <host>
is all you have to do.

-dave