[aklug] Re: Request Tracker & Change Management

From: Damien Hull <dhull@section9.us>
Date: Sat Jan 14 2012 - 12:14:32 AKST

OSSEC: The Swiss Army Knife of host based intrusion detection. It also
does prevention by blocking attacks with iptables. Like any HIDS it
should be tuned for your environment. I need to do that for my
configuration.

Request Tracker:
A perl based trouble ticket system. You can slice and dice this thing
to do different things. I'm not a programmer so I'm stuck with the
default features. Default sounds boring but it's powerful.

I have a queue for projects i'm working on, a queue for my servers,
and the default general queue. Tickets can be emaild into the system.
That's how my servers create new tickets.

Change Management:
1. Create a ticket every time I make a change to a system....
2. Read the logs and marke as resolved with a comment... Unless
there's something wrong.
3. Track client request / problems... General queue

Note:
There is a learning curve to Request Tracker and OSSEC. In my case I
can't see living without either of them. OSSEC is for security but it
actively monitors logs. If it finds a problem it sends an email.

Last week I was messing with BIND. OSSEC sent me an email every time
there was a problem with the config file. It would have taken me a lot
longer to figure out the problem with out OSSEC. All that information
is in Request Tracker as a ticket. I can go back and look at it later
if I need to...

This is all on a production system...

Sent from my iPad

On Jan 13, 2012, at 10:31 PM, barsalou <barjunk@attglobal.net> wrote:

> Quoting Damien Hull <dhull@section9.us>:
>
>> I have roots mail and OSSEC going into my request tracker trouble
>> ticket system. Works for change management. Now I can't avoid reading
>> my logs and server alert messages. It's amazing what you learn when
>> you read them.
>>
>
> I'd love to here more about what you've done and how you came across
> the setup you are using.
>
> Mike B.
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sat Jan 14 12:14:41 2012

This archive was generated by hypermail 2.1.8 : Sat Jan 14 2012 - 12:14:41 AKST