Speaker
Alasdair Earl
(CERN)
Description
The RPMVerify package is a light weight intrusion detection system (IDS) which is
used at CERN as part of the wider security infrastructure. The package provides
information about potentially nefarious changes to software which has been deployed
using the RedHat Package Management system (RPM).
The purpose of the RPMVerify project has been to produce a system which makes use of
the existing CERN infrastructure and tackles the scalability limitations of existing
IDSs.
In this paper we discuss its design, implementation, limitations, and our experiences
in using it. We will specifically comment from the system administration and service
management perspective.
Summary
IDS, Qquattor, security, cluster security
Author
Alasdair Earl
(CERN)
