Chapter 2. Tracking Changes to Objects

Have you ever wanted to know whether the content of the files on your server has changed or whether the packages installed on the server have changed? Perhaps you have developers who have access to edit files. Maybe you need to gather information on what has changed for production use.

If you have changed the tracking requirements that require you to report on specific items changing on our system, then the Puppet auditing and change tracking system can be a great solution.

Change tracking is the act of monitoring systems for changes and reporting on them. It is a component of more comprehensive auditing, which includes the reporting and other activities surrounding it, ensuring that a system is in compliance. There are numerous software packages available that do this. Many of them are special-purpose tools, such as Tripwire, OSSEC, and AIDE. Puppet can be used to configure many of these tools, which often require fairly extensive setups. Additionally, some of these tools require commercial licenses to obtain the full feature set.

With proper configuration, you can use Puppet to do change tracking. Beyond this, Puppet can be used to make sure that changed resources return to their expected states, including correcting the content, owner, or mode of the file.

In this chapter, we will cover the following topics: