I'm currently tasked with updating rsyslog.conf and auditd.conf on a large set of servers. I know the exact logging configurations that I want to enable. I have updated both files on on a server and hope to use the updated files as a template for the rest of the servers. I reckon that a script which will :
reference the "templates"
copy/replace the existing rsyslog.conf and auditd.conf
restart rsyslog service
will suffice.However, I have not really played around with any form of scripting at least in *NIX. The set of servers are a mix of Redhat, Amazon Linux, Suse, and Ubuntu with Redhat 6 the majority. I figured that I can at least make it work on Redhat and modify as needed for the others.Can you please help me out?
I definitely wouldn't bluntly copy the new files over, but first check if the original conf both for the source and the target server are identical, and if differences should persist, should they exist.
Which copy tool do you have at hand? scp ?
Thanks for the reply RudiC. You are correct, it will be madness to just replace given there is a good chance there is current setting that can be broken. So, instead of just the replacing of both files, comparing and adding the updates.
We are looking to possibly leverage the script via a configuration management tool(puppet, chef) for our cloud servers also. So, I need a script that is "tool independent" and more Linux native.
An (Automation-)Tool-independent script won't likely exist because those scripts are the main task of an automation tool. So those scripts are always tool-specific, if you want to take the advantage of using those tools.
If you do not use the specific features of your automation tool you'll effectively end up writing your own.
The normal way in Chef is to use the file or cookbookfile Resource, which simply just replaces files with fixed content or based templates, how you wish them to be and gives you possibilities to define, what is done when and if changes are made(e. g. restart special services). Pretty basic stuff. A good automation suites enables you to define your actions from a general default with use-case groups and deviations down to groups and single special cases.
Do you have an automation tool already in production? If that is so, I suggest to use it. Your automation tool should have been chosen to support all devices/servers you are running within your organization.
In general testing is badly needed for automation which only makes sense, if you have a lot of similar or identical setups. If not you have very much work with testing for every used platform.
So the first questions would be:
Are automation tools already used?
If yes, is that tool suited to your task(probably yes)?
If not should you decide to integrate such a tool in your organization? (Quite a different sized task)