Cft project monitors system administrators' activities while they modify a system to enhance system security and safeguard against potential intrusions.
To explain how cft works, a simple example is given. Cft organizes changes in sessions to let the user better indicate what aspect of the system they are fixing (webserver, mailserver etc.). A simple session to fix the configuration of postfix and to start and enable the service is demonstrated. The user only has to issue two additional commands to begin and finish the session, with everything else in the session remaining the same as if the changes were made without cft. Running 'cft manifest postfix' will print the changes in the form of a puppet manifest.
The puppet manifest tells puppet to enable and start the postfix service and copy the two files from the location mentioned as the source, with the specified owner, group, and mode. Cft takes care of copying all modified files into a safe location so that they can be copied off the machine into a central location. Cft can also convert a session into a tarball that contains both the puppet manifest and all the files mentioned in it. Fancier, more convenient methods of integrating changes back into a central puppet server are planned for the future.
The software requires Puppet to operate. The latest release of cft includes the removal of many unneeded attributes from the generated manifest. Finished sessions can now be resumed with 'cft begin -r SESSION.' The RPM package set has also been pruned to only include leaf packages. Packages that were updated/installed and depend on other packages that were updated/installed during the session are not included in the manifest.
Version 0.2.1: N/A