policy manager: Hegehog policy subscription and application #573
Labels
enhancement
New feature or request
policy
Related to issues dealing with "policy" (rules, configuration, etc.) management
Milestone
Comments
mmguero
added
enhancement
|
Kamino closed and cloned this issue to cisagov/Malcolm |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
sub-item of this meta-issue: "policy manager" for Malcolm and Hedgehog Linux (#477)
This issue involves how Hedgehog sensors get the contents of policies stored on a Malcolm server.
As it's the way everything else is done, I'm way more inclined to have sensors "pull" policy updates from their Malcolm server, rather than Malcolm "push" the changes to the sensor. Today, a Malcolm instance doesn't really "know" about its hedgehogs, 99% of the data flow goes from the sensor to the aggregator and not vice-versa.
So ideally the configuration works such that the sensor can talk to its Malcolm's Git repositories (see #572) and "subscribe" (check out) the branches that you want it to use. Then it would periodically pull changes via Git, and apply the changes when they're observed.
I think also you should be able to subscribe to multiple branches, for example, a "global" branch as well as a "local" branch. These would need to be prioritized and then flattened out (which could be done using rsync or something like that).
The text was updated successfully, but these errors were encountered: