James Harper <james.harper@bendigoit.com.au> writes:
I need something that can scan my network for Linux machines and then log in to anything it can find and check configs to make sure everything is set up correctly, eg things like that ssh settings are correct, smartd is configured and enabled (if physical machine), no blank passwords, permissions on sensitive config files, etc. This is more of an automatic check of the install process than a tripwire to check for malicious reconfiguration (I just found a machine with a failed harddisk on which I hadn't enabled smartd!)
The problem domain you describe is called "configuration management". As others have said, puppet is probably the best-known at present. I'm not enthusiastic about any of them - haven't tried ansible yet. What I currently do is keep a BCP checklist (e.g. "install etckeeper") and go through it when I first deploy a host. If I add to the list after a host is deployed, that's generally just too bad for that host. :-(