On Fri, 3 May 2013 21:01:06 +0200
Lukas Zapletal <lzap(a)redhat.com> wrote:
On Fri, May 03, 2013 at 09:21:07AM -0600, Kevin Fenzi wrote:
> How do we know that any particular person who installed yum
> installed anything else? Are you using IP address to try and see
> what each IP user installed? I can think of... a lot of ways that
> won't work. ;)
The main issue I see is NAT of course, there are couple of scenarios
which will generate incorrect data. But the main goal is to find
clusters in data and I hope majority of the log records will be one
IP = one user.
Right, but then this information is security sensitive...
User installed httpd-x.y-Z on YYYY-MM-DD, but on looking you don't see
them installing the security update that was released after that ->
Or even, user installs foo, foo is insecure and is dropped from fedora,
you might know that they have it still installed and can leverage that.
Or you see that user does security updates every friday, so you know
they might be vulnerable thursdays.
Also, you may see users install something, but we have no way of
knowing if they try it and hate it and remove it right after.
Also, the way our mirroring works, they can get the package from any
mirror at all, so we may not see patterns that are there if we could
see logs of all mirrors instead of just one.
> Another approach might be to work on
This is the replacement for smolt,
> but never seems to have gotten very far. It would be an application
> end users install.
Thanks for the link.