Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

File of a ManagedInstance in Config

0

Hello,

Is it possible to record any changes of a file of a SSM:ManagedInstance in Config ?

I have SSM and Config that are configured. My instance is running SSM agent. In Config, I record the three types for SSM (SSM:ManagedInstanceInventory, SSM:PatchCompliance, and SSM:AssociationCompliance). The global inventory in SSM is configured with every possible parameters, and I also target a file, /etc/ssh/sshd_config. I can see a new record in Config's timeline of my instance when I install a new application (for instance, nmap), but I have no new record for any renaming of the file nor when I edit the file (for instance, changing "PermitRootLogin no" -> "PermitRootLogin yes"). I know that the file is targeted because it is in SSM's inventory.

Am I doing something wrong ? Is it even possible to record any changes in a file through SSM inventory and Config ? For the information, I am in Stockholm's region (eu-north-1).

Thanks !

Edited by: acaitr on Jan 28, 2019 4:54 PM

Temas
Gestión y gobierno
Etiquetas
AWS Config
Idioma
English
acaitr
preguntada hace 5 años217 visualizaciones
2 Respuestas
0

We do not support recording changes to "files" in AWS Config. We only collect SSM inventory for the following types: installed applications, network configuration and AWS software components.

Thanks,
Sid

AWS-User-2424938
respondido hace 5 años
0

It would be great to track Files. This would essentially allow an easy setup for file integrity monitoring.

Forums-User-7813077
respondido hace 5 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante