Auditing a package
In this example, we'll extend our
openssh module to audit the version installed. We'll then downgrade the package so that the version changes. Afterwards, we can verify whether the audit worked as expected.
In a production environment, it would make sense to audit at least the
sshd binary along with the package. It's quite possible for the attacker to change the binary without even touching the package. Auditing the package is more useful to find system administrators upgrading packages to unauthorized versions by accident.
Modifying the module to audit
First, make sure the Vagrant machine is running. If you need to restart your Vagrant machine, see the first exercise to get it running.
Once it is running, go ahead and SSH it ...