This package will intelligently push and pull updates to multiple servers, with built in locking to prevent system overloading. In addition, there are tripwire features (md5sum in a BerkeleyDB database), for system monitoring.
That's not all. There is an intrusion detection component, well, let's call it "sophisticated environment monitoring" where deviations from "normal" and "abnormal" behavior can be detected, with flexibility to customize...
Some of the articles written about cfengine seem to gloss over the full functionality. I saw one popular article mention rsync, which isn't needed. Cfengine will perform its own updates ... look for traffic on port 5308. Setting up keys and admit rights can be a bit tricky, especially since error messages can be misleading. Anyway, I'm making cfengine my next article. It could be 40+ pages.
A document that goes beyond methodically listing tcpdump options and engages the reader with short programs using raw sockets (for sending with flag manipulation) and libpcap (for receiving), may be worth writing. Perhaps it maybe worth reading if it is given a bit of a security spin, since I got a lot of comments on the Breaking Firewalls with OpenSSH and PuTTY article.
Personally, I think tcpdump is indispensable for system administration.
Fedora Core 4
So far I like it. Bind 9 is setup securely, or specifically more secure than FC3. I did have compiler errors with cyrus-sasl-2.1.21.tar.gz; but, for setting up postfix to interact with gmail, the installed package work fine, unlike FC3.