help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

a quick check on my config files


From: Antoine Jacoutot
Subject: a quick check on my config files
Date: Mon, 22 Dec 2003 09:36:40 +0100
User-agent: KMail/1.5.3

Hi :)

After some reading and testing I ended up with the following configuration for 
cfengine.
As I am far from being an expert and I do not (yet !) understand everything 
about this product, I just wanted you to check my config files just to see if 
there're ok or just plain stupid...
Note that for now, it does not do anything usefull, before entering real 
rules, I want to make sure my base config is right.

I start the following on all my boxes (cfengine policy server and clients):
/usr/local/sbin/cfenvd
/usr/local/sbin/cfservd
/usr/local/sbin/cfexecd -f /usr/local/sbin/cfagent

I would really appreciate any feedback :)

Thanks in advance.
Regards,

Antoine

-------------------------------

##############
# cfagent.conf
##############

control:
 access = ( root )
 site = ( my-domain )
 smtpserver = ( smtp.my-domain.com )
 sysadm = ( root@my-domain.com )
 schedule = ( Min00_05 Min30_35 )
 domain = ( my-domain.com )
 Syslog = ( on )
 Inform = ( on )
 SplayTime = ( 5 )
 IfElapsed = ( 1 )
 LockDirectory = ( /var/cfengine )
 LogDirectory  = ( /var/cfengine )
 moduledirectory = ( /var/cfengine/modules )
 ChecksumDatabase = ( /var/cfengine/cf.db )
 actionsequence = ( resolve files editfiles )

resolve:
 192.168.0.1
 192.168.0.2

files:
 /var/cfengine/inputs mode=700 action=fixall
 /var/cfengine/outputs mode=700 action=fixall

editfiles:
 openbsd::
  { /etc/login.conf
  AppendIfNoSuchLine "# Test cfengine"
  }

#############
# update.conf
#############

control:
 domain = ( my-domain.com )
 actionsequence  = ( copy tidy )
 policyhost = ( server.my-domain.com )
 master_cfinput = ( /var/cfengine/inputs )
 workdir = ( /var/cfengine )
 SplayTime = ( 5 )
 IfElapsed = ( 1 )

copy:
 !$(policyhost)::
  $(master_cfinput) dest=$(workdir)/inputs
  r=inf
  purge=true
  mode=700
  type=binary
  encrypt=true
  verify=true
  exclude=*.lst
  exclude=*~
  exclude=#*
  server=$(policyhost)

tidy:
 $(workdir)/outputs pattern=* age=7

#############
# cservd.conf
#############

control:
 domain = ( my-domain.com )
 AllowConnectionsFrom = ( 192.168.0.0/24 )
 TrustKeysFrom = ( 192.168.0.0/24 )
 Access = ( root )
 cfrunCommand = ( "/usr/local/sbin/cfagent" )
 ChecksumDatabase = ( /var/cfengine/cf.db )
 IfElapsed = ( 1 )
 ExpireAfter = ( 15 )
 MaxConnections = ( 50 )
 MultipleConnections = ( true )

grant:
 /var/cfengine/inputs encrypt=true *.my-domain.com
 /usr/local/sbin/ encrypt=true $(policyhost)





reply via email to

[Prev in Thread] Current Thread [Next in Thread]