[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
a quick check on my config files
From: |
Antoine Jacoutot |
Subject: |
a quick check on my config files |
Date: |
Mon, 22 Dec 2003 09:36:40 +0100 |
User-agent: |
KMail/1.5.3 |
Hi :)
After some reading and testing I ended up with the following configuration for
cfengine.
As I am far from being an expert and I do not (yet !) understand everything
about this product, I just wanted you to check my config files just to see if
there're ok or just plain stupid...
Note that for now, it does not do anything usefull, before entering real
rules, I want to make sure my base config is right.
I start the following on all my boxes (cfengine policy server and clients):
/usr/local/sbin/cfenvd
/usr/local/sbin/cfservd
/usr/local/sbin/cfexecd -f /usr/local/sbin/cfagent
I would really appreciate any feedback :)
Thanks in advance.
Regards,
Antoine
-------------------------------
##############
# cfagent.conf
##############
control:
access = ( root )
site = ( my-domain )
smtpserver = ( smtp.my-domain.com )
sysadm = ( root@my-domain.com )
schedule = ( Min00_05 Min30_35 )
domain = ( my-domain.com )
Syslog = ( on )
Inform = ( on )
SplayTime = ( 5 )
IfElapsed = ( 1 )
LockDirectory = ( /var/cfengine )
LogDirectory = ( /var/cfengine )
moduledirectory = ( /var/cfengine/modules )
ChecksumDatabase = ( /var/cfengine/cf.db )
actionsequence = ( resolve files editfiles )
resolve:
192.168.0.1
192.168.0.2
files:
/var/cfengine/inputs mode=700 action=fixall
/var/cfengine/outputs mode=700 action=fixall
editfiles:
openbsd::
{ /etc/login.conf
AppendIfNoSuchLine "# Test cfengine"
}
#############
# update.conf
#############
control:
domain = ( my-domain.com )
actionsequence = ( copy tidy )
policyhost = ( server.my-domain.com )
master_cfinput = ( /var/cfengine/inputs )
workdir = ( /var/cfengine )
SplayTime = ( 5 )
IfElapsed = ( 1 )
copy:
!$(policyhost)::
$(master_cfinput) dest=$(workdir)/inputs
r=inf
purge=true
mode=700
type=binary
encrypt=true
verify=true
exclude=*.lst
exclude=*~
exclude=#*
server=$(policyhost)
tidy:
$(workdir)/outputs pattern=* age=7
#############
# cservd.conf
#############
control:
domain = ( my-domain.com )
AllowConnectionsFrom = ( 192.168.0.0/24 )
TrustKeysFrom = ( 192.168.0.0/24 )
Access = ( root )
cfrunCommand = ( "/usr/local/sbin/cfagent" )
ChecksumDatabase = ( /var/cfengine/cf.db )
IfElapsed = ( 1 )
ExpireAfter = ( 15 )
MaxConnections = ( 50 )
MultipleConnections = ( true )
grant:
/var/cfengine/inputs encrypt=true *.my-domain.com
/usr/local/sbin/ encrypt=true $(policyhost)
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- a quick check on my config files,
Antoine Jacoutot <=