Problems with filters

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problems with filters

From:	Harry Hoffman
Subject:	Problems with filters
Date:	Mon, 18 Apr 2005 13:29:33 -0400
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Fedora/1.7.6-1.3.2

Hi All,

I'm attempting to apply filters for file checks in /tmp and /var/tmp butthings aren't working as I had expected. Any ideas?


Below is some (hopefully) relevant info.

Thanks,
Harry


filters:
{ tmpexe

  Type: "reg"
  ExecRegex: "/usr/bin/file (.*executable.*)"
  Result: "ExecRegex"
  DefineClasses: "tmpalert"
  }

files:
/tmp          filter=tmpexe action=alert r=inf
/var/tmp      filter=tmpexe action=alert r=inf

Running "/usr/bin/file" on "/tmp/test.sh" results in:
/tmp/test.sh: Bourne-Again shell script text executable

Running cfengine in debug mode seems to show that the file should beignored (which it shouldn't)?


IgnoreFile(/tmp,test.sh)
CheckExistingFile(/tmp/test.sh)
cf:mason: Checking fs-object /tmp/test.sh
CheckExistingFile(+0,-0)
IgnoredOrExcluded(/tmp/test.sh)
FileObjectFilter(/tmp/test.sh)
Applying filter tmpexe
Prepending [reg]
Prepending [file]
Prepending [Type]
AddMacroValue(main.this=/tmp/test.sh)
ExpandVarstring(/tmp/test.sh)
Added Macro at hash address 18 to object main with value this=/tmp/test.sh
ExpandVarstring(/usr/bin/file (.*executable.*))
cfpopen(/usr/bin/file )
cfpclose(pp)
cfpopen - Waiting for process 23151
Filter result on /tmp/test.sh was 0
Skipping filtered file /tmp/test.sh

[Prev in Thread]

Current Thread

[Next in Thread]

Problems with filters, Harry Hoffman <=

Prev by Date: Re: open bugs on 2.1.14?
Next by Date: Looking for cfagent parameter...
Previous by thread: Problem with passing arguments to methods
Next by thread: Looking for cfagent parameter...
Index(es):
- Date
- Thread