Editing and checking binary files

Relevant classes: any File editing is normally reserved to text files. However, a limited number of operations can also be performed on purely binary files, e.g. compiled programs, in order to search for strings, search for viral code, or modify strings within a program. Binary mode is a mutually exclusive, separate mode to normal editing. The limit on the size of binary files is set by editbinaryfilesize in control. ReplaceAll regex With literal Replaces occurrences of the matched regular expression with the provided literal text, only if the length of the literal substitute is less than or equal to the length of the located string. If the replacement string is shorter, it is padded with ascii spaces (character 32) by default. The padding character can be changed by setting BinaryPaddingChar in control. Padding with a null byte would lead to corruption of text within a program.. WarnIfContainsString regex/literal Yields a warning if the literal string or regular expression matches. Cfengine first attempts a literal match and then a regular expression match. WarnIfContainsFile filename Yields a warning if the contents of the named file exactly match part of the file which is being edited. This can be used to search for binary data which cannot be typed directly into the cfengine program, e.g. virus signatures. Example: control: actionsequence = ( editfiles ) virusdir = ( /safedir ) editbinaryfilesize = ( 200000 ) BinaryPaddingChar = ( \0 ) ################################# editfiles: { /path/to/program EditMode "Binary" ReplaceAll "/automount/usr/local" With "/usr/local" WarnIfContainsString "danger.*virus" WarnIfContainsFile "$(virusdir)/badstuff1" WarnIfContainsFile "$(virusdir)/badstuff2" } Back to documentation