Getting started with a cfagent.conf file

Relevant classes: any To get started with a basic configuration: Install cfengine from the distribution. Choose a master location for configuration files Setup basic cfagent.conf and update.conf Run crontab -e as root and add 0 * * * * /usr/local/sbin/cfexecd -F to run cfengine once per hour. Set variables CFINPUTS to the directory containing your files Now run /usr/local/sbin/cfagent once to deploy A simple get-started file might look like this: # # Simple cfengine configuration file # control: actionsequence = ( checktimezone files ) domain = ( example.com ) timezone = ( MET ) smtpserver = ( smtphost.example.org ) # used by cfexecd sysadm = ( me@example.com ) # where to mail output ###################################################################### files: # Check some important files /etc/passwd mode=644 owner=root action=fixall /etc/shadow mode=600 owner=root action=fixall # Do a tripwire check on binaries! /usr # Scan /usr dir owner=root,daemon # all files must be owned by root or daemon checksum=md5 # use md5 or sha recurse=inf # all subdirs ignore=tmp # skip /usr/tmp action=fixall Once you have come a little further with your deployment, and have tested out a configuration, you should think about structuring the configuration. Back to documentation