Cfengine configuration directory

Getting started cfagent.conf on a laptop

Relevant classes: any

Here is a suggestion for getting started with cfengine version 2 on a laptop computer, running a Unix-like operating system.
  • Install cfengine as per normal.
  • Make /var/cfengine/{bin|inputs|outputs} by hand
  • Copy /usr/local/sbin/cfagent to /var/cfengine/bin
  • Create cfagent.conf in /var/cfengine/inputs
  • Run crontab -e as root and add 
    0 * * * * /usr/local/sbin/cfexecd -F
    to run cfengine once per hour. This should be enough. 
###########################################################
#
# cfagent.conf for laptops
#
###########################################################

control:

 # We probably need to define these so that cfexecd can mail the
 # output to a remote location, e.g. so that an MTA will
 # accept the routing of the mail outside the laptop.
 # Probably most users will not run local mail on their laptops
 # so we assume that problems get mailed to an external MTA

 domain     = ( example.org )
 smtpserver = ( perseus.example.org )
 timeserver = ( chronos.example.org )
 sysadm     = ( mark@example.org )

 actionsequence = ( shellcommands files editfiles tidy processes )

#########################################################

files:

 #
 # Some basic intrusion detection
 #

 Hr03::

 /usr mode=o-w checksum=md5 r=inf

##########################################################

shellcommands:

 #
 # Synchronize clocks
 #

 "/usr/local/sbin/rdate -s $(timeserver)"

###########################################################

tidy:

   /tmp pattern=* age=3
   /etc pattern=route.conf age=0    # Corrupts SuSe's dhcpcd
   /var/lib/dhcpcd/ pattern=* age=0 #   "  "

 Hr04::

   /home pattern=*~   age=5 r=inf
   /home pattern=core age=0 r=inf

###########################################################

 #
 # Security - you can never trust installation programs
 #

editfiles:

 { /etc/inetd.conf

 HashCommentLinesContaining "login"
 HashCommentLinesContaining "talk"
 HashCommentLinesContaining "telnet"
 HashCommentLinesContaining "finger"
 HashCommentLinesContaining "time"
 }

###########################################################

processes:

 "inetd"  signal=hup
Back to documentation