File: mod_access.cf

package info (click to toggle)
cfengine3 3.0.5%2Bdfsg-1
  • links: PTS, VCS
  • area: main
  • in suites: squeeze
  • size: 10,452 kB
  • ctags: 6,615
  • sloc: ansic: 62,933; sh: 9,712; yacc: 347; makefile: 287; sql: 23
file content (83 lines) | stat: -rw-r--r-- 2,104 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
#  Copyright (C) Cfengine AS

#  This file is part of Cfengine 3 - written and maintained by Cfengine AS.

#  This program is free software; you can redistribute it and/or modify it
#  under the terms of the GNU General Public License as published by the
#  Free Software Foundation; version 3.

#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA

# To the extent this program is licensed as part of the Enterprise
# versions of Cfengine, the applicable Commerical Open Source License
# (COSL) may apply to this file if you as a licensee so wish it. See
# included file COSL.txt.


body server control 
{
cfruncommand => "/var/cfengine/bin/cfagent";

maxconnections => "50";
denybadclocks  => "false";

checkident => "no";

allowconnects         => { @(globals.hostlist), "127.0.0.1"};
denyconnects          => { @(access_rules.bad) };

allowallconnects      => { @(access_rules.ok) };
trustkeysfrom         => { @(access_rules.ok), "127.0.0.1" };


specialhosts::
   
  allowusers => { "mark", "systemuser" };

any::

logallconnections     => "true";
logencryptedtransfers => "false";

#skipverify       => { "IP numbers" };
#dynamicaddresses => { "IP numbers" };

hostnamekeys     => "false";

bindtointerface => "IP number/hostname";

serverfacility => "LOG_DAEMON";
}

#########################################################

bundle server access_rules()

{
vars:

  "portnumber" int => "5803";

  "ok"  slist => { "128.39.89.1/24", "158.36.148.1/24", "2001:700:700:11" };

  "bad" slist => { ".*.spam.domain" };

access:

  passwd_server::

    "/etc/passwd"

       maproot => { "158.36.148.166", "2001:700:700:11" },
       admit   => { @(ok), "127.0.0.1"},
       deny    => { @(bad) };


}