1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
|
##################################################################
#
# DO NOT EDIT THIS FILE. All policy files prefixed with CFE_ are maintained
# by CFEngine and its original state is required for internal operations of
# CFEngine. If the file has been modified CFEngine’s upgrades may require
# manual intervention. Contact CFEngine support if additional information
# and/or recommendation is needed.
#
##################################################################
##################################################################
#
# cfe_internal_setup_knowledge
# - populate knowledge bank database (CFE Enterprise)
#
##################################################################
bundle agent cfe_internal_setup_knowledge
{
classes:
#
# check when updates arrive, new compared to the database
#
files:
"$(cfe_internal_hub_vars.docroot)"
comment => "Copy the basic knowledge base configuration from the installation to doc root",
handle => "cfe_internal_setup_knowledge_files_doc_root_1",
copy_from => no_backup_cp("$(sys.workdir)/share/GUI"),
depth_search => recurse("inf");
"$(cfe_internal_hub_vars.docroot)"
comment => "All files in there should be at least 0644",
handle => "cfe_internal_setup_knowledge_files_doc_root_2",
perms => m("0644"),
depth_search => recurse_exclude("inf"); # see exclude dirs in recurse_exclude() body
"$(cfe_internal_hub_vars.docroot)/.htaccess"
comment => "Correct up htaccess file in doc root",
handle => "cfe_internal_setup_knowledge_files_doc_root_htaccess",
perms => mog("0644","root","root"),
copy_from => no_backup_cp("$(sys.workdir)/share/GUI/Apache-htaccess");
"$(cfe_internal_hub_vars.docroot)/hub/."
comment => "Create a necessary folder for cf-hub",
handle => "cfe_internal_setup_knowledge_files_doc_root_hub",
create => "true",
depth_search => recurse_basedir("inf"),
perms => mog("0755","root","root");
"$(cfe_internal_hub_vars.docroot)/scripts/."
comment => "Ensure permissions for $(cfe_internal_hub_vars.docroot)/scripts",
handle => "cfe_internal_setup_knowledge_files_doc_root_scripts",
create => "true",
depth_search => recurse_basedir("inf"),
perms => mog("0644","root","root");
"$(cfe_internal_hub_vars.docroot)/tmp/."
comment => "Ensure permissions for $(cfe_internal_hub_vars.docroot)/tmp (temp files to email)",
handle => "cfe_internal_setup_knowledge_files_doc_root_tmp",
create => "true",
depth_search => recurse_basedir("inf"),
perms => mog("0644",$(def.cf_apache_user),$(def.cf_apache_group));
"$(cfe_internal_hub_vars.docroot)/application/logs/."
comment => "Make sure log folder has been created and has right permisions",
handle => "cfe_internal_setup_knowledge_files_doc_root_application_logs",
create => "true",
depth_search => recurse_basedir("inf"),
file_select => cfe_internal_exclude_index_html,
perms => mog("0644",$(def.cf_apache_user),$(def.cf_apache_group));
"$(cfe_internal_hub_vars.docroot)/application"
comment => "Ensure permissions to all directiories in application to 755",
handle => "cfe_internal_setup_knowledge_files_all_folders_in_application",
file_select => dirs,
depth_search => recurse("inf"),
perms => m("0755");
"$(cfe_internal_hub_vars.docroot)/application"
comment => "Ensure permissions to all files in application to 644",
handle => "cfe_internal_setup_knowledge_files_all_files_in_application",
file_select => plain,
depth_search => recurse("inf"),
perms => m("0644");
"$(cfe_internal_hub_vars.docroot)/api"
comment => "Ensure permissions for $(cfe_internal_hub_vars.docroot)/api",
handle => "cfe_internal_setup_knowledge_files_doc_root_api",
file_select => cfe_internal_exclude_sh_pl_scripts,
depth_search => recurse_basedir_exclude("inf"),
perms => mog("0644","root","root");
"$(cfe_internal_hub_vars.docroot)/api/static/."
comment => "Ensure permissions for $(cfe_internal_hub_vars.docroot)/api/static (writing exported reports PDF/CSV)",
handle => "cfe_internal_setup_knowledge_files_doc_root_api_static",
depth_search => recurse_basedir("inf"),
perms => mog("0644",$(def.cf_apache_user),$(def.cf_apache_group));
"$(cfe_internal_hub_vars.docroot)/api/dc-scripts"
comment => "Ensure permissions for $(cfe_internal_hub_vars.docroot)/api/dc-scripts (execute git push/pull)",
handle => "cfe_internal_setup_knowledge_files_doc_root_api_dc_scripts",
file_select => cfe_internal_sh_pl_scripts,
depth_search => recurse_basedir("inf"),
perms => mog("0755","root","root");
"$(cfe_internal_hub_vars.docroot)/sql_lite/."
comment => "Create a directory sql_lite for analytic to be working",
handle => "cfe_internal_setup_knowledge_files_doc_root_sql_lite",
create => "true",
depth_search => recurse_basedir("inf"),
perms => mog("0644",$(def.cf_apache_user),$(def.cf_apache_group));
"$(cfe_internal_hub_vars.docroot)/tmp/."
create => "true",
perms => mog("0644",$(def.cf_apache_user),$(def.cf_apache_group)),
depth_search => recurse_basedir("inf"),
comment => "Create tmp directories for httpd internal use",
handle => "cfe_internal_setup_knowledge_files_tmp_dir";
"$(sys.workdir)/httpd/logs/."
comment => "Ensure permissions for $(sys.workdir)/httpd/logs",
handle => "cfe_internal_setup_knowledge_files_httpd_logs",
create => "true",
perms => mog("0664","root","cfapache");
}
#############################################################################
body action aggregator
{
ifelapsed => "120";
expireafter => "240";
background => "true";
}
############################################################################
body file_select folder(regex)
{
leaf_name => { ".*$(regex)$"};
file_result => "leaf_name";
}
############################################################################
body depth_search recurse_basedir(d)
{
depth => "$(d)";
include_basedir => "true";
}
###########################################################################
body depth_search recurse_basedir_exclude(d)
{
depth => "$(d)";
include_basedir => "true";
exclude_dirs => { "static" };
}
############################################################################
body depth_search recurse_exclude(d)
{
depth => "$(d)";
exclude_dirs => { "hub" , "graphs", "scripts", "tmp", "logs", "api", "sql_lite", "rest", "application", "dc-scripts" };
}
############################################################################
body process_count check_process(in,out)
{
match_range => "1,1";
in_range_define => { "$(in)" };
out_of_range_define => { "$(out)" };
}
############################################################################
body file_select cfe_internal_exclude_sh_pl_scripts
{
leaf_name => { ".*\.sh",".*\.pl"};
file_result => "!leaf_name";
}
############################################################################
body file_select cfe_internal_sh_pl_scripts
{
leaf_name => { ".*\.sh",".*\.pl" };
file_result => "leaf_name";
}
############################################################################
body file_select cfe_internal_exclude_index_html
{
leaf_name => { "index.html" };
file_result => "!leaf_name";
}
|
