1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
#########################################################################
#
# file_change.cf - Change Management
#
# NOTE: Be careful with the amount of data that CFEngine is to watch.
# Large amounts can cause resource hogs and long-running agents.
#
#########################################################################
bundle agent change_management
{
vars:
# windows::
# "watch_files" slist => {
# "$(sys.windir)\important.txt",
# "$(sys.windir)\important2.txt"
# };
# "watch_dirs" slist => {
# "$(sys.workdir)\watch"
# };
linux::
"watch_files" slist => {
"/etc/passwd",
"/etc/shadow",
"/etc/group",
"/etc/services"
},
comment => "Define a list of files to be watched by cfengine",
handle => "change_management_vars_watch_files";
# "watch_dirs" slist => {
# "/usr",
# };
files:
linux::
"$(watch_files)" -> "goal_infosec"
comment => "Change detection on important files",
handle => "change_management_files_watch_files",
changes => diff;
# "$(watch_dirs)" -> "goal_infosec"
# comment => "Change detection on important directories",
# pathtype => "literal",
# changes => detect_all_change,
# depth_search => recurse("inf");
#######################################################################
# Redundant cross monitoring for strong `tripwire' ...............
#######################################################################
# "$(sys.workdir)/nw/$(neighbours)_checksum_digests.db"
# comment => "Watching our peers remote hash tables for changes - cross check",
# copy_from => remote_cp("$(sys.workdir)/checksum_digests.db","$(neighbours)"),
# action => neighbourwatch("File hash changes observed on $(neighbours) (neighbourhood watch)");
}
|
