var000755 001751 001751 00000000000 10425717713 011536 5ustar00johnjohn000000 000000 var/cfengine000755 001751 001751 00000000000 10425717713 013314 5ustar00johnjohn000000 000000 var/cfengine/inputs000755 001751 001751 00000000000 10425720547 014635 5ustar00johnjohn000000 000000 var/cfengine/inputs/cf.iptables000644 001751 001751 00000000316 10425720113 017016 0ustar00johnjohn000000 000000 # -*- cfengine -*- # let's just put shell commands in here. called from cf.shellcommands.2 # assume iptables_init is set. shellcommands: # NAME RESOLUTION MUST WORK "/sbin/chkconfig iptables on" var/cfengine/inputs/cf.copy000644 001751 001751 00000000250 10425717752 016201 0ustar00johnjohn000000 000000 # -*- cfengine -*- copy: any:: ${cfserv_root}/config/generic/ssl dest=/usr/share/ssl/certs recurse=inf ignore=CVS mode=0644 server=${cfserv} var/cfengine/inputs/cf.daily000644 001751 001751 00000000174 10425717763 016340 0ustar00johnjohn000000 000000 # -*- cfengine -*- control: tidy: any:: /tmp pattern=* exclude=.font-unix age=7 r=inf rmdirs=sub var/cfengine/inputs/cf.dirs000644 001751 001751 00000000125 10425717771 016172 0ustar00johnjohn000000 000000 # -*- cfengine -*- directories: any:: /etc/mail owner=root mode=0755 var/cfengine/inputs/cf.disable000644 001751 001751 00000000071 10121644130 016611 0ustar00johnjohn000000 000000 # -*- cfengine -*- disable: any:: /etc/hosts.equiv var/cfengine/inputs/cf.disks000644 001751 001751 00000000173 10121646170 016334 0ustar00johnjohn000000 000000 # -*- cfengine -*- disks: any:: / freespace=10% inform=true force=true # you have to force checking / var/cfengine/inputs/cf.editfiles000644 001751 001751 00000000166 10425720007 017170 0ustar00johnjohn000000 000000 editfiles: firstpass:: { /etc/hosts AppendIfNoSuchLine '127.0.0.1 localhost.localdomain localhost' } var/cfengine/inputs/cf.files000644 001751 001751 00000000141 10425720020 016306 0ustar00johnjohn000000 000000 # -*- cfengine -*- files: any:: /etc/passwd mode=0644 owner=root action=fixall var/cfengine/inputs/cf.groups000644 001751 001751 00000000164 10425720513 016537 0ustar00johnjohn000000 000000 # -*- cfengine -*- groups: any:: lamp_server = ( my_machine_1 ) web_server = ( my_machine_2 lamp_server ) var/cfengine/inputs/cf.packages000644 001751 001751 00000000115 10425720137 016774 0ustar00johnjohn000000 000000 # -*- cfengine -*- packages: redhat:: "cvs" elsedefine=no_rpm_cvs var/cfengine/inputs/cf.links000644 001751 001751 00000000121 10425720120 016323 0ustar00johnjohn000000 000000 # -*- cfengine -*- links: firstpass:: /usr/local/bin/perl -> /usr/bin/perl var/cfengine/inputs/cf.processes000644 001751 001751 00000000134 10425720143 017222 0ustar00johnjohn000000 000000 # -*- cfengine -*- processes: any:: "auditd" matches>0 define=auditd_running var/cfengine/inputs/cf.resolve000644 001751 001751 00000000161 10425720164 016676 0ustar00johnjohn000000 000000 # -*- cfengine -*- resolve: # incoming mail needs rbl-plus list access any:: 1.2.3.4 1.2.3.5 var/cfengine/inputs/cf.shellcommands000644 001751 001751 00000000152 10425720171 020046 0ustar00johnjohn000000 000000 # -*- cfengine -*- shellcommands: # RPMS firstpass.no_rpm_cvs:: "/usr/sbin/up2date --solvedeps=cvs" var/cfengine/inputs/cf.shellcommands.2000644 001751 001751 00000000310 10425720213 020177 0ustar00johnjohn000000 000000 # -*- cfengine -*- import: iptables_init:: cf.iptables # a bunch of shell commands shellcommands: secondpass.auditd_running:: "/sbin/service audit stop" "/sbin/chkconfig audit off" var/cfengine/inputs/cf.tidy000644 001751 001751 00000000133 10425720223 016163 0ustar00johnjohn000000 000000 # -*- cfengine -*- tidy: any:: /var/cfengine/inputs pattern=*.cfsaved age=0 var/cfengine/inputs/cf.weekly000644 001751 001751 00000000142 10144262571 016517 0ustar00johnjohn000000 000000 # -*- cfengine -*- shellcommands: firstpass.dns_server:: "/usr/local/sbin/restart-named.sh" var/cfengine/inputs/cfagent.conf000644 001751 001751 00000005413 10425720443 017170 0ustar00johnjohn000000 000000 # -*- cfengine -*- import: any:: cf.groups cf.resolve cf.packages cf.shellcommands cf.editfiles cf.dirs cf.links cf.tidy cf.disable cf.disks cf.files cf.copy cf.processes cf.shellcommands.2 Init:: cf.netinit Hr00|Daily:: cf.daily Hr00.Saturday:: cf.weekly control: any:: actionsequence = ( editfiles.initpass # just for cf.netinit shellcommands.initpass # just for cf.netinit # mountall.firstpass # mount filesystems in fstab # mountinfo.firstpass # scan mounted filesystems checktimezone.firstpass # check timezone # netconfig.firstpass # check net interface config resolve.firstpass # check resolver setup # unmount.firstpass # unmount any filesystems packages.firstpass # check for required packages shellcommands.firstpass # execute shell commands editfiles.firstpass # edit files # addmounts # add new filesystems to system directories.firstpass # make any directories links.firstpass # check and maintain links (single and child) # mailcheck # check mailserver # mountall # (again) disks.firstpass # check required filesystems tidy.firstpass # tidy files disable.firstpass # disable files files.firstpass # check file permissions copy.firstpass # make a copy/image of a master file processes.firstpass # signal / check processes editfiles.secondpass # second editfiles pass shellcommands.secondpass # do em again links.secondpass ) actionsequence = ( checktimezone ) timezone = ( EST5EDT ) site = ( our-site ) smtpserver = ( our-mail-server.example.com ) sysadm = ( our-admins@example.com ) schedule = ( Min00_05 ) workdir = ( /var/cfengine ) access = ( root ) cfserv = ( our-cfengine-server.example.com ) cfserv_root = ( /cfengine ) NonAlphaNumFiles = ( on ) WarnNonOwnerMail = ( true ) WarnNonUserMail = ( true ) ChecksumDatabase = ( /var/cfengine/checksum.db ) DefaultPkgMgr = ( rpm ) mountpattern = ( /$(site)/$(host) ) homepattern = ( home* ) # increased for /usr/share/comps/i386/comps.xml EditFileSize = ( 600000 ) kernel = ( ExecResult(/bin/uname -r) ) domain = ( our-domain.example.com ) SplayTime = ( 5 ) ResetChecksumDatabase|Hr00:: ChecksumPurge = ( on ) ChecksumUpdates = ( on ) Init:: # *always* copy if it's an initialization defaultcopytype = ( checksum ) var/cfengine/inputs/cfservd.conf000644 001751 001751 00000000511 10425720547 017214 0ustar00johnjohn000000 000000 # -*- cfengine -*- groups: any:: cfengine_server = ( example-server ) control: cfengine_server:: AllowConnectionsFrom = ( 1.2.3.0/24 ) TrustKeysFrom = ( 1.2.3.0/24 ) MaxConnections = ( 60 ) admit: any:: /var/cfengine/ppkeys/localhost.pub *.example.com cfengine_server:: /cfengine *.example.com var/cfengine/inputs/update.conf000644 001751 001751 00000002574 10425720425 017050 0ustar00johnjohn000000 000000 # -*- cfengine -*- groups: any:: cfengine_server = ( our-cfengine-server ) control: any:: actionsequence = ( packages # make sure NTP is installed processes # see if NTP is running editfiles # put name in /etc/hosts shellcommands copy directories links ) workdir = ( /var/cfengine ) configroot = ( /cfengine ) ntp_server = ( time.example.com ) DefaultPkgMgr = ( rpm ) !cfengine_server:: SplayTime = ( 5 ) cfserv = ( our-cfengine-server.example.com ) cfengine_server:: cfserv = ( localhost ) packages: any:: "ntp" elsedefine=no_rpm_ntp processes: !no_rpm_ntp:: # only check if NTP is a package "ntpd$" matches>0 elsedefine=run_ntpdate editfiles: redhat:: { /etc/hosts AppendIfNoSuchLine "$(global.ipv4[eth0]) $(fqhost)" } shellcommands: no_rpm_ntp:: "/usr/sbin/up2date --solvedeps=ntp" # install NTP run_ntpdate|no_rpm_ntp:: "/usr/sbin/ntpdate -s -b -p 8 -u $(ntp_server) $(ntp_server)" cfengine_server:: "/bin/sh -c 'cd /cfengine/config; cvs update -d >/dev/null 2>/dev/null'" any:: copy: any:: ${configroot}/config/cfengine dest=${workdir} recurse=inf ignore=CVS server=${cfserv} directories: any:: /var/cfengine/bin links: any:: /var/cfengine/bin/cfagent -> /usr/sbin/cfagent