www.delorie.com/gnu/docs/cfengine/cfengine-Tutorial_83.html   search  
 
Buy GNU books!


GNU cfengine

[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

7.6 Configuration

The beginning of security is correct host configuration. Even if you have a firewall shielding you from outside intrusion, an incorrectly configured host is a security risk. Host configuration is what cfengine is about, so we could easily write a book on this. Rather than reiterating the extensive documentation, let's just consider a few examples which address actual problems and get down to business without further ado.

A cfengine configuration file is composed of objects with the following syntax (see the cfengine documentation):
 
  rule-type:

    classes-of-host-this-applies-to::

          Actual rule 1
          Actual rule 2 ...

The rule-types include checking file permissions, editing textfiles, disabling (renaming and removing permissions to) files, controlled execution of scripts and a variety of other things relating to host configuration. Some of the `control' rules are simply flags which switch on complex (read `smart') behaviour. Every cfengine program needs an actionsequence which tells it the order in which bulk configuration operations should be evaluated. e.g.

 
control:

  actionsequence = ( netconfig copy processes editfiles )

You should look at the cfengine manual to get started with your configuration.

Let us step through some basic idioms which can repeated in different contexts.

As representative examples we shall take solaris and GNU/Linux as example operating systems. This is not to single them out as being particularly secure or insecure, it is merely due to their widespread use and for definiteness.


  webmaster   donations   bookstore     delorie software   privacy  
  Copyright 2003   by The Free Software Foundation     Updated Jun 2003