The beginning of security is correct host configuration. Even if
you have a firewall shielding you from outside intrusion, an
incorrectly configured host is a security risk. Host configuration
is what cfengine is about, so we could easily write a book on this.
Rather than reiterating the extensive documentation, let's just
consider a few examples which address actual problems and get
down to business without further ado.
A cfengine configuration file is composed of objects with the
following syntax (see the cfengine documentation):
rule-type:
classes-of-host-this-applies-to::
Actual rule 1
Actual rule 2 ...
The rule-types include checking file permissions, editing textfiles,
disabling (renaming and removing permissions to) files, controlled
execution of scripts and a variety of other things relating to host
configuration. Some of the `control' rules are simply flags which
switch on complex (read `smart') behaviour.
Every cfengine program needs an actionsequence which tells it
the order in which bulk configuration operations should be
evaluated. e.g.
You should look at the cfengine manual to get started
with your configuration.
Let us step through
some basic idioms which can repeated in different contexts.
As representative examples we shall take solaris and GNU/Linux
as example operating systems. This is not to single them out
as being particularly secure or insecure, it is merely due to their
widespread use and for definiteness.
Please take a moment to fill out
this visitor survey You can help support this site by
visiting the advertisers that sponsor it! (only once each, though)
