Integrating alerts with PagerDuty
In this How To tutorial we will show you can integrate with PagerDuty using the CFEngine notification dashboard.
We will create a policy that ensures file integrity, and have CFEngine notify PagerDuty whenever there is a change in the file we manage.
System requirements:
- CFEngine Mission Portal
- Active PagerDuty Account
Create the file we want to manage
Run the following command on your policy server to create the file we want to manage.
touch /tmp/file-integrity
Create a new policy to manage the file
Insert the following policy into /tmp/file_example.cf
bundle agent file_integrity
{
files:
any::
"/tmp/test-integrity" -> {"PCI-DSS-2", "SOX-nightmare"}
handle => "ensure-test-file-integrity",
changes => change_detection;
}
body changes change_detection
{
hash => "md5";
update_hashes => "true";
report_changes => "all";
report_diffs => "true";
}
Ensure the policy always runs
Normally, to ensure your policy file is put into action, you would need to follow these three steps:
Move the policy file to your masterfiles directory (
/var/cfengine/masterfiles):Normally, to ensure your policy file is put into action, you would need to follow these three steps:
commandmv /tmp/file_example.cf /var/cfengine/masterfiles/Modify
promises.cfto include your policyUnless you use version control system, or has a non-standard CFEngine setup, modify your
promises.cffile by adding the new bundlename and policy-file so it will be picked up by CFEngine to be included in all future runs.commandvi /var/cfengine/masterfiles/promises.cfa) Under the body common control, add
file_integrityto your bundlesequence
b) Under
body common control, addfile_example.cfto your inputs section.
Now, any change you manually make to the
/tmp/file_integrityfile will be picked up by CFEngine!Next we need to a new service in PagerDuty which we will notify whenever a change is detected by CFEngine.
Create a new service in PagerDuty
Go to PagerDuty.com. In your account, under Services tab, click
Add New Service
Enter a name for the service and select an escalation policy. Select
Integrate via email.Copy the integration email provided for use in CFEngine.
Click
Add Servicebutton. Copy the integration email which we will use in CFEngine.
Create a new alert in CFEngine Mission Portal
Go to the the CFEngine Dashboard and click
Addbutton to create a new alert.
Fill out a new alert name
File integrity demo, severity levelHighand name for the conditionFile integrity demo.
Select
Policyunder type
Select
Bundle, type in the bundle name which is file_integrity, and finally selectRepairedas the promise status. This means that whenever CFEngine needs to repair the bundle, it will create an alert notification.
Type in the integration email defined above in the Notifications section. Press
Saveto active the alert. Choose any name you like for the New widget. In our demo we name the widgetPagerDuty.Integration complete!

Test it!
Now we have a made a policy to monitor the /tmp/file-integrity file. Whenever there is a change to this file, whether it be permissions or content, this will be detected by CFEngine which will send a notification to PagerDuty.
Make a change to the
/tmp/file_integrityfile on your policy server:commandecho "Hello World!!" > /tmp/file_integrityThe next time CFEngine runs, it will detect the change and send an notification to PagerDuty. Go to PagerDuty and wait for an alert to be triggered.
