Standard Library

Table of Contents

The standard library contains commonly-used promise bundles and bodies. It provides definitions that you can use to build up solutions within CFEngine. The standard library is an interface layer that brings industry-wide standardization of CFEngine configuration scripting and hides the technical details.

To import elements of the CFEngine Standard Library into your CFEngine policy, enter the following:

body file control
{
    inputs => { "$(sys.libdir)/files.cf", "$(sys.libdir)/packages.cf" };
}

You may wish to use $(sys.libdir) (absolute) or $(sys.local_libdir) (relative) to locate these libraries, depending on your specific policy layout.

The available pieces are:

  • bodies and bundles for a specific promise type
  • bodies that apply to all promise types
  • utility bundles
    • bundles.cf: cron jobs, log rotating, filestat() interface, rm_rf, Git-related bundles
    • paths.cf: standard place to find the path for many common tools and system files
    • feature.cf: set and unset persistent classes easily

To import the entire CFEngine Standard Library, enter the following:

body file control
{
      # relative path
      "inputs" slist => { "$(sys.local_libdir)/stdlib.cf" };
      # absolute path
      "inputs" slist => { "$(sys.libdir)/stdlib.cf" };
}

Note this will not work with CFEngine 3.5 or older. For backward compatibility, you need to follow the approach shown in the standard promises.cf main entry point for policy:

bundle common cfengine_stdlib
{
  vars:
    cfengine_3_4::
      # This is the standard library for CFEngine 3.4 and earlier
      # (only 3.4 is explicitly supported)
      "inputs" slist => { "libraries/cfengine_stdlib.cf" };
    cfengine_3_5::
      # 3.5 doesn't have "body file control" so all the includes are listed here
      "inputs" slist => {
                          "lib/3.5/paths.cf",
                          "lib/3.5/common.cf",
                          "lib/3.5/commands.cf",
                          "lib/3.5/packages.cf",
                          "lib/3.5/files.cf",
                          "lib/3.5/services.cf",
                          "lib/3.5/processes.cf",
                          "lib/3.5/storage.cf",
                          "lib/3.5/databases.cf",
                          "lib/3.5/monitor.cf",
                          "lib/3.5/guest_environments.cf",
                          "lib/3.5/bundles.cf",
      };

    !(cfengine_3_4||cfengine_3_5)::
      # CFEngine 3.6 and higher can include through a secondary file
      "inputs" slist => { "$(sys.local_libdir)/stdlib.cf" };

  reports:
    verbose_mode::
      "$(this.bundle): defining inputs='$(inputs)'";
}

And then include @(cfengine_stdlib.inputs) in your main policy inputs. This is recommended only if you need to support CFEngine clients running 3.5 or older!

Feature

To use these bundles, add the following to your policy:

body file control
{
    inputs => { "features.cf" }
}

agent bundles

feature

Prototype: feature

Description: Finds feature_set_X and feature_unset_X classes and sets/unsets X persistently

Finds all classes named feature_unset_X and clear class X.

Finds all classes named feature_set_DURATION_X and sets class X persistently for DURATION. DURATION can be any digits followed by k, m, or g.

In inform mode (-I) it will report what it does.

Example: Set class xyz for 10 minutes, class qpr for 100 minutes, and ijk for 90m minutes. Unset class abc. cf-agent -I -f ./feature.cf -b feature -Dfeature_set_10_xyz,feature_set_100_qpr,feature_set_90m_ijk,feature_unset_abc

Implementation:

bundle agent feature
{
  classes:
      "parsed_$(on)" expression => regextract("feature_set_([0-9]+[kmgKMG]?)_(.*)",
                                              $(on),
                                              "extract_$(on)");

      "parsed_$(off)" expression => regextract("feature_unset_(.*)",
                                               $(off),
                                               "extract_$(off)");

      "$(extract_$(on)[2])" expression => "parsed_$(on)",
      persistence => "$(extract_$(on)[1])";

  vars:
      "on" slist => classesmatching("feature_set_.*");
      "off" slist => classesmatching("feature_unset_.*");

      "_$(off)" string => "off", classes => feature_cancel("$(extract_$(off)[1])");

  reports:
    "DEBUG|DEBUG_$(this.bundle)"::
      "DEBUG $(this.bundle): $(on) => SET class '$(extract_$(on)[2]) for '$(extract_$(on)[1])'"
      ifvarclass => "parsed_$(on)";

      "DEBUG $(this.bundle): $(off) => UNSET class '$(extract_$(off)[1])'"
      ifvarclass => "parsed_$(off)";

      "DEBUG $(this.bundle): have $(extract_$(on)[2])" ifvarclass => "$(extract_$(on)[2])";
      "DEBUG $(this.bundle): have no $(extract_$(on)[2])" ifvarclass => "!$(extract_$(on)[2])";

      "DEBUG $(this.bundle): have $(extract_$(off)[1])" ifvarclass => "$(extract_$(off)[1])";
      "DEBUG $(this.bundle): have no $(extract_$(off)[1])" ifvarclass => "!$(extract_$(off)[1])";
}

feature_test

Prototype: feature_test

Description: Finds feature_set_X and feature_unset_X classes and reports X

Note that this bundle is intended to be used exactly like feature and just show what's defined or undefined.

Example: Check classes xyz, qpr, ijk, and abc. cf-agent -I -f ./feature.cf -b feature_test -Dfeature_set_10_xyz,feature_set_100_qpr,feature_set_90m_ijk,feature_unset_abc

Implementation:

bundle agent feature_test
{
  classes:
      "parsed_$(on)" expression => regextract("feature_set_([0-9]+[kmgKMG]?)_(.*)",
                                              $(on),
                                              "extract_$(on)");

      "parsed_$(off)" expression => regextract("feature_unset_(.*)",
                                               $(off),
                                               "extract_$(off)");

  vars:
      "on" slist => classesmatching("feature_set_.*");
      "off" slist => classesmatching("feature_unset_.*");

  reports:
      "$(this.bundle): have $(extract_$(on)[2])" ifvarclass => "$(extract_$(on)[2])";
      "$(this.bundle): have no $(extract_$(on)[2])" ifvarclass => "!$(extract_$(on)[2])";

      "$(this.bundle): have $(extract_$(off)[1])" ifvarclass => "$(extract_$(off)[1])";
      "$(this.bundle): have no $(extract_$(off)[1])" ifvarclass => "!$(extract_$(off)[1])";
}

Paths

To use these bundles, add the following to your policy:

body file control
{
    inputs => { "paths.cf" }
}

common bodies

paths

Prototype: paths

Description: Defines an array path with common paths to standard binaries, and classes for defined and existing paths.

If the current platform knows that binary XYZ should be present, _stdlib_has_path_XYZ is defined. Furthermore, if XYZ is actually present (i.e. the binary exists) in the expected location, _stdlib_path_exists_XYZ is defined.

Example:

bundle agent repair_newlines(filename)
{
commands:
  _stdlib_path_exists_sed::
     “$(path[sed])
       args => “-i 's/^M//' $(filename)
}

Implementation:

bundle common paths
{
  vars:

      #
      # Common full pathname of commands for OS
      #

    enterprise.(am_policy_hub|policy_server)::
      "path[git]"
        string => "$(sys.workdir)/bin/git",
        comment => "CFEngine Enterprise Hub ships with its own git which is used internally";

    !(enterprise.(am_policy_hub|policy_server))::
      "path[git]"      string => "/usr/bin/git";

    !(freebsd|darwin|smartos)::
      "path[npm]"      string => "/usr/bin/npm";
      "path[pip]"      string => "/usr/bin/pip";
      "path[virtualenv]" string => "/usr/bin/virtualenv";

    !(freebsd|darwin)::
      "path[getfacl]"  string => "/usr/bin/getfacl";

    freebsd|darwin::
      "path[npm]"      string => "/usr/local/bin/npm";
      "path[pip]"      string => "/usr/local/bin/pip";
      "path[virtualenv]" string => "/usr/local/bin/virtualenv";

    _have_bin_env::
      "path[env]"      string => "/bin/env";
    !_have_bin_env::
      "path[env]"      string => "/usr/bin/env";

    _have_bin_systemctl::
      "path[systemctl]"      string => "/bin/systemctl";
    !_have_bin_systemctl::
      "path[systemctl]"      string => "/bin/systemctl";

    linux::
      "path[lsattr]"        string => "/usr/bin/lsattr";
      "path[tar]"           string => "/bin/tar";
      "path[pgrep]"         string => "/usr/bin/pgrep";

    aix::

      "path[awk]"      string => "/usr/bin/awk";
      "path[bc]"       string => "/usr/bin/bc";
      "path[cat]"      string => "/bin/cat";
      "path[cksum]"    string => "/usr/bin/cksum";
      "path[crontabs]" string => "/var/spool/cron/crontabs";
      "path[cut]"      string => "/usr/bin/cut";
      "path[dc]"       string => "/usr/bin/dc";
      "path[df]"       string => "/usr/bin/df";
      "path[diff]"     string => "/usr/bin/diff";
      "path[dig]"      string => "/usr/bin/dig";
      "path[echo]"     string => "/usr/bin/echo";
      "path[egrep]"    string => "/usr/bin/egrep";
      "path[find]"     string => "/usr/bin/find";
      "path[grep]"     string => "/usr/bin/grep";
      "path[ls]"       string => "/usr/bin/ls";
      "path[netstat]"  string => "/usr/bin/netstat";
      "path[ping]"     string => "/usr/bin/ping";
      "path[perl]"     string => "/usr/bin/perl";
      "path[printf]"   string => "/usr/bin/printf";
      "path[sed]"      string => "/usr/bin/sed";
      "path[sort]"     string => "/usr/bin/sort";
      "path[tr]"       string => "/usr/bin/tr";

    archlinux::

      "path[awk]"               string => "/usr/bin/awk";
      "path[bc]"                string => "/usr/bin/bc";
      "path[cat]"               string => "/usr/bin/cat";
      "path[cksum]"             string => "/usr/bin/cksum";
      "path[crontab]"           string => "/usr/bin/crontab";
      "path[cut]"               string => "/usr/bin/cut";
      "path[dc]"                string => "/usr/bin/dc";
      "path[df]"                string => "/usr/bin/df";
      "path[diff]"              string => "/usr/bin/diff";
      "path[dig]"               string => "/usr/bin/dig";
      "path[dmidecode]"         string => "/usr/bin/dmidecode";
      "path[echo]"              string => "/usr/bin/echo";
      "path[egrep]"             string => "/usr/bin/egrep";
      "path[ethtool]"           string => "/usr/bin/ethtool";
      "path[find]"              string => "/usr/bin/find";
      "path[free]"              string => "/usr/bin/free";
      "path[grep]"              string => "/usr/bin/grep";
      "path[hostname]"          string => "/usr/bin/hostname";
      "path[init]"              string => "/usr/bin/init";
      "path[iptables]"          string => "/usr/bin/iptables";
      "path[iptables_save]"     string => "/usr/bin/iptables-save";
      "path[iptables_restore]"  string => "/usr/bin/iptables-restore";
      "path[ls]"                string => "/usr/bin/ls";
      "path[lsof]"              string => "/usr/bin/lsof";
      "path[netstat]"           string => "/usr/bin/netstat";
      "path[ping]"              string => "/usr/bin/ping";
      "path[perl]"              string => "/usr/bin/perl";
      "path[printf]"            string => "/usr/bin/printf";
      "path[sed]"               string => "/usr/bin/sed";
      "path[sort]"              string => "/usr/bin/sort";
      "path[test]"              string => "/usr/bin/test";
      "path[top]"               string => "/usr/bin/top";
      "path[tr]"                string => "/usr/bin/tr";
      #
      "path[pacman]"            string => "/usr/bin/pacman";
      "path[yaourt]"            string => "/usr/bin/yaourt";
      "path[useradd]"           string => "/usr/bin/useradd";
      "path[groupadd]"          string => "/usr/bin/groupadd";
      "path[ip]"                string => "/usr/bin/ip";
      "path[ifconfig]"          string => "/usr/bin/ifconfig";
      "path[journalctl]"        string => "/usr/bin/journalctl";
      "path[netctl]"            string => "/usr/bin/netctl";

    freebsd|netbsd|openbsd::

      "path[awk]"      string => "/usr/bin/awk";
      "path[bc]"       string => "/usr/bin/bc";
      "path[cat]"      string => "/bin/cat";
      "path[crontabs]" string => "/var/cron/tabs";
      "path[cut]"      string => "/usr/bin/cut";
      "path[dc]"       string => "/usr/bin/dc";
      "path[df]"       string => "/bin/df";
      "path[diff]"     string => "/usr/bin/diff";
      "path[dig]"      string => "/usr/bin/dig";
      "path[echo]"     string => "/bin/echo";
      "path[egrep]"    string => "/usr/bin/egrep";
      "path[find]"     string => "/usr/bin/find";
      "path[grep]"     string => "/usr/bin/grep";
      "path[ls]"       string => "/bin/ls";
      "path[netstat]"  string => "/usr/bin/netstat";
      "path[perl]"     string => "/usr/bin/perl";
      "path[printf]"   string => "/usr/bin/printf";
      "path[sed]"      string => "/usr/bin/sed";
      "path[sort]"     string => "/usr/bin/sort";
      "path[tr]"       string => "/usr/bin/tr";

    freebsd.!(freebsd_9_3|freebsd_10|freebsd_11)|netbsd|openbsd::

      "path[ping]"     string => "/usr/bin/ping";

    freebsd_9_3|freebsd_10|freebsd_11::

      "path[ping]"     string => "/sbin/ping";

    freebsd|netbsd::

      "path[cksum]"    string => "/usr/bin/cksum";
      "path[realpath]" string => "/bin/realpath";

    freebsd::

      "path[getfacl]"  string => "/bin/getfacl";
      "path[dtrace]"   string => "/usr/sbin/dtrace";
      "path[service]"  string => "/usr/sbin/service";
      "path[zpool]"    string => "/sbin/zpool";
      "path[zfs]"      string => "/sbin/zfs";

    openbsd::

      "path[cksum]"    string => "/bin/cksum";

    smartos::
      "path[npm]"      string => "/opt/local/bin/npm";
      "path[pip]"      string => "/opt/local/bin/pip";

    solaris::

      "path[awk]"      string => "/usr/bin/awk";
      "path[bc]"       string => "/usr/bin/bc";
      "path[cat]"      string => "/usr/bin/cat";
      "path[cksum]"    string => "/usr/bin/cksum";
      "path[crontab]"  string => "/usr/bin/crontab";
      "path[crontabs]" string => "/var/spool/cron/crontabs";
      "path[curl]"     string => "/usr/bin/curl";
      "path[cut]"      string => "/usr/bin/cut";
      "path[dc]"       string => "/usr/bin/dc";
      "path[df]"       string => "/usr/bin/df";
      "path[diff]"     string => "/usr/bin/diff";
      "path[dig]"      string => "/usr/sbin/dig";
      "path[echo]"     string => "/usr/bin/echo";
      "path[egrep]"    string => "/usr/bin/egrep";
      "path[find]"     string => "/usr/bin/find";
      "path[grep]"     string => "/usr/bin/grep";
      "path[ls]"       string => "/usr/bin/ls";
      "path[netstat]"  string => "/usr/bin/netstat";
      "path[ping]"     string => "/usr/bin/ping";
      "path[perl]"     string => "/usr/bin/perl";
      "path[printf]"   string => "/usr/bin/printf";
      "path[sed]"      string => "/usr/bin/sed";
      "path[sort]"     string => "/usr/bin/sort";
      "path[tr]"       string => "/usr/bin/tr";
      "path[wget]"     string => "/usr/bin/wget";
      #
      "path[svcs]"     string => "/usr/bin/svcs";
      "path[svcadm]"   string => "/usr/sbin/svcadm";
      "path[svccfg]"   string => "/usr/sbin/svccfg";
      "path[svcprop]"  string => "/usr/bin/svcprop";
      "path[netadm]"   string => "/usr/sbin/netadm";
      "path[dladm]"    string => "/usr/sbin/dladm";
      "path[ipadm]"    string => "/usr/sbin/ipadm";
      "path[pkg]"      string => "/usr/bin/pkg";
      "path[pkginfo]"  string => "/usr/bin/pkginfo";
      "path[pkgadd]"   string => "/usr/sbin/pkgadd";
      "path[pkgrm]"    string => "/usr/sbin/pkgrm";
      "path[zoneadm]"  string => "/usr/sbin/zoneadm";
      "path[zonecfg]"  string => "/usr/sbin/zonecfg";

    redhat::

      "path[awk]"           string => "/bin/awk";
      "path[bc]"            string => "/usr/bin/bc";
      "path[cat]"           string => "/bin/cat";
      "path[cksum]"         string => "/usr/bin/cksum";
      "path[createrepo]"    string => "/usr/bin/createrepo";
      "path[crontab]"       string => "/usr/bin/crontab";
      "path[crontabs]"      string => "/var/spool/cron";
      "path[curl]"          string => "/usr/bin/curl";
      "path[cut]"           string => "/bin/cut";
      "path[dc]"            string => "/usr/bin/dc";
      "path[df]"            string => "/bin/df";
      "path[diff]"          string => "/usr/bin/diff";
      "path[dig]"           string => "/usr/bin/dig";
      "path[domainname]"    string => "/bin/domainname";
      "path[echo]"          string => "/bin/echo";
      "path[egrep]"         string => "/bin/egrep";
      "path[ethtool]"       string => "/usr/sbin/ethtool";
      "path[find]"          string => "/usr/bin/find";
      "path[free]"          string => "/usr/bin/free";
      "path[grep]"          string => "/bin/grep";
      "path[hostname]"      string => "/bin/hostname";
      "path[init]"          string => "/sbin/init";
      "path[iptables]"      string => "/sbin/iptables";
      "path[iptables_save]" string => "/sbin/iptables-save";
      "path[ls]"            string => "/bin/ls";
      "path[lsof]"          string => "/usr/sbin/lsof";
      "path[netstat]"       string => "/bin/netstat";
      "path[nologin]"       string => "/sbin/nologin";
      "path[ping]"          string => "/usr/bin/ping";
      "path[perl]"          string => "/usr/bin/perl";
      "path[printf]"        string => "/usr/bin/printf";
      "path[sed]"           string => "/bin/sed";
      "path[sort]"          string => "/bin/sort";
      "path[test]"          string => "/usr/bin/test";
      "path[tr]"            string => "/usr/bin/tr";
      "path[wc]"            string => "/usr/bin/wc";
      "path[wget]"          string => "/usr/bin/wget";
      "path[realpath]"      string => "/usr/bin/realpath";

      #
      "path[chkconfig]" string => "/sbin/chkconfig";
      "path[groupadd]"  string => "/usr/sbin/groupadd";
      "path[groupdel]"  string => "/usr/sbin/groupdel";
      "path[ifconfig]"  string => "/sbin/ifconfig";
      "path[ip]"        string => "/sbin/ip";
      "path[rpm]"       string => "/bin/rpm";
      "path[service]"   string => "/sbin/service";
      "path[svc]"       string => "/sbin/service";
      "path[useradd]"   string => "/usr/sbin/useradd";
      "path[userdel]"   string => "/usr/sbin/userdel";
      "path[yum]"       string => "/usr/bin/yum";

    darwin::
      "path[awk]"           string => "/usr/bin/awk";
      "path[bc]"            string => "/usr/bin/bc";
      "path[cat]"           string => "/bin/cat";
      "path[cksum]"         string => "/usr/bin/cksum";
      "path[createrepo]"    string => "/usr/bin/createrepo";
      "path[crontab]"       string => "/usr/bin/crontab";
      "path[crontabs]"      string => "/usr/lib/cron/tabs";
      "path[cut]"           string => "/usr/bin/cut";
      "path[dc]"            string => "/usr/bin/dc";
      "path[df]"            string => "/bin/df";
      "path[diff]"          string => "/usr/bin/diff";
      "path[dig]"           string => "/usr/bin/dig";
      "path[domainname]"    string => "/bin/domainname";
      "path[dscl]"          string => "/usr/bin/dscl";
      "path[echo]"          string => "/bin/echo";
      "path[egrep]"         string => "/usr/bin/egrep";
      "path[find]"          string => "/usr/bin/find";
      "path[grep]"          string => "/usr/bin/grep";
      "path[hostname]"      string => "/bin/hostname";
      "path[ls]"            string => "/bin/ls";
      "path[lsof]"          string => "/usr/sbin/lsof";
      "path[netstat]"       string => "/usr/sbin/netstat";
      "path[ping]"          string => "/sbin/ping";
      "path[perl]"          string => "/usr/bin/perl";
      "path[printf]"        string => "/usr/bin/printf";
      "path[sed]"           string => "/usr/bin/sed";
      "path[sort]"          string => "/usr/bin/sort";
      "path[test]"          string => "/bin/test";
      "path[tr]"            string => "/usr/bin/tr";

      #
      "path[brew]"           string => "/usr/local/bin/brew";
      "path[sudo]"           string => "/usr/bin/sudo";

    debian::

      "path[awk]"           string => "/usr/bin/awk";
      "path[bc]"            string => "/usr/bin/bc";
      "path[cat]"           string => "/bin/cat";
      "path[chkconfig]"     string => "/sbin/chkconfig";
      "path[cksum]"         string => "/usr/bin/cksum";
      "path[createrepo]"    string => "/usr/bin/createrepo";
      "path[crontab]"       string => "/usr/bin/crontab";
      "path[crontabs]"      string => "/var/spool/cron/crontabs";
      "path[curl]"          string => "/usr/bin/curl";
      "path[cut]"           string => "/usr/bin/cut";
      "path[dc]"            string => "/usr/bin/dc";
      "path[df]"            string => "/bin/df";
      "path[diff]"          string => "/usr/bin/diff";
      "path[dig]"           string => "/usr/bin/dig";
      "path[dmidecode]"     string => "/usr/sbin/dmidecode";
      "path[domainname]"    string => "/bin/domainname";
      "path[echo]"          string => "/bin/echo";
      "path[egrep]"         string => "/bin/egrep";
      "path[ethtool]"       string => "/sbin/ethtool";
      "path[find]"          string => "/usr/bin/find";
      "path[free]"          string => "/usr/bin/free";
      "path[grep]"          string => "/bin/grep";
      "path[hostname]"      string => "/bin/hostname";
      "path[init]"          string => "/sbin/init";
      "path[iptables]"      string => "/sbin/iptables";
      "path[iptables_save]" string => "/sbin/iptables-save";
      "path[ls]"            string => "/bin/ls";
      "path[lsof]"          string => "/usr/bin/lsof";
      "path[netstat]"       string => "/bin/netstat";
      "path[nologin]"       string => "/usr/sbin/nologin";
      "path[ping]"          string => "/bin/ping";
      "path[perl]"          string => "/usr/bin/perl";
      "path[printf]"        string => "/usr/bin/printf";
      "path[sed]"           string => "/bin/sed";
      "path[sort]"          string => "/usr/bin/sort";
      "path[test]"          string => "/usr/bin/test";
      "path[tr]"            string => "/usr/bin/tr";
      "path[wc]"            string => "/usr/bin/wc";
      "path[wget]"          string => "/usr/bin/wget";
      "path[realpath]"      string => "/usr/bin/realpath";

      #
      "path[apt_cache]"           string => "/usr/bin/apt-cache";
      "path[apt_config]"          string => "/usr/bin/apt-config";
      "path[apt_get]"             string => "/usr/bin/apt-get";
      "path[apt_key]"             string => "/usr/bin/apt-key";
      "path[aptitude]"            string => "/usr/bin/aptitude";
      "path[dpkg]"                string => "/usr/bin/dpkg";
      "path[groupadd]"            string => "/usr/sbin/groupadd";
      "path[groupdel]"            string => "/usr/sbin/groupdel";
      "path[groupmod]"            string => "/usr/sbin/groupmod";
      "path[ifconfig]"            string => "/sbin/ifconfig";
      "path[ip]"                  string => "/sbin/ip";
      "path[service]"             string => "/usr/sbin/service";
      "path[svc]"                 string => "/usr/sbin/service";
      "path[update_alternatives]" string => "/usr/bin/update-alternatives";
      "path[update_rc_d]"         string => "/usr/sbin/update-rc.d";
      "path[useradd]"             string => "/usr/sbin/useradd";
      "path[userdel]"             string => "/usr/sbin/userdel";
      "path[usermod]"             string => "/usr/sbin/usermod";

    archlinux||darwin::

      "path[sysctl]"        string => "/usr/bin/sysctl";

    !(archlinux||darwin)::

      "path[sysctl]"        string => "/sbin/sysctl";

    !suse::
      "path[logger]"        string => "/usr/bin/logger";

    suse::

      "path[awk]"           string => "/usr/bin/awk";
      "path[bc]"            string => "/usr/bin/bc";
      "path[cat]"           string => "/bin/cat";
      "path[cksum]"         string => "/usr/bin/cksum";
      "path[createrepo]"    string => "/usr/bin/createrepo";
      "path[crontab]"       string => "/usr/bin/crontab";
      "path[crontabs]"      string => "/var/spool/cron/tabs";
      "path[curl]"          string => "/usr/bin/curl";
      "path[cut]"           string => "/usr/bin/cut";
      "path[dc]"            string => "/usr/bin/dc";
      "path[df]"            string => "/bin/df";
      "path[diff]"          string => "/usr/bin/diff";
      "path[dig]"           string => "/usr/bin/dig";
      "path[dmidecode]"     string => "/usr/sbin/dmidecode";
      "path[domainname]"    string => "/bin/domainname";
      "path[echo]"          string => "/bin/echo";
      "path[egrep]"         string => "/usr/bin/egrep";
      "path[ethtool]"       string => "/usr/sbin/ethtool";
      "path[find]"          string => "/usr/bin/find";
      "path[free]"          string => "/usr/bin/free";
      "path[grep]"          string => "/usr/bin/grep";
      "path[hostname]"      string => "/bin/hostname";
      "path[init]"          string => "/sbin/init";
      "path[iptables]"      string => "/usr/sbin/iptables";
      "path[iptables_save]" string => "/usr/sbin/iptables-save";
      "path[ls]"            string => "/bin/ls";
      "path[lsof]"          string => "/usr/bin/lsof";
      "path[netstat]"       string => "/bin/netstat";
      "path[nologin]"       string => "/sbin/nologin";
      "path[ping]"          string => "/bin/ping";
      "path[perl]"          string => "/usr/bin/perl";
      "path[printf]"        string => "/usr/bin/printf";
      "path[sed]"           string => "/bin/sed";
      "path[sort]"          string => "/usr/bin/sort";
      "path[test]"          string => "/usr/bin/test";
      "path[tr]"            string => "/usr/bin/tr";
      "path[logger]"        string => "/bin/logger";
      "path[wget]"          string => "/usr/bin/wget";

      #
      "path[chkconfig]"     string => "/sbin/chkconfig";
      "path[groupadd]"      string => "/usr/sbin/groupadd";
      "path[groupdel]"      string => "/usr/sbin/groupdel";
      "path[groupmod]"      string => "/usr/sbin/groupmod";
      "path[ifconfig]"      string => "/sbin/ifconfig";
      "path[ip]"            string => "/sbin/ip";
      "path[rpm]"           string => "/bin/rpm";
      "path[service]"       string => "/sbin/service";
      "path[useradd]"       string => "/usr/sbin/useradd";
      "path[userdel]"       string => "/usr/sbin/userdel";
      "path[usermod]"       string => "/usr/sbin/usermod";
      "path[zypper]"        string => "/usr/bin/zypper";

    linux|solaris::

      "path[shadow]"       string => "/etc/shadow";

    freebsd|openbsd|netbsd|darwin::

      "path[shadow]"       string => "/etc/master.passwd";

    aix::

      "path[shadow]"       string => "/etc/security/passwd";

    any::

      "all_paths"     slist => getindices("path");
      "$(all_paths)" string => "$(path[$(all_paths)])";

  classes:
      "_have_bin_env" expression => fileexists("/bin/env");
      "_have_bin_systemctl" expression => fileexists("/bin/systemctl");

      "_stdlib_has_path_$(all_paths)"
      expression => isvariable("$(all_paths)"),
      comment    => "It's useful to know if a given path is defined";

      "_stdlib_path_exists_$(all_paths)"
      expression => fileexists("$(path[$(all_paths)])"),
      comment    => "It's useful to know if $(all_paths) exists on the filesystem as defined";
}