| Appendix: Building cfengine yourself |
| Analytical Network and System Administration (TBD) |
| Handbook of Network and System Administration (TBD) |
| Principles of Network and System Administration (TBD) |
| setting variables with functions (TBD) |
| CFEngine 2 reference |
| CFEngine 3 reference (TBD) |
| A complete configuration |
| A simple crash course in concepts |
| Anomaly Detection |
| Authentication |
| Best practice |
| Bundles of agent |
| Bundles of common |
| Bundles of knowledge |
| Bundles of monitor |
| Bundles of server |
| Cfagent reference |
| CFEngine 3.0.2b4 Getting started |
| CFEngine Methods |
| CFEngine past and present |
| CFEngine plugin modules |
| Cfengines package interface |
| Cfexecd reference |
| Cfkey reference |
| Cfservd and cfrun reference |
| Cfshow reference |
| Command reference |
| Common issues |
| Communication Overview |
| Control promises |
| Databases |
| Debugging tips |
| Encryption |
| Enterprise Integration |
| Example configuration files |
| File Access Control Lists |
| How to execute and test a cfengine policy |
| How to run cfengine 3 examples |
| ITIL and cfengine comparison |
| ITIL glossary |
| ITIL past and present |
| Installing CFEngine Nova |
| Introduction to Nova |
| Introduction to reference manual |
| Introduction |
| Iteration |
| Logs and records |
| Managing policy |
| Modularization |
| Monitoring extensions |
| Monitoring with cfengine |
| Network services |
| Nova Commercial Enhancements |
| Patterns |
| Problem solving |
| Report extensions |
| Searching for files |
| Searching for processes |
| Searching for text inside files |
| Security Implications of using cfengine |
| Server extensions |
| Special Variables |
| Special functions |
| Starting with cfrun |
| Summary |
| System automation |
| The components of cfengine |
| Troubleshooting Filters |
| Using cfengine as a front-end for cron |
| Using cfengine to implement ITIL objectives |
| Checksums and change management (TBD) |
| acl (compound body) (TBD) |
| action (compound body) (TBD) |
| association (compound body) (TBD) |
| changes (compound body) (TBD) |
| classes (compound body) (TBD) |
| contain (compound body) (TBD) |
| copy_from (compound body) (TBD) |
| database_server (compound body) (TBD) |
| delete (compound body) (TBD) |
| delete_select (compound body) (TBD) |
| depth_search (compound body) (TBD) |
| edit_defaults (compound body) (TBD) |
| edit_field (compound body) (TBD) |
| file_select (compound body) (TBD) |
| insert_select (compound body) (TBD) |
| link_from (compound body) (TBD) |
| location (compound body) (TBD) |
| match_value (compound body) (TBD) |
| module |
| mount (compound body) (TBD) |
| package_method (compound body) (TBD) |
| perms (compound body) (TBD) |
| printfile (compound body) (TBD) |
| process_count (compound body) (TBD) |
| process_select (compound body) (TBD) |
| rename (compound body) (TBD) |
| replace_with (compound body) (TBD) |
| select_region (compound body) (TBD) |
| tcp_ip (compound body) (TBD) |
| tidy (TBD) |
| volume (compound body) (TBD) |
| * promises in agent |
| * promises in edit_line |
| A file content change report |
| A promise compliance report |
| A renewed cfengine |
| A theory for ITIL |
| Abandon Autonomy? |
| AbortAtLineMatching |
| AbortClasses |
| About Promises |
| About the cfengine architecture |
| Access Example |
| Access control entries |
| AccessedBefore |
| Active Monitoring |
| AddClasses |
| AddInstallable |
| Additional reports in commcerical cfengine versions |
| Alert |
| Allow ssh root login |
| AllowConnectionsFrom |
| AllowMultipleConnectionsFrom |
| AllowRedefinitionOf |
| AllowUsers |
| Append |
| AppendIfNoLineMatching |
| AppendIfNoSuchLine |
| AppendIfNoSuchLinesFromFile |
| AppendToLineIfNotContains |
| Arrays in cfengine 3 |
| Aspect orientation |
| Audit in editfiles |
| Audit |
| Auditing |
| AutoCreate |
| AutoDefine |
| AutoExecCommand |
| AutoExecInterval |
| AutomountDirectResources |
| Availability and Capacity Management |
| Availability |
| Backup in editfiles |
| Baseline |
| Basic promise definitions |
| BeginGroupIfDefined |
| BeginGroupIfFileExists |
| BeginGroupIfFileIsNewer |
| BeginGroupIfLineContaining |
| BeginGroupIfLineMatching |
| BeginGroupIfMatch |
| BeginGroupIfNoLineContaining |
| BeginGroupIfNoLineMatching |
| BeginGroupIfNoMatch |
| BeginGroupIfNoSuchLine |
| BeginGroupIfNotDefined |
| Benchmark |
| Best practice for LDAP integration |
| Best practice for writing promises |
| BinaryPaddingChar |
| BindToInterface in cfagent |
| BindToInterface in cfservd |
| Bootstrapping the knowledge base |
| Bottom up |
| BreakIfLineMatches |
| Build a web farm |
| Build an HPC cluster |
| Building flexible time classes |
| Business alignment |
| Business processes and goals |
| CMDB Asset Management |
| Capability |
| CatchAbort |
| Cfagent collected data |
| Cfagent intro |
| Cfagent runtime options |
| CFEngine 3 Generic ACL Syntax |
| CFEngine Components |
| CFEngine and Firewalls |
| CFEngine classes |
| CFEngine hard classes |
| CFEngine in ITIL clothes? |
| CFEngine network services |
| CFEngine trust model |
| Cfenvd, a learning agent |
| Change Detection |
| Change Management in ITIL |
| Change detection |
| Change management in the enterprise |
| Change management vs convergence |
| Change record |
| ChangedBefore |
| Changing a password |
| Changing owner |
| Changing permissions |
| Checking a file |
| ChecksumDatabase in cfagent |
| ChecksumDatabase in cfservd |
| ChecksumPurge |
| ChecksumUpdates |
| Checksums and change management |
| ChildLibPath |
| Choosing a scheduling interval |
| Chronological Analysis |
| ClassMatch |
| CommentLinesMatching |
| CommentLinesStarting |
| CommentNLines |
| CommentToLineMatching |
| Commenting lines |
| Communication example 1 |
| Communication example 10 |
| Communication example 11 |
| Communication example 12 |
| Communication example 2 |
| Communication example 3 |
| Communication example 4 |
| Communication example 5 |
| Communication example 6 |
| Communication example 7 |
| Communication example 8 |
| Communication example 9 |
| Complete filter examples |
| CompressCommand |
| Computing hashes or digests |
| Computing hashes |
| Concepts |
| Configuration Item (CI) |
| Configuration Management Database (CMDB) |
| Configuration |
| Containers |
| Continual Service Improvement |
| Control promises |
| Controlling Directory Tree Traversal |
| Convergence |
| CopyLinks |
| Creating SQL databases |
| Creating a database directly |
| Creating a database manually |
| Creating a point of contact on a server |
| Creating a registry key |
| Creating a value-data pair |
| Cryptographic checksums |
| Custom promises to measure |
| Customize by constant/fixed gold overlay |
| DFS ACLs |
| DHCP and Dynamic Addresses |
| DPKGInstallCommand |
| Database access rights |
| Database table promises |
| Debugging with signals |
| Decisions |
| DefaultCopyType |
| DefaultPkgMgr |
| DefineClasses |
| DefineInGroup |
| Delegating responsibility |
| Delegation |
| DeleteLinesAfterThisMatching |
| DeleteLinesContaining/DeleteLinesNotContaining |
| DeleteLinesMatching/DeleteLinesNotMatching |
| DeleteLinesNotContainingFileItems |
| DeleteLinesNotMatchingFileItems |
| DeleteLinesNotStartingFileItems |
| DeleteLinesStarting |
| DeleteNLines |
| DeleteNonOwnerFiles |
| DeleteNonOwnerMail |
| DeleteNonUserFiles |
| DeleteNonUserMail |
| DeleteToLineMatching |
| Deleting registry keys |
| Deleting registry values |
| Deny permissions |
| DenyBadClocks |
| DenyConnectionsFrom |
| Developer structures |
| Direct customization by cfengine |
| Directory permissions |
| Disk scans |
| Distribute root passwords |
| Distributed discovery |
| Do I need cron? |
| Document |
| DryRun |
| DynamicAddresses |
| EditDNS |
| EditMode and binary editing |
| EditSplit |
| Editfiles on Binary Files |
| Editing files |
| Editing self-test questions |
| Editing tabular files |
| Effective permissions |
| ElseDefineClasses |
| Embedded Databases |
| Emergency Change |
| EmptyEntireFilePlease |
| EmptyResolvConf |
| Encryption |
| EndGroup |
| EndLoop |
| Entity types |
| Entropy and its interpretation |
| Error |
| Event |
| Example file filter - by magic number |
| Example file filter - compress files |
| Example file filter - custom scanner |
| Example file filter - find files changed |
| Example file filter - setuid |
| Example file filter - tidy junk |
| Example file filter by link destination |
| Example file filter combined parameters |
| Example of packages |
| Example process filter - started recently |
| Example process filter by accumulated time |
| Example remote scalar lookup |
| Examples of modules |
| Examples of text matching in editfiles |
| Examples setting classes |
| Exception, Failure, Event, Summary |
| Exclamation |
| ExcludeCopy |
| ExcludeLink |
| ExpandVariables |
| ExpireAfter editfiles |
| ExpireAfter |
| Extracting one-off numerical data |
| Extraction strings and logging |
| Extraction to list variable |
| Failure |
| Familiarizing yourself |
| File ACL example |
| File Filter Parameters |
| File Filters |
| FileExists |
| FileExtensions |
| Filenames and paths |
| Files linkchildren |
| Filter |
| Firewalls and NATs |
| FixEndOfLine |
| Fluctuation profiles |
| ForEachLineIn quoted-filename |
| FreeBSDInstallCommand |
| FreeBSDRemoveCommand |
| FriendIgnoreRegex |
| From an authorized cache directory to different locations |
| FullEncryption |
| Function accessedbefore |
| Function accumulated |
| Function ago |
| Function canonify |
| Function changedbefore |
| Function classify |
| Function classmatch |
| Function execresult |
| Function fileexists |
| Function filesexist |
| Function getgid |
| Function getindices |
| Function getuid |
| Function groupexists |
| Function hash |
| Function hashmatch |
| Function hostinnetgroup |
| Function hostrange |
| Function iprange |
| Function irange |
| Function isdir |
| Function isgreaterthan |
| Function islessthan |
| Function islink |
| Function isnewerthan |
| Function isplain |
| Function isvariable |
| Function lastnode |
| Function ldaparray |
| Function ldaplist |
| Function ldapvalue |
| Function now |
| Function on |
| Function peerleader |
| Function peerleaders |
| Function peers |
| Function randomint |
| Function readfile |
| Function readintarray |
| Function readintlist |
| Function readrealarray |
| Function readreallist |
| Function readstringarray |
| Function readstringlist |
| Function readtcp |
| Function regarray |
| Function regcmp |
| Function registryvalue |
| Function regldap |
| Function regline |
| Function reglist |
| Function remotescalar |
| Function returnszero |
| Function rrange |
| Function selectservers |
| Function splayclass |
| Function splitstring |
| Function strcmp |
| Function usemodule |
| Function userexists |
| Fundamental CFEngine Concepts |
| Garbage collection |
| Generating a local knowledge map |
| Generic syntax examples |
| Generic syntax mapping |
| Getting started with the Community Edition |
| Global and local classes |
| Global criteria (per promise rule) |
| GotoLastLine |
| GroupExists |
| Hard Links |
| Hard links in copying |
| HashCommentLinesContaining |
| HashCommentLinesMatching |
| HashCommentLinesStarting |
| Hashes and Message Digests |
| Hashes or Digests |
| Hello world |
| HomePattern |
| HostRange |
| HostnameKeys in cfagent |
| HostnameKeys in cfservd |
| How can cfengine or promises help an enterprise |
| How do you view cfengine? |
| How services work |
| How to manage databases |
| How we wrote this document, Promise concepts voluntary cooperation, Summary, Summary |
| IP address ranges |
| IPRange |
| ITIL Configuration Management (CM) |
| ITIL and its versions |
| ITIL concepts for authoring, Promise concepts voluntary cooperation, Summary, Summary |
| ITIL introduced |
| ITIL processes |
| ITIL terminology |
| ITILv2 Service Support and Service Delivery |
| ITILv3 Management from the Service Life Cycle Perspective |
| IfElapsed in cfagent |
| IfElapsed in cfservd |
| IfElapsed |
| IgnoreInterfaceRegex |
| Incident Management vs Maintenance |
| Incident and problem management |
| Incident |
| Inclusion and Exclusion Patterns |
| IncrementPointer quoted-number |
| Inform editfiles |
| Inform |
| Infrastructure or management? |
| Inheritance |
| InsertFile |
| InsertLine |
| Installation |
| Installed setuid program report |
| Installed software packages |
| Installing the software |
| Integrate cfengine with jumpstart/kickstart |
| InterfaceName |
| Intermittency times |
| Interpreting anomalies |
| Introduction |
| Intrusion detection |
| Is automation worthwhile? |
| IsDefined |
| IsDir |
| IsGreaterThan |
| IsLessThan |
| IsLink |
| IsNewerThan |
| IsPlain |
| Iteration over lists as a pattern |
| Iteration over lists |
| Key exchange |
| Knowledge map creation |
| LDAP function examples |
| LDAP integration |
| Laptop support configuration |
| Last seen database |
| LastSeen |
| LastSeenExpireAfter |
| Line based editing patterns |
| Link Children |
| LinkCopies |
| List variable substitution and expansion |
| List variables |
| Local criteria (per promise rule) |
| Local method examples |
| Localhost examples |
| LocateLineMatching |
| Log rotation |
| LogAllConnections |
| LogDirectory |
| LogEncryptedTransfers |
| LogTidyHomeFiles |
| Long term trends |
| Loops and lists in cfengine 3 |
| Loops |
| MS Registry functions |
| Managing diverse and challenging environmens seamlessly and invisibly |
| Managing expectations - a theory of promises |
| MaxConnections |
| Method self-test questions |
| Methodology to organize systems |
| Modelling policy |
| Modularization self-test questions |
| Module self-test questions |
| Modules can define classes |
| Monitoring features |
| Monitoring file changes |
| Monitoring |
| Mount NFS filesystem |
| Multiple Links |
| NT ACLs |
| NTFS ACL examples |
| NTFS ACL type |
| NTFS-specific ACL syntax |
| Neighbourhood watch and tampering |
| Neighbourhood watch |
| NonAlphaNumFiles |
| Normal ordering |
| Object orientation |
| One or Many Hosts |
| Options related to modules |
| Ordering promises |
| Organizing the files into classes |
| Other reasons for modules |
| Other users than root |
| Overlay an expandable template with cfengine |
| Overriding a policy file |
| Overriding |
| Owner and group wildcards |
| Owners |
| POSIX ACL examples |
| POSIX ACL type |
| POSIX-specific ACL syntax |
| Package upgrade or install? |
| Packages |
| Passive Monitoring |
| Pattern matching and referencing |
| Patterns self-test questions |
| PercentCommentLinesContaining |
| PercentCommentLinesMatching |
| PercentCommentLinesStarting |
| Performance logs |
| Performance |
| Permissions |
| Policy Mirror in the DMZ |
| Policy |
| PopulateDNS |
| PortageInstallCommand |
| Posix ACL Example |
| Postfix mail configuration |
| PrepModule |
| Preparatory Modules |
| Prepend |
| PrependIfNoLineMatching |
| PrependIfNoSuchLine |
| Proactive Monitoring, Problem, Policy, Summary |
| Problem |
| Productivity and Documentation |
| Promise, Reactive Monitoring, Problem, Summary |
| Promises, Actions and Operations |
| Promising voluntary cooperation, Road-map for adoption, Summary, Summary |
| Public Key Exchange Issues |
| Pulling through a wormhole |
| RPMInstallCommand |
| RPMcommand |
| Reactive Monitoring |
| Record |
| Recovery from errors in the configuration |
| Recovery from errors in the software |
| Recovery |
| Recurse |
| Recursion |
| Regcmp |
| Regular expressions |
| Relative and absolute links |
| Release Management in ITIL |
| Release management |
| Release, Request for Change, Repair, Summary |
| Remediation |
| Reminder about classes |
| Remote access explained |
| Remote access troubleshooting |
| Remote execution of cf-agent |
| Remote file distribution |
| Remote host examples |
| Remote method examples |
| RepChar |
| Repair |
| ReplaceAll/With |
| ReplaceFirst/With |
| ReplaceLineWith |
| ReplaceLinesMatchingField |
| Replacing Text fragments |
| Replacing fields in tabular files |
| Reporting |
| Reports added in Nova |
| Reports in outputs |
| Repository editfiles |
| Repository |
| Request for Change |
| ResetSearch |
| Resilience |
| Restoration |
| ReturnsZero |
| ReturnsZeroShell |
| Road-map for adoption |
| Role based access control |
| Role |
| Rollback or remediation |
| Rollout and installation |
| Rules are promises |
| RunScript |
| RunScriptIfLineMatching |
| RunScriptIfNoLineMatching |
| Runaway change warning |
| SUNInstallCommand |
| Scalability |
| Scalar variable expansion |
| Scalar variables |
| Scaling up |
| Scanning and restoring the registry |
| Scenario 1 |
| Scenario 2 |
| Scenario 3 |
| Schedule |
| SecureInput |
| Security of pulling files |
| SensibleCount |
| SensibleSize |
| Server access resource type |
| Server connection |
| Service Design |
| Service Level Agreement |
| Service Level Management (SLM) |
| Service Management |
| Service Operation |
| Service Strategy |
| Service desk |
| Service orientation and ITIL |
| Set up a DNS server |
| Set up a PXE boot server |
| Set up a web server |
| Set up name resolution |
| SetCommentEnd |
| SetCommentStart |
| SetLine |
| SetScript |
| Setting classes with special functions |
| Setting up users |
| Setting variables with functions |
| ShowActions |
| Single links |
| SingleCopy |
| SkipIdentify |
| SkipVerify |
| SlashCommentLinesContaining |
| SlashCommentLinesMatching |
| SlashCommentLinesStarting |
| Software packaging in ITIL |
| Solaris ACLs |
| Special variables |
| SplayTime |
| Splaying host times |
| Split |
| SplitOn |
| SpoolDirectories |
| Starting the software |
| Starting with anomaly detection |
| State information |
| Storing modules and methods |
| Strcmp |
| Structuring commands promises |
| Syntax lookup on the command line |
| Syntax of packages |
| Syntax |
| Syslog editfiles |
| Syslog |
| SyslogFacility |
| System Auditing |
| Tamperproof data and distributed monitoring |
| Tamperproof data |
| Tar package installation |
| Teams and collaboration |
| Testing as a non-privilieged user |
| Text editing self-test questions |
| Text logs |
| The bear necessities of a cfengine 3 |
| The file cfagent.conf |
| The knowledge.cf file |
| The main promise types |
| The moduledirectory |
| The players |
| The plugin itself |
| The policy decision flow |
| The recommended architecture |
| The single cron job approach |
| The update bundle - provisioning |
| The work directory |
| Tidying garbage files |
| Time windows (races) |
| TimeOut |
| Too many open files |
| Tool Support |
| Top down |
| Traditional IT Management |
| Trouble shooting the knowledge base |
| TrustKeysFrom |
| Types in cfengine 3 |
| Umask |
| UnCommentLinesContaining |
| UnCommentLinesMatching |
| UnCommentNLines |
| UnCommentToLineMatching |
| Understanding dependencies |
| Uniformity |
| Unmount NFS filesystem |
| UnsetAbort |
| Upgrading from cfengine 2 |
| UseShell |
| User experiences on organizing policy |
| User passwords |
| UserExists |
| Uses for custom monitoring |
| Using cfenvgraph |
| Using the cfrun command |
| Using the class environment in plugins |
| Variable const.dollar |
| Variable const.endl |
| Variable const.n |
| Variable const.r |
| Variable context const |
| Variable context mon |
| Variable context sys |
| Variable expansion and contexts |
| Variable expansion in cfengine 3 |
| Variable mon.average_cfengine_in |
| Variable mon.average_cfengine_out |
| Variable mon.average_cpu |
| Variable mon.average_cpu0 |
| Variable mon.average_cpu1 |
| Variable mon.average_cpu2 |
| Variable mon.average_cpu3 |
| Variable mon.average_diskfree |
| Variable mon.average_dns_in |
| Variable mon.average_dns_out |
| Variable mon.average_ftp_in |
| Variable mon.average_ftp_out |
| Variable mon.average_icmp_in |
| Variable mon.average_icmp_out |
| Variable mon.average_irc_in |
| Variable mon.average_irc_out |
| Variable mon.average_loadavg |
| Variable mon.average_messages |
| Variable mon.average_netbiosdgm_in |
| Variable mon.average_netbiosdgm_out |
| Variable mon.average_netbiosns_in |
| Variable mon.average_netbiosns_out |
| Variable mon.average_netbiosssn_in |
| Variable mon.average_netbiosssn_out |
| Variable mon.average_nfsd_in |
| Variable mon.average_nfsd_out |
| Variable mon.average_otherprocs |
| Variable mon.average_rootprocs |
| Variable mon.average_smtp_in |
| Variable mon.average_smtp_out |
| Variable mon.average_ssh_in |
| Variable mon.average_ssh_out |
| Variable mon.average_syslog |
| Variable mon.average_tcpack_in |
| Variable mon.average_tcpack_out |
| Variable mon.average_tcpfin_in |
| Variable mon.average_tcpfin_out |
| Variable mon.average_tcpmisc_in |
| Variable mon.average_tcpmisc_out |
| Variable mon.average_tcpsyn_in |
| Variable mon.average_tcpsyn_out |
| Variable mon.average_temp0 |
| Variable mon.average_temp1 |
| Variable mon.average_temp2 |
| Variable mon.average_temp3 |
| Variable mon.average_udp_in |
| Variable mon.average_udp_out |
| Variable mon.average_users |
| Variable mon.average_webaccess |
| Variable mon.average_weberrors |
| Variable mon.average_www_in |
| Variable mon.average_www_out |
| Variable mon.average_wwws_in |
| Variable mon.average_wwws_out |
| Variable mon.stddev_cfengine_in |
| Variable mon.stddev_cfengine_out |
| Variable mon.stddev_cpu |
| Variable mon.stddev_cpu0 |
| Variable mon.stddev_cpu1 |
| Variable mon.stddev_cpu2 |
| Variable mon.stddev_cpu3 |
| Variable mon.stddev_diskfree |
| Variable mon.stddev_dns_in |
| Variable mon.stddev_dns_out |
| Variable mon.stddev_ftp_in |
| Variable mon.stddev_ftp_out |
| Variable mon.stddev_icmp_in |
| Variable mon.stddev_icmp_out |
| Variable mon.stddev_irc_in |
| Variable mon.stddev_irc_out |
| Variable mon.stddev_loadavg |
| Variable mon.stddev_messages |
| Variable mon.stddev_netbiosdgm_in |
| Variable mon.stddev_netbiosdgm_out |
| Variable mon.stddev_netbiosns_in |
| Variable mon.stddev_netbiosns_out |
| Variable mon.stddev_netbiosssn_in |
| Variable mon.stddev_netbiosssn_out |
| Variable mon.stddev_nfsd_in |
| Variable mon.stddev_nfsd_out |
| Variable mon.stddev_otherprocs |
| Variable mon.stddev_rootprocs |
| Variable mon.stddev_smtp_in |
| Variable mon.stddev_smtp_out |
| Variable mon.stddev_ssh_in |
| Variable mon.stddev_ssh_out |
| Variable mon.stddev_syslog |
| Variable mon.stddev_tcpack_in |
| Variable mon.stddev_tcpack_out |
| Variable mon.stddev_tcpfin_in |
| Variable mon.stddev_tcpfin_out |
| Variable mon.stddev_tcpmisc_in |
| Variable mon.stddev_tcpmisc_out |
| Variable mon.stddev_tcpsyn_in |
| Variable mon.stddev_tcpsyn_out |
| Variable mon.stddev_temp0 |
| Variable mon.stddev_temp1 |
| Variable mon.stddev_temp2 |
| Variable mon.stddev_temp3 |
| Variable mon.stddev_udp_in |
| Variable mon.stddev_udp_out |
| Variable mon.stddev_users |
| Variable mon.stddev_webaccess |
| Variable mon.stddev_weberrors |
| Variable mon.stddev_www_in |
| Variable mon.stddev_www_out |
| Variable mon.stddev_wwws_in |
| Variable mon.stddev_wwws_out |
| Variable mon.value_cfengine_in |
| Variable mon.value_cfengine_out |
| Variable mon.value_cpu |
| Variable mon.value_cpu0 |
| Variable mon.value_cpu1 |
| Variable mon.value_cpu2 |
| Variable mon.value_cpu3 |
| Variable mon.value_diskfree |
| Variable mon.value_dns_in |
| Variable mon.value_dns_out |
| Variable mon.value_ftp_in |
| Variable mon.value_ftp_out |
| Variable mon.value_icmp_in |
| Variable mon.value_icmp_out |
| Variable mon.value_irc_in |
| Variable mon.value_irc_out |
| Variable mon.value_loadavg |
| Variable mon.value_messages |
| Variable mon.value_netbiosdgm_in |
| Variable mon.value_netbiosdgm_out |
| Variable mon.value_netbiosns_in |
| Variable mon.value_netbiosns_out |
| Variable mon.value_netbiosssn_in |
| Variable mon.value_netbiosssn_out |
| Variable mon.value_nfsd_in |
| Variable mon.value_nfsd_out |
| Variable mon.value_otherprocs |
| Variable mon.value_rootprocs |
| Variable mon.value_smtp_in |
| Variable mon.value_smtp_out |
| Variable mon.value_ssh_in |
| Variable mon.value_ssh_out |
| Variable mon.value_syslog |
| Variable mon.value_tcpack_in |
| Variable mon.value_tcpack_out |
| Variable mon.value_tcpfin_in |
| Variable mon.value_tcpfin_out |
| Variable mon.value_tcpmisc_in |
| Variable mon.value_tcpmisc_out |
| Variable mon.value_tcpsyn_in |
| Variable mon.value_tcpsyn_out |
| Variable mon.value_temp0 |
| Variable mon.value_temp1 |
| Variable mon.value_temp2 |
| Variable mon.value_temp3 |
| Variable mon.value_udp_in |
| Variable mon.value_udp_out |
| Variable mon.value_users |
| Variable mon.value_webaccess |
| Variable mon.value_weberrors |
| Variable mon.value_www_in |
| Variable mon.value_www_out |
| Variable mon.value_wwws_in |
| Variable mon.value_wwws_out |
| Variable sys.arch |
| Variable sys.cdate |
| Variable sys.class |
| Variable sys.date |
| Variable sys.domain |
| Variable sys.fqhost |
| Variable sys.fstab |
| Variable sys.host |
| Variable sys.long_arch |
| Variable sys.maildir |
| Variable sys.os |
| Variable sys.ostype |
| Variable sys.release |
| Variable sys.resolv |
| Variable sys.uqhost |
| Variable sys.workdir |
| Variables |
| Verbose |
| Version control and rollback |
| Voluntary Cooperation |
| WarnIfFileMissing |
| WarnIfLineContaining |
| WarnIfLineMatching |
| WarnIfLineStarting |
| WarnIfNoLineContaining |
| WarnIfNoLineMatching |
| WarnIfNoLineStarting |
| WarnIfNoSuchLine |
| WarnNonOwnerFiles |
| WarnNonOwnerMail |
| WarnNonUserFiles |
| WarnNonUserMail |
| Warning |
| Warnings |
| Web server modules |
| What is maintenance? |
| What should a failsafe and update file contain? |
| When and where are promises made? |
| Which ITIL processes apply to cfengine? |
| Why automation? |
| Why cfengine modules? |
| Wildcards and Regular expressions |
| Windows ACL Example |
| Work directory |
| Writing plugin modules |
| abortbundleclasses |
| abortclasses |
| access promises in server |
| access |
| acl (compound body) |
| acl |
| action (compound body) |
| actionsequence |
| addclasses |
| admit |
| admit, grant and deny |
| agent control promises |
| agentaccess |
| agentfacility |
| alerts |
| allowallconnects |
| allowconnects |
| allowusers |
| and |
| args |
| association (compound body) |
| auditing |
| authorize |
| auto_scaling |
| background_children |
| binarypaddingchar |
| bindtointerface |
| binservers |
| broadcast |
| build_directory |
| bundlesequence |
| cf-agent - cfengines change agent |
| cf-execd - cfengines execution agent |
| cf-execd |
| cf-know - cfengines knowledge agent |
| cf-monitord - cfengines monitoring agent |
| cf-promises - cfengines promise analyzer |
| cf-report - cfengines reporting agent |
| cf-runagent - Run agent |
| cf-serverd - cfengines server agent |
| cf.freebsd / cf.netbsd |
| cf.groups |
| cf.linux |
| cf.main |
| cf.motd |
| cf.preconf bootstrap file |
| cf.site |
| cf.solaris |
| cf.users |
| cfagent command options |
| cfagent.conf |
| cfbrain |
| cfenvd command options |
| cfenvgraph |
| cfexecd command options |
| cfkey |
| cfrc resource file |
| cfrun command options |
| cfrun |
| cfrunCommand |
| cfruncommand |
| cfservd command options |
| cfservd.conf tutorial |
| cfshow |
| changes (compound body) |
| childlibpath |
| classes (compound body) |
| classes promises |
| classes |
| commands promises in agent |
| comment |
| common control promises |
| contain (compound body) |
| control cfservd |
| control |
| copy example |
| copy |
| copy_from (compound body) |
| create |
| csv2xml |
| data_type |
| database_columns |
| database_operation |
| database_rows |
| database_server (compound body) |
| database_type |
| databases promises in agent |
| default_repository |
| default_timeout |
| defaultcopytype |
| defaultroute |
| delete (compound body) |
| delete_lines promises in edit_line |
| delete_select (compound body) |
| deny |
| denybadclocks |
| denyconnects |
| depends_on |
| depth_search (compound body) |
| directories |
| disable |
| disks |
| dist |
| domain |
| dryrun |
| dynamicaddresses |
| edit_defaults (compound body) |
| edit_field (compound body) |
| edit_line |
| edit_xml |
| editbinaryfilesize |
| editfiles |
| editfilesize |
| encrypt |
| encrypt=true |
| environment |
| error_bars |
| exclamation |
| exec_command |
| executor control promises |
| executorfacility |
| expand_scalars |
| expireafter |
| expression |
| failsafe.cf |
| field_edits promises in edit_line |
| file_select (compound body) |
| files promises in agent |
| files |
| files_auto_define |
| files_single_copy |
| filters |
| force_ipv4 |
| forgetrate |
| friend_pattern |
| fullencryption |
| generate_manual |
| graph_directory |
| graph_output |
| groups/classes |
| handle |
| hashupdates |
| histograms |
| history_type |
| home directive |
| homeservers |
| hostnamekeys |
| hosts |
| html_banner |
| html_embed |
| html_footer |
| id_prefix |
| ifelapsed |
| ifencrypted |
| ifvarclass |
| ignore |
| ilist |
| import |
| inform |
| inputs |
| insert_lines promises in edit_line |
| insert_select (compound body) |
| insert_type |
| int |
| interfaces promises in agent |
| interfaces |
| intermittency |
| knowledge control promises |
| lastseen |
| lastseenexpireafter |
| link_from (compound body) |
| links |
| location (compound body) |
| logallconnections |
| logencryptedtransfers |
| mailfrom |
| mailmaxlines |
| mailserver |
| mailto |
| manual_source_directory |
| maproot |
| match_value (compound body) |
| max_children |
| maxconnections |
| measurements promises in monitor |
| methods promises in agent |
| methods |
| miscmounts |
| module |
| moduledirectory |
| monitor control promises |
| monitorfacility |
| mount (compound body) |
| mountables |
| mountfilesystems |
| mountpattern |
| move_obstructions |
| netmask |
| nfstype |
| nonalphanumfiles |
| not |
| not_matching |
| occurrences promises in knowledge |
| or |
| output_prefix |
| output_to_file |
| package_architectures |
| package_method (compound body) |
| package_policy |
| package_select |
| package_version |
| packages promises in agent |
| path_root |
| pathtype |
| perms (compound body) |
| policy |
| port |
| printfile (compound body) |
| process_count (compound body) |
| process_select (compound body) |
| process_stop |
| processes promises in agent |
| processes |
| promises.cf |
| query_engine |
| query_output |
| real |
| registry_exclude |
| rename (compound body) |
| rename |
| repchar |
| replace_patterns promises in edit_line |
| replace_with (compound body) |
| report_output |
| report_to_file |
| reporter control promises |
| reports promises |
| reports |
| repository |
| representation |
| represents |
| require_comments |
| required |
| resolve |
| resource_type |
| restart_class |
| rlist |
| roles promises in server |
| root= |
| runagent control promises |
| schedule |
| scli |
| secureinput |
| select_region (compound body) |
| sensiblecount |
| sensiblesize |
| server control promises |
| serverfacility |
| shellcommands |
| showstate |
| signals |
| site.cf |
| site/faculty |
| skipidentify |
| skipverify |
| slist |
| smtpserver |
| splaytime |
| sql_connection_db |
| sql_database |
| sql_owner |
| sql_passwd |
| sql_server |
| sql_type |
| storage promises in agent |
| strategies |
| stream_type |
| string |
| style_sheet |
| suspiciousnames |
| sysadm |
| syslog |
| tcp_ip (compound body) |
| tcpdump |
| tcpdumpcommand |
| tidy |
| time_stamps |
| timezone |
| topics promises in knowledge |
| touch |
| transformer |
| trustkey |
| trustkeysfrom |
| units |
| unmount |
| update.cf |
| usebundle |
| vars promises |
| verbose |
| version |
| volume (compound body) |
| web_root |
| xor |
| email address (TBD) |
| home page (TBD) |
| phone number mobile (TBD) |
| phone number office (TBD) |
| website (TBD) |
| .a files (ld library static archive) |
| .c files (C compiler source files) |
| .l files (Lex/Flex lexer input file) |
| .o files (Compiled object code from any source) |
| .so files (ld shared object/library file) |
| .y files (Yacc/Bison inpur grammer file) |
| /etc/filesystems (Unix list of available file systems and devices) |
| /etc/fstab (Unix list of available file systems and devices) |
| /etc/ftpusers (A file denying ftp access to named users) |
| /etc/hosts.allow (A file granting access to TCP services if support is compiled in) |
| /etc/hosts.deny (A file denying access to TCP services support is compiled in) |
| /etc/ldso.conf (ld shared object loader configuration file) |
| /etc/passwd (Unix system user database file) |
| /etc/printers.conf (Unix print spooler configuration file) |
| /etc/resolv.conf (The resolver/name service configuration) |
| /etc/shadow (Unix system password hash file) |
| /etc/vfstab (Unix list of available file systems and devices) |
| a.out (Default name for a compiled and linked program) |
| executable files (Files representing executable programs) |
| ftpusers |
| passwd (TBD) |
| resolv.conf (TBD) |
| setgid files (Files that grant temporary group membership) |
| setuid files (Files that grant temporary privilege as another user) |
| shadow (TBD) |
| CMDB (Configuration Management Database) |
| application management (Deploying and patching applications) |
| auditing (Transactional logging) |
| automation (Benefits and techniques) |
| change management (Implementing, detecting and repairing changes) |
| compliance (Frameworks for standardizing and regulating systems) |
| configuration management (Deciding and maintaining the data and processes resources of computer systems) |
| getting started with cfengine (Basic concepts and tips) |
| getting started with copernicus (Introduction to browsing the knowledge base) |
| identity management (Managing user accounts) |
| incident management (Repairing policy violations) |
| information categories (Document types) |
| miscellaneous concepts (An orphanage for unclassified concepts) |
| monitoring (Scanning and measuring systems) |
| policy (Describing how systems should behave) |
| reporting (Extracting information in human readable form) |
| self-healing (Automated maintenance) |
| ITIL: Important Foundations |
| Method example: DNS server setup |
| Method example: SSH key distribution |
| Alva Couch (TBD) |
| Jan Bergstra (TBD) |
| Mark Burgess |
| Steve Pepper (TBD) |
| models of knowledge (TBD) |
| models of organization (TBD) |
| models of system administration (TBD) |
| Frequently Asked Topics (TBD) |
| cf-QuickRef2 (TBD) |
| cf-QuickRef3 (TBD) |
| cf2-Filters (TBD) |
| cf2-Modularize (TBD) |
| cf2-Packages (TBD) |
| cf2-Reference (TBD) |
| cf2-anomaly (TBD) |
| cf2-enterprise (TBD) |
| cf2-remotecomm (TBD) |
| cf3-reference (TBD) |
| cf3-solutions (TBD) |
| cf3-tutorial (TBD) |
| cfnova (TBD) |
| backup (TBD) |
| email (TBD) |
| storage (storage as a concept) |
| web services (TBD) |
| webserver (TBD) |
| lvalue |
| rvalue |
| aces (Native settings for access control entry) |
| acl (Criteria for access control lists on file) |
| acl_directory_inherit (Access control list type for the affected file system) |
| acl_method (Editing method for access control list) |
| acl_type (Access control list type for the affected file system) |
| action (Output behaviour) |
| action_policy (Whether to repair or report about non-kept promises) |
| admit (List of host names or IP addresses to grant access to file objects) |
| allow_blank_fields (true/false allow blank fields in a line (do not purge)) |
| and (Combine class sources with AND) |
| args (Alternative string of arguments for the command (concatenated with promiser string)) |
| associates (List of associated topics by this forward relationship) |
| association (Declare associated topics) |
| atime (Range of access times (atime) for acceptable files) |
| audit (true/false switch for detailed audit records of this promise) |
| authorize (List of public-key user names that are allowed to activate the promised class during remote agent activation) |
| background (true/false switch for parallelizing the promise repair) |
| backward_relationship (Name of backward/inverse association from associates to promiser topic) |
| before_after (Menu option, point cursor before of after matched line) |
| bsdflags (List of menu options for bsd file system flags to set) |
| changes (Criteria for change management) |
| chdir (Directory for setting current/base directory for the process) |
| check_foreign (true/false verify storage that is mounted from a foreign system on this host) |
| check_root (true/false check permissions on the root directory when depth_search) |
| chroot (Directory of root sandbox for process) |
| classes (Signalling behaviour) |
| command (Regular expression matching the command/cmd field of a process) |
| comment (A comment about this promise's real intention that follows through the program) |
| compare (Menu option policy for comparing source and image file attributes) |
| contain (Containment options for the execution process) |
| copy_backup (Menu option policy for file backup/version control) |
| copy_from (Criteria for copying file from a source) |
| copy_patterns (A set of patterns that should be copied ansd synchronized instead of linked) |
| copy_size (Integer range of file sizes that may be copied) |
| copylink_patterns (List of patterns matching files that should be linked instead of copied) |
| create (true/false whether to create non-existing file) |
| ctime (Range of change times (ctime) for acceptable files) |
| data_type (The datatype being collected.) |
| database_columns (A list of column definitions to be promised by SQL databases) |
| database_operation (The nature of the promise - to be or not to be) |
| database_rows (An ordered list of row values to be promised by SQL databases) |
| database_server (Credentials for connecting to a local/remote database server) |
| database_type (The type of database that is to be manipulated) |
| db_server_connection_db (The name of an existing database to connect to in order to create/manage other databases) |
| db_server_host (Hostname or address for connection to database, blank means localhost) |
| db_server_owner (User name for database connection) |
| db_server_password (Clear text password for database connection) |
| db_server_type (The dialect of the database server) |
| delete (Criteria for deleting files) |
| delete_if_contains_from_list (Delete line if a regex in the list match a line fragment) |
| delete_if_match_from_list (Delete line if it fully matches a regex in the list) |
| delete_if_not_contains_from_list (Delete line if a regex in the list DOES NOT match a line fragment) |
| delete_if_not_match_from_list (Delete line if it DOES NOT fully match a regex in the list) |
| delete_if_not_startwith_from_list (Delete line if it DOES NOT start with a string in the list) |
| delete_if_startwith_from_list (Delete line if it starts with a string in the list) |
| delete_select (Delete only if lines pass filter criteria) |
| deny (List of host names or IP addresses to deny access to file objects) |
| depends_on (A list of promise handles that this promise builds on or depends on somehow (for knowledge management)) |
| depth (Maximum depth level for search) |
| depth_search (Criteria for file depth searches) |
| dirlinks (Menu option policy for dealing with symbolic links to directories during deletion) |
| disable (true/false automatically rename and remove permissions) |
| disable_mode (The permissions to set when a file is disabled) |
| disable_suffix (The suffix to add to files when disabling (.cfdisabled)) |
| dist (Generate a probabilistic class distribution (strategy in cfengine 2)) |
| edit_backup (Menu option for backup policy on edit changes) |
| edit_defaults (Default promise details for file edits) |
| edit_field (Edit line-based file as matrix of fields) |
| edit_fstab (true/false add or remove entries to the file system table ("fstab")) |
| edit_line (Line editing model for file) |
| edit_xml (XML editing model for file) |
| empty_file_before_editing (Baseline memory model of file to zero/empty before commencing promised edits) |
| encrypt (true/false use encrypted data stream to connect to remote host) |
| exclude_dirs (List of regexes of directory names NOT to include in depth search) |
| exec_group (The group name or id under which to run the process) |
| exec_owner (The user name or id under which to run the process) |
| exec_program (Execute this command on each file and match if the exit status is zero) |
| exec_regex (Matches file if this regular expression matches any full line returned by the command) |
| exec_timeout (Timeout in seconds for command completion) |
| expand_scalars (Expand any unexpanded variables) |
| expireafter (Number of minutes before a repair action is interrupted and retried) |
| expression (Evaluate string expression of classes in normal form) |
| extend_fields (true/false add new fields at end of line if necessary to complete edit) |
| extraction_regex (Regular expression that should contain a single backreference for extracting a value) |
| field_operation (Menu option policy for editing subfields) |
| field_separator (The regular expression used to separate fields in a line) |
| field_value (Set field value to a fixed value) |
| file_result (Logical expression combining classes defined by file search criteria) |
| file_select (Choose which files select in a search) |
| file_to_print (Path name to the file that is to be sent to standard output) |
| file_types (List of acceptable file types from menu choices) |
| findertype (Menu option for default finder type on MacOSX) |
| first_last (Menu option, choose first or last occurrence of match in file) |
| force_ipv4 (true/false force use of ipv4 on ipv6 enabled network) |
| force_update (true/false force copy update always) |
| forward_relationship (Name of forward association between promiser topic and associates) |
| freespace (Absolute or percentage minimum disk space that should be available before warning) |
| friend_pattern (Regular expression to keep selected hosts from the friends report list) |
| groups (List of acceptable groups of group ids, first is change target) |
| handle (A unique id-tag string for referring to this as a promisee elsewhere) |
| hash (Hash files for change detection) |
| history_type (Whether the data can be seen as a time-series or just an isolated value) |
| ifelapsed (Number of minutes before next allowed assessment of promise) |
| ifencrypted (true/false whether the current file access promise is conditional on the connection from the client being encrypted) |
| ifvarclass (Extended classes ANDed with context) |
| ilist (A list of integers) |
| in_range_define (List of classes to define if the matches are in range) |
| include_basedir (true/false include the start/root dir of the search results) |
| include_dirs (List of regexes of directory names to include in depth search) |
| inherit_aces (Native settings for access control entry) |
| insert_if_contains_from_list (Insert line if a regex in the list match a line fragment) |
| insert_if_match_from_list (Insert line if it fully matches a regex in the list) |
| insert_if_not_contains_from_list (Insert line if a regex in the list DOES NOT match a line fragment) |
| insert_if_not_match_from_list (Insert line if it DOES NOT fully match a regex in the list) |
| insert_if_not_startwith_from_list (Insert line if it DOES NOT start with a string in the list) |
| insert_if_startwith_from_list (Insert line if it starts with a string in the list) |
| insert_select (Insert only if lines pass filter criteria) |
| insert_type (Type of object the promiser string refers to (default literal)) |
| int (A scalar integer) |
| intermittency (Real number threshold [0,1] of intermittency about current peers, report above) |
| ipv4_address (IPv4 address for the interface) |
| ipv4_netmask (Netmask for the interface) |
| ipv6_address (IPv6 address for the interface) |
| issymlinkto (List of regular expressions to match file objects) |
| lastseen (Integer time threshold in hours since current peers were last seen, report absence) |
| leaf_name (List of regexes that match an acceptable name) |
| link_children (true/false whether to link all directory's children to source originals) |
| link_from (Criteria for linking file from a source) |
| link_type (Menu option for type of links to use when copying) |
| link_type (The type of link used to alias the file) |
| linkcopy_patterns (List of patterns matching symbolic links that should be replaced with copies) |
| location (Specify where in a file an insertion will be made) |
| log_failed (This should be filename of a file to which log_string will be saved, if undefined it goes to syslog) |
| log_kept (This should be filename of a file to which log_string will be saved, if undefined it goes to syslog) |
| log_level (The reporting level sent to syslog) |
| log_repaired (This should be filename of a file to which log_string will be saved, if undefined it goes to syslog) |
| log_string (A message to be written to the log when a promise verification leads to a repair) |
| maproot (List of host names or IP addresses to grant full read-privilege on the server) |
| match_range (Integer range for acceptable number of matches for this process) |
| match_value (Criteria for extracting the measurement from a datastream) |
| max_file_size (Do not edit files bigger than this number of bytes) |
| measurement_class (If set performance will be measured and recorded under this identifier) |
| mode (File permissions (like posix chmod)) |
| module (true/false whether to expect the cfengine module protocol) |
| mount (Criteria for mounting foreign file systems) |
| mount_options (List of option strings to add to the file system table ("fstab")) |
| mount_server (Hostname or IP or remote file system server) |
| mount_source (Path of remote file system to mount) |
| mount_type (Protocol type of remote file system) |
| move_obstructions (true/false whether to move obstructions to file-object creation) |
| mtime (Range of modification times (mtime) for acceptable files) |
| newname (The desired name for the current file) |
| no_output (true/false discard all output from the command) |
| not (Evaluate the negation of string expression in normal form) |
| not_matching (true/false negate match criterion) |
| number_of_lines (Integer maximum number of lines to print from selected file) |
| occurrences (Menu option to replace all occurrences or just first (NB the latter is non-convergent)) |
| or (Combine class sources with inclusive OR) |
| out_of_range_define (List of classes to define if the matches are out of range) |
| owners (List of acceptable owners or user ids, first is change target) |
| package_add_command (Command to install a package to the system) |
| package_arch_regex (Regular expression with one backreference to extract package architecture string) |
| package_architectures (Select the architecture for package selection) |
| package_changes (Menu option - whether to group packages into a single aggregate command) |
| package_delete_command (Command to remove a package from the system) |
| package_file_repositories (A list of machine-local directories to search for packages) |
| package_installed_regex (Regular expression which matches packages that are already installed) |
| package_list_arch_regex (Regular expression with one backreference to extract package architecture string) |
| package_list_command (Command to obtain a list of installed packages) |
| package_list_name_regex (Regular expression with one backreference to extract package name string) |
| package_list_version_regex (Regular expression with one backreference to extract package version string) |
| package_method (Criteria for installation and verification) |
| package_name_convention (This is how the package manager expects the file to be referred to, e.g. $(name).$(arch)) |
| package_name_regex (Regular expression with one backreference to extract package name string) |
| package_noverify_regex (Regular expression to match verification failure output) |
| package_noverify_returncode (Integer return code indicating package verification failure) |
| package_patch_arch_regex (Regular expression with one backreference to extract update architecture string) |
| package_patch_command (Command to update to the latest patch release of an installed package) |
| package_patch_installed_regex (Regular expression which matches packages that are already installed) |
| package_patch_list_command (Command to obtain a list of available patches or updates) |
| package_patch_name_regex (Regular expression with one backreference to extract update name string) |
| package_patch_version_regex (Regular expression with one backreference to extract update version string) |
| package_policy (Criteria for package installation/upgrade on the current system) |
| package_select (A criterion for first acceptable match relative to "package_version") |
| package_update_command (Command to update to the latest version a currently installed package) |
| package_verify_command (Command to verify the correctness of an installed package) |
| package_version (Version reference point for determining promised version) |
| package_version_regex (Regular expression with one backreference to extract package version string) |
| path_name (List of pathnames to match acceptable target) |
| path_root (Base path of the occurrence when locating file (replaced by web_root)) |
| pathtype (Menu option for interpreting promiser file object) |
| perms (Criteria for setting permissions on a file) |
| persist_time (A number of minutes the specified classes should remain active) |
| pgid (Range of integers matching the parent group id of a process) |
| pid (Range of integers matching the process id of a process) |
| policy (The policy for (dis)allowing redefinition of variables) |
| portnumber (Port number to connect to on server host) |
| ppid (Range of integers matching the parent process id of a process) |
| preserve (true/false whether to preserve file permissions on copied file) |
| preview (true/false preview command when running in dry-run mode (with -n)) |
| printfile (Quote part of a file to standard output) |
| priority (Range of integers matching the priority field (PRI/NI) of a process) |
| process_count (Criteria for constraining the number of processes matching other criteria) |
| process_owner (List of regexes matching the user of a process) |
| process_result (Boolean class expression returning the logical combination of classes set by a process selection test) |
| process_select (Criteria for matching processes in the system process table) |
| process_stop (A command used to stop a running process) |
| promise_kept (A list of classes to be defined) |
| promise_repaired (A list of classes to be defined) |
| purge (true/false purge files on client that do not match files on server when depth_search) |
| real (A scalar real number) |
| registry_exclude (A list of regular expressions to ignore in key/value verification) |
| rename (Criteria for renaming files) |
| repair_denied (A list of classes to be defined) |
| repair_failed (A list of classes to be defined) |
| repair_timeout (A list of classes to be defined) |
| replace_value (Value used to replace regular expression matches in search) |
| replace_with (Search-replace pattern) |
| report_changes (Specify criteria for change warnings) |
| report_level (The reporting level for standard output) |
| report_to_file (The path and filename to which output should be appended) |
| repository (Name of a repository for versioning) |
| representation (How to interpret the promiser string e.g. actual data or reference to data) |
| represents (List of subtopics that explains the type(s) of information represented by the occurrence) |
| resource_type (The type of object being granted access. The default is access to files.) |
| restart_class (A class to be set if the process is not running, so that a command: rule can be referred to restart the process) |
| rlist (A list of real numbers) |
| rmdeadlinks (true/false remove links that point to nowhere) |
| rmdirs (true/false whether to delete empty directories during recursive deletion) |
| rotate (Maximum number of file rotations to keep) |
| rsize (Range of integers matching the resident memory size of a process) |
| rxdirs (true/false add execute flag for directories if read flag is set) |
| scan_arrivals (true/false generate pseudo-periodic disk change arrival distribution) |
| search_bsdflags (String of flags for bsd file system flags expected set) |
| search_groups (List of acceptable group names or ids for the file, or regexes to match) |
| search_mode (A list of mode masks for acceptable file permissions) |
| search_owners (List of acceptable user names or ids for the file, or regexes to match) |
| search_size (Integer range of file sizes) |
| select_end (Regular expression matches end of edit region from start) |
| select_field (Integer index of the field required 1..n) |
| select_line_matching (Regular expression for matching file line location) |
| select_line_number (Read from the n-th line of the output (fixed format)) |
| select_region (Limit edits to a demarked region of the file) |
| select_start (Regular expression matching start of edit region) |
| sensible_count (Minimum number of files that should be defined on a sensible-looking storage device) |
| sensible_size (Minimum size in bytes that should be used on a sensible-looking storage device) |
| servers (List of servers in order of preference from which to copy) |
| showstate (List of services about which status reports should be reported to standard output) |
| signals (A list of menu options representing signals to be sent to a process) |
| slist (A list of scalar strings) |
| source (Reference source file from which to copy) |
| status (Regular expression matching the status field of a process) |
| stealth (true/false whether to preserve time stamps on copied file) |
| stime_range (Range of integers matching the start time of a process) |
| stream_type (The datatype being collected.) |
| string (A scalar string) |
| tcp_ip (Interface tcp/ip properties) |
| threads (Range of integers matching the threads (NLWP) field of a process) |
| timer_policy (Whether a persistent class restarts its counter when rediscovered) |
| touch (true/false whether to touch time stamps on file) |
| transformer (Shell command (with full path) used to transform current file) |
| traverse_links (true/false traverse symbolic links to directories (false)) |
| trustkey (true/false trust public keys from remote server if previously unknown) |
| ttime_range (Range of integers matching the total elapsed time of a process) |
| tty (Regular expression matching the tty field of a process) |
| type_check (true/false compare file types before copying and require match) |
| umask (The umask value for the child process) |
| units (The engineering dimensions of this value or a note about its intent used in plots) |
| unmount (true/false unmount a previously mounted filesystem) |
| update_hashes (Update hash values immediately after change warning) |
| usebundle (Specify the name of a bundle to run as a parameterized method) |
| useshell (true/false embed the command in a shell environment (true)) |
| value_separator (Character separator for subfields inside the selected field) |
| verify (true/false verify transferred file by hashing after copy (resource penalty)) |
| volume (Criteria for monitoring/probing mounted volumes) |
| vsize (Range of integers matching the virtual memory size of a process) |
| web_root (Base URL of the occurrence when rendered as a web-URL (replaces path_root)) |
| when_linking_children (Policy for overriding existing files when linking directories of children) |
| when_no_source (Behaviour when the source file to link to does not exist) |
| xdev (true/false exclude directories that are on different devices) |
| xor (Combine class sources with XOR) |
| DeleteLinesMatching |
| access_rules |
| anomalies |
| cfengine |
| g |
| garbage_collection |
| main |
| resolver |
| sys (cfengine's internal bundle of system specific values) |
| update |
| upgrade_cfexecd |
| acl (TBD) |
| alerts (TBD) |
| binservers (TBD) |
| broadcast (TBD) |
| cfengine 2 control settings (Parameters that affect the behaviour of the agent rather than affect the system configuration.) |
| copy (TBD) |
| defaultroute (TBD) |
| directories (TBD) |
| disable (TBD) |
| disks (TBD) |
| editfiles (TBD) |
| files (TBD) |
| filters (TBD) |
| groups (TBD) |
| homeservers (TBD) |
| ignore (TBD) |
| import (TBD) |
| interfaces (TBD) |
| links (TBD) |
| mailserver (TBD) |
| methods (TBD) |
| miscmounts (TBD) |
| mountables (TBD) |
| packages (TBD) |
| processes (TBD) |
| rename (TBD) |
| required (TBD) |
| resolve (TBD) |
| scli (TBD) |
| shellcommands (TBD) |
| strategies (TBD) |
| tidy (TBD) |
| unmount (TBD) |
| deletenonuserfiles (TBD) |
| deletenonusermail (TBD) |
| warnnonuserfiles (TBD) |
| warnnonusermail (TBD) |
| commands (TBD) |
| databases (TBD) |
| files (TBD) |
| ilist (TBD) |
| int (TBD) |
| measurements (TBD) |
| occurrences (TBD) |
| processes (TBD) |
| real (TBD) |
| reports (TBD) |
| rlist (TBD) |
| slist (TBD) |
| storage (TBD) |
| string (TBD) |
| topics (TBD) |
| vars (TBD) |
| cf-agent (TBD) |
| cf-execd (TBD) |
| cf-know (TBD) |
| cf-monitord (TBD) |
| cf-promises (TBD) |
| cf-report (TBD) |
| cf-runagent (TBD) |
| cf-serverd (TBD) |
| cfagent (TBD) |
| cfd (TBD) |
| cfengine 1 (TBD) |
| cfengine 2 (TBD) |
| cfengine 2.2.x (cfengine version) |
| cfengine 3 |
| cfengine 3.0.x (cfengine version) |
| cfengine nova |
| cfenvd (TBD) |
| cfenvgraph (TBD) |
| cfexecd (TBD) |
| cfrun (TBD) |
| cfservd (TBD) |
| cfshow (TBD) |
| enterprise level cfengine |
| cfengine 2 reference (TBD) |
| cfengine 3 reference (TBD) |
| ldap functions (TBD) |
| server functions (TBD) |
| apt-get |
| bison (TBD) |
| cfengine (cfengine - the configuration engine) |
| copernicus |
| dpkg (TBD) |
| emerge (TBD) |
| flex (TBD) |
| gcc (TBD) |
| ldd (TBD) |
| lex (TBD) |
| pkg_add (TBD) |
| pkgadd (TBD) |
| portage (TBD) |
| rpm (TBD) |
| the omnigator (TBD) |
| yast (TBD) |
| yum |
| zypper |
| CMDB (configuration management database) |
| EUROSOX (The 8th EU data directive) |
| ISO/IEC 20000 (A standards document based on a subset of ITIL) |
| ITIL (The IT Infrastructure library (British government best practice guide)) |
| SOX (The Sarbanes-Oxley Act) |
| auditing (TBD) |
| eTOM (The Extended Telecom Operations Map) |
| authentication (TBD) |
| policy server |
| variable (TBD) |
| !SuSE |
| SuSE |
| anomaly_hosts.icmp_in_high_anomaly.!entropy_icmp_in_high |
| any |
| entropy_dns_in_low.anomaly_hosts.dns_in_high_anomaly |
| entropy_dns_in_low.anomaly_hosts.udp_in_high_dev2 |
| entropy_tcpsyn_in_low.anomaly_hosts.tcpsyn_in_high_dev2 |
| entropy_www_in_high&anomaly_hosts.www_in_high_anomaly |
| entropy_www_in_low.anomaly_hosts.www_in_high_anomaly |
| exec_fix |
| integrate_cfengine2 |
| rootprocs_high_dev2 |
| convergence |
| idempotence (TBD) |
| class (A boolean returned by certain functions in classes promises) |
| ilist (A list of integers matching -99999999999,9999999999) |
| int (A scalar integer matching -99999999999,9999999999) |
| policy (The policy for (dis)allowing redefinition of variables matching free,overridable,constant) |
| real (A scalar real number matching -9.99999E100,9.99999E100) |
| rlist (A list of real numbers matching -9.99999E100,9.99999E100) |
| slist (A list of scalar strings matching ) |
| string (A scalar string matching ) |
| book (TBD) |
| cfengine reference (TBD) |
| chapter section (TBD) |
| chapter (TBD) |
| definitions (TBD) |
| example (TBD) |
| hints (TBD) |
| introduction (TBD) |
| paper (TBD) |
| topic maps (TBD) |
| tutorial (TBD) |
| wikipedia |
| hard classes |
| monitoring (TBD) |
| persistent classes (TBD) |
| soft classes |
| access to file not granted (TBD) |
| allowConnectionsFrom not set (TBD) |
| allowMultipleConnectionsFrom not set (TBD) |
| bad memory reference (TBD) |
| print server not running (TBD) |
| remote connection problem (TBD) |
| segmentation fault (TBD) |
| trustKeysFrom not set (TBD) |
| web server not running (TBD) |
| access control list management |
| impact analysis |
| ldap integration |
| serving literal data |
| sql integration |
| syntax lookup |
| windows registry editing |
| accessedbefore (True if arg1 was accessed before arg2 (atime)) |
| accumulated (Convert an accumulated amount of time into a system representation) |
| ago (Convert a time relative to now to an integer system representation) |
| canonify (Convert an abitrary string into a legal class name) |
| changedbefore (True if arg1 was changed before arg2 (ctime)) |
| classify (True if the canonicalization of the argument is a currently defined class) |
| classmatch (True if the regular expression matches any currently defined class) |
| execresult (Execute named command and assign output to variable) |
| fileexists (True if the named file can be accessed) |
| filesexist (True if the named list of files can ALL be accessed) |
| getgid (Return the integer group id of the named group on this host) |
| getindices (Get a list of keys to the array whose id is the argument and assign to variable) |
| getuid (Return the integer user id of the named user on this host) |
| groupexists (True if group or numerical id exists on this host) |
| hash (Return the hash of arg1, type arg2 and assign to a variable) |
| hashmatch (Compute the hash of arg1, of type arg2 and test if it matches the value in arg 3) |
| hostinnetgroup (True if the current host is in the named netgroup) |
| hostrange (True if the current host lies in the range of enumerated hostnames specified) |
| iprange (True if the current host lies in the range of IP addresses specified) |
| irange (Define a range of integer values for cfengine internal use) |
| isdir (True if the named object is a directory) |
| isgreaterthan (True if arg1 is numerically greater than arg2, else compare strings like strcmp) |
| islessthan (True if arg1 is numerically less than arg2, else compare strings like NOT strcmp) |
| islink (True if the named object is a symbolic link) |
| isnewerthan (True if arg1 is newer (modified later) than arg2 (mtime)) |
| isplain (True if the named object is a plain/regular file) |
| isvariable (True if the named variable is defined) |
| lastnode (Extract the last of a separated string, e.g. filename from a path) |
| ldaparray (Extract all values from an ldap record) |
| ldaplist (Extract all named values from multiple ldap records) |
| ldapvalue (Extract the first matching named value from ldap) |
| now (Convert the current time into system representation) |
| on (Convert an exact date/time to an integer system representation) |
| peerleader (Get the assigned peer-leader of the partition to which we belong) |
| peerleaders (Get a list of peer leaders from the named partitioning) |
| peers (Get a list of peers (not including ourself) from the partition to which we belong) |
| randomint (Generate a random integer between the given limits) |
| readfile (Read max number of bytes from named file and assign to variable) |
| readintarray (Read an array of integers from a file and assign the dimension to a variable) |
| readintlist (Read and assign a list variable from a file of separated ints) |
| readrealarray (Read an array of real numbers from a file and assign the dimension to a variable) |
| readreallist (Read and assign a list variable from a file of separated real numbers) |
| readstringarray (Read an array of strings from a file and assign the dimension to a variable) |
| readstringlist (Read and assign a list variable from a file of separated strings) |
| readtcp (Connect to tcp port, send string and assign result to variable) |
| regarray (True if arg1 matches any item in the associative array with id=arg2) |
| regcmp (True if arg2 is a regular expression matching arg1) |
| registryvalue (Returns a value for an MS-Win registry key,value pair) |
| regldap (True if arg6 is a regular expression matching a value item in an ldap search) |
| regline (True if arg2 is a regular expression matching a line in file arg1) |
| reglist (True if arg2 matches any item in the list with id=arg1) |
| remotescalar (Read a scalar value from a remote cfengine server) |
| returnszero (True if named shell command has exit status zero) |
| rrange (Define a range of real numbers for cfengine internal use) |
| selectservers (Select tcp servers which respond correctly to a query and return their number, set array of names) |
| splayclass (True if the first argument's time-slot has arrived, according to a policy in arg2) |
| splitstring (Convert a string in arg1 into a list of max arg3 strings by splitting on a regular expression in arg2) |
| strcmp (True if the two strings match exactly) |
| usemodule (Execute cfengine module script and set class if successful) |
| userexists (True if user name or numerical id exists on this host) |
| cfengine reference (Manuals and guides) |
| commands and tools (Common tools used with cfengine) |
| faults (Error messages and conditions) |
| files (Notable or special files and types) |
| functionality (Features and possibilities) |
| logs (System generated notifications) |
| management issues (Decision making support) |
| networking (TCP/IP configuration) |
| operating systems (System software) |
| persons (Historical and resource figureheads) |
| procedures (Application areas for policy) |
| research (CFEngine research) |
| technical concepts (Unfamiliar phrases and technical terms) |
| troubleshooting (Diagnostics) |
| business value (TBD) |
| capacity planning (TBD) |
| change management |
| compliance (TBD) |
| configuration management |
| identity management |
| incident management |
| knowledge management (TBD) |
| maintenance paradigms |
| management terminology (TBD) |
| organization |
| storage management (TBD) |
| team work (TBD) |
| BDIM (Business Driven IT Management) |
| CM |
| FCAPS |
| SLA (Service Level Agreement) |
| adoption of cfengine (TBD) |
| agreement |
| authoring (TBD) |
| budget (TBD) |
| business process (TBD) |
| contract |
| departments (TBD) |
| enterprise (TBD) |
| gold server (TBD) |
| operations (TBD) |
| road map (TBD) |
| teams (TBD) |
| teamwork (TBD) |
| version Control (TBD) |
| HPC (High Performance Computing) |
| applications |
| automation (TBD) |
| availability |
| budget (TBD) |
| column editing |
| crises and fire fighting (TBD) |
| customizing inputs |
| data types (TBD) |
| distributed system |
| features (TBD) |
| functions |
| global variables (TBD) |
| hello world (A simple cfengine get-started program) |
| installation and major changes (TBD) |
| iteration |
| lists (TBD) |
| loops in cfengine |
| modules |
| naming (TBD) |
| normal operational behaviour (TBD) |
| other tools (TBD) |
| packaging (TBD) |
| parallelizing promises (Increase efficiency of promise verification by de-serializing) |
| pattern matching |
| planning (TBD) |
| process filters (TBD) |
| redundancy (TBD) |
| regular expression matching (TBD) |
| release management (TBD) |
| reliability (TBD) |
| remediation (TBD) |
| resources |
| revision control (TBD) |
| rollback (A widely misunderstood idea from change management that describes the reversal of managed changes to a system. Rollback is a property of transaction based data processing, a model that cannot apply to dynamical objects like computers.) |
| scenarios (TBD) |
| searching (TBD) |
| security |
| software (TBD) |
| symptoms (TBD) |
| system Installation (TBD) |
| template (TBD) |
| unusual operational behaviour (TBD) |
| variables |
| versions (TBD) |
| wildcards in directory names (TBD) |
| wildcards (TBD) |
| windows registry |
| topic maps |
| aspect paradigm (TBD) |
| cascading (TBD) |
| heterogeneous system |
| hierarchical structure (TBD) |
| homogeneous system |
| object paradigm (TBD) |
| overlapping sets |
| peer to peer network |
| service orientation (TBD) |
| autonomics |
| computer immunology |
| convergent operators (TBD) |
| promise theory |
| self-healing (TBD) |
| BIND (Berkeley Internet Name Domain (previously Berkeley Internet Name Daemon)) |
| DHCP (Dynamic Host Control Protocol) |
| DNS (The Domain Name Service) |
| LDAP (Lightweight Directory Access Protocol) |
| NAT (Network Address Translation) |
| NFS (Network File System) |
| IP address (TBD) |
| IP chains (TBD) |
| IP tables (TBD) |
| default route (TBD) |
| dynamic addresses (TBD) |
| routing (TBD) |
| aix (TBD) |
| crayos (TBD) |
| darwin (TBD) |
| debian (Linux distro debian) |
| distributed system (TBD) |
| distro (TBD) |
| environment variables |
| fedora (Linux distro fedora) |
| filesystem (TBD) |
| freebsd (TBD) |
| gentoo (Linux distro gentoo) |
| gnu/linux (TBD) |
| irix (TBD) |
| linux (TBD) |
| macos X (TBD) |
| netbsd (TBD) |
| openbsd (TBD) |
| package managers (TBD) |
| redhat (Linux distro redhat) |
| shells (TBD) |
| slackware (Linux distro slackware) |
| solaris (TBD) |
| sunos (TBD) |
| suse (Linux distro suse) |
| system packages (TBD) |
| system processes (TBD) |
| ubuntu (Linux distro ubuntu) |
| ultrix (TBD) |
| virtualization (TBD) |
| windows |
| back references |
| file comparisons |
| regular expressions |
| selecting files (TBD) |
| selecting lines in a file (TBD) |
| selecting processes |
| wildcards (TBD) |
| adding users |
| arrays |
| build a web farm (TBD) |
| build an HPC cluster (TBD) |
| build solaris zones (TBD) |
| build virtual machines (TBD) |
| build workstation environments (TBD) |
| change detection scans |
| changing passwords |
| compressing files |
| copy then edit (Copy a file template and then custom-edit it) |
| create a tripwire (Creating a tripwire for unauthorized changes) |
| creating files |
| creating network roles (TBD) |
| dealing with a firewall |
| distribute root passwords |
| editing files |
| editing tabular files |
| file copying |
| file distribution (TBD) |
| garbage collection (Tidying and deleting files) |
| generate root passwords (TBD) |
| host network configuration |
| how to setup mail transfer agent (TBD) |
| integrate cfengine with jumpstart/kickstart (TBD) |
| killing processes |
| legacy systems (managing legacy systems with cfengine) |
| log rotation (The procedure of periodically renaming logs retaining the history of the last N periods) |
| logging |
| patch management (Deploying and installing targeted changes with version control) |
| remote access |
| remove dead links |
| removing users |
| replication (Mass producing almost identical configurations) |
| restart a server |
| set up DNS server (TBD) |
| set up a PXE boot server (TBD) |
| set up a neighbourhood watch (Implement redundant change detection) |
| set up a web server |
| set up name resolution (TBD) |
| set up resolv.conf (TBD) |
| set values (Setting the values of variables in configration files) |
| setting values (Setting configuration parameters in files) |
| setup |
| ssh key distribution (TBD) |
| system hardening (Cleaning up unnecessary potential vulnerabilities present in the default configurations of systems) |
| troubleshooting (Diagnosing behaviour) |
| trust |
| variables (TBD) |
| actions |
| agents |
| announcements |
| associations |
| behaviours |
| body-constraint |
| body-type |
| bundles |
| causative relationships |
| communicated information |
| conceptual relationships |
| conditional promises |
| dependencies |
| facts |
| intentions |
| location relationships |
| occurrence-types |
| occurrences |
| promise body |
| promise proposals |
| promise-type |
| promisee |
| promiser |
| promises |
| roles (TBD) |
| services |
| stories |
| structural relationships |
| subjects (Any thing that can be discussed) |
| topic-instances |
| topic-types |
| topics |
| type-instances |
| versions |
| voluntary cooperation |
| workflows |
| * (TBD) |
| access (TBD) |
| classes (TBD) |
| commands |
| databases |
| delete_lines |
| field_edits (TBD) |
| files |
| insert_lines |
| interfaces (TBD) |
| measurements |
| methods |
| occurrences |
| packages |
| processes |
| replace_patterns |
| reports (TBD) |
| roles |
| storage (TBD) |
| topics (TBD) |
| vars |
| $(regex) (TBD) |
| .* (TBD) |
| /home/mark/.cfagent/bin/cf-agent (TBD) |
| /home/mark/.cfagent/bin/cf-monitord (TBD) |
| /home/mark/.cfagent/bin/cf-serverd (TBD) |
| /home/mark/.cfagent/bin/cfagent (TBD) |
| /home/mark/.cfagent/inputs/.* (TBD) |
| /home/mark/.cfagent/outputs (TBD) |
| /home/mark/LapTop (TBD) |
| /tmp/resolv.conf (TBD) |
| /var/cfengine/bin (TBD) |
| /var/cfengine/inputs (TBD) |
| /var/spool/cron/tabs/root (TBD) |
| 0,5,10,15,20,25,30,35,40,45,50,55 * * * * /var/cfengine/bin/cf-execd -F (TBD) |
| Added a 5 minute schedule to crontabs (TBD) |
| Anomalous (2dev) incoming (non-DNS) UDP traffic on atlas at $(sys.env_time)
- measured value $(sys.value_udp_in) av $(sys.average_udp_in) pm $(sys.stddev_udp_in) (TBD) |
| Anomalous (3dev) incoming DNS packets on atlas at $(sys.env_time)
- measured value $(sys.value_dns_in) av $(average_dns_in) pm $(sys.stddev_dns_in) (TBD) |
| Anomalous low entropy (3dev) incoming ICMP traffic on atlas at $(sys.env_time)
- measured value $(sys.value_icmp_in) av $(sys.average_icmp_in) pm $(sys.stddev_icmp_in) (TBD) |
| Anomalous number of new TCP connections on atlas at $(sys.env_time)
- measured value $(sys.value_tcpsyn_in) av $(sys.average_tcpsyn_in) pm $(sys.stddev_tcpsyn_in) (TBD) |
| HIGH ENTROPY Incoming www anomaly high anomaly dev!! on atlas at $(sys.env_time)
- measured value $(sys.value_www_in) av $(sys.average_www_in) pm $(sys.stddev_www_in) (TBD) |
| LOW ENTROPY Incoming www anomaly high anomaly dev!! on atlas at $(sys.env_time)
- measured value $(svalue_www_in) av $(average_www_in) pm $(stddev_www_in) (TBD) |
| RootProc anomaly high 2 dev on atlas at $(sys.env_time) measured value $(sys.value_rootprocs) av $(sys.average_rootprocs) pm $(sys.stddev_rootprocs) (TBD) |
| cf-monitord (TBD) |
| cf-serverd (TBD) |
| cf2bits (TBD) |
| cfenvd (TBD) |
| cfexecd (TBD) |
| component (TBD) |
| cron (TBD) |
| crontab (TBD) |
| master_location (TBD) |
| search iu.hio.no cfengine.com (TBD) |
| search (TBD) |
| search.* (TBD) |
| promise_library_cf_105 ((Uncommented promise of type delete_lines made by: $(regex)..)) |
| promise_library_cf_130 ((Uncommented promise of type insert_lines made by: 0,5,10,15,20,25,30,35,40,..)) |
| promise_library_cf_134 ((Uncommented promise of type replace_patterns made by: cfexecd..)) |
| promise_library_cf_140 ((Uncommented promise of type reports made by: Added a 5 minute schedule..)) |
| promise_library_cf_70 ((Uncommented promise of type vars made by: search..)) |
| promise_library_cf_74 ((Uncommented promise of type delete_lines made by: search.*..)) |
| promise_library_cf_78 ((Uncommented promise of type insert_lines made by: search iu.hio.no cfengine..)) |
| promise_site_cf_104 ((Uncommented promise of type processes made by: cfenvd..)) |
| promise_site_cf_114 ((Uncommented promise of type processes made by: cf-monitord..)) |
| promise_site_cf_122 ((Uncommented promise of type commands made by: /home/mark/.cfagent/bin/c..)) |
| promise_site_cf_13 ((Uncommented promise of type vars made by: crontab..)) |
| promise_site_cf_136 ((Uncommented promise of type files made by: /home/mark/.cfagent/outpu..)) |
| promise_site_cf_17 ((Uncommented promise of type vars made by: crontab..)) |
| promise_site_cf_182 ((Uncommented promise of type reports made by: RootProc anomaly high 2 d..)) |
| promise_site_cf_189 ((Uncommented promise of type reports made by: HIGH ENTROPY Incoming www..)) |
| promise_site_cf_196 ((Uncommented promise of type reports made by: LOW ENTROPY Incoming www ..)) |
| promise_site_cf_203 ((Uncommented promise of type reports made by: Anomalous number of new T..)) |
| promise_site_cf_210 ((Uncommented promise of type reports made by: Anomalous (3dev) incoming..)) |
| promise_site_cf_217 ((Uncommented promise of type reports made by: Anomalous (2dev) incoming..)) |
| promise_site_cf_224 ((Uncommented promise of type reports made by: Anomalous low entropy (3d..)) |
| promise_site_cf_237 ((Uncommented promise of type access made by: /home/mark/LapTop..)) |
| promise_site_cf_241 ((Uncommented promise of type access made by: /home/mark/.cfagent/bin/c..)) |
| promise_site_cf_245 ((Uncommented promise of type roles made by: .*..)) |
| promise_site_cf_38 ((Uncommented promise of type vars made by: cf2bits..)) |
| promise_site_cf_46 ((Uncommented promise of type commands made by: /home/mark/.cfagent/bin/c..)) |
| promise_site_cf_54 (Check if there are still promises about cfengine 2 that need removing) |
| promise_site_cf_63 ((Uncommented promise of type files made by: /var/spool/cron/tabs/root..)) |
| promise_site_cf_69 ((Uncommented promise of type processes made by: cron..)) |
| promise_site_cf_83 ((Uncommented promise of type vars made by: component..)) |
| promise_site_cf_91 ((Uncommented promise of type files made by: /tmp/resolv.conf..)) |
| promise_update_cf_13 ((Uncommented promise of type files made by: /var/cfengine/inputs..)) |
| promise_update_cf_20 ((Uncommented promise of type files made by: /var/cfengine/bin..)) |
| promise_update_cf_7 ((Uncommented promise of type vars made by: master_location..)) |
| bundle contains promiser (TBD) |
| bundle reference (TBD) |
| has current exemplars (TBD) |
| is a promise made by (TBD) |
| is a promise of type (TBD) |
| makes promise of type (TBD) |
| makes promises (TBD) |
| occurs in bundle (TBD) |
| promises have been made by (TBD) |
| used in promise (TBD) |
| DMZ (TBD) |
| access control (TBD) |
| anomaly detection (TBD) |
| authentication (TBD) |
| checksums (TBD) |
| digest (TBD) |
| digests (TBD) |
| encryption (TBD) |
| firewalls (TBD) |
| friend status (TBD) |
| hash (TBD) |
| hashes (TBD) |
| instrumentation (TBD) |
| key exchange (TBD) |
| lastseen (TBD) |
| permission (TBD) |
| privacy (TBD) |
| private keys (TBD) |
| public private keys |
| publickeys (TBD) |
| role based access control |
| tamperproof system (TBD) |
| trust in cfengine (TBD) |
| trusted third party (TBD) |
| application services (TBD) |
| network services (TBD) |
| bash (TBD) |
| csh (TBD) |
| ksh (TBD) |
| tcsh (TBD) |
| zsh (TBD) |
| bodies (A modular collection of body constraints for re-use) |
| body constraints (The attributes that cfengine enables you to promise about the promiser) |
| bundles (A modular collection of promises of different types) |
| comments (TBD) |
| contexts (Class expressions that say where or when a promise applies) |
| functions (In-built functions that may be used to set variables or classes) |
| promise types (The types of promise that cfengine can keep) |
| promisees (Recipients of a promise, i.e. promise handles, or persons) |
| promisers (The objects affected by a promise) |
| promises (Complete occurrences of promiser + promisee + promise-body) |
| values (Formal rvalues in constraint assignments and their legal ranges) |
| active_locks report (TBD) |
| all_locks report (TBD) |
| audit report (TBD) |
| classes report (TBD) |
| compliance report (TBD) |
| file_changes report (TBD) |
| hashes report (TBD) |
| installed software report (TBD) |
| lastseen report (TBD) |
| monitor history report (TBD) |
| monitor now report (TBD) |
| monitor summary report (TBD) |
| performance report (TBD) |
| setuid report (TBD) |
| software patches report (TBD) |
| variables report (TBD) |
| cfengine components (TBD) |
| entropy (TBD) |
| intermittency (TBD) |
| linear topic map notation |
| the tao (topics, associations and occurrences) |
| An arbitrary string (Should match the generic pattern , i.e. unspecified characters) |
| a cfengine class expression (Should match the generic pattern [a-zA-Z0-9_!&|.()]+, i.e. an alphanumeric string with option underscores and logical operators) |
| a cfengine identifier (Should match the generic pattern [a-zA-Z0-9_$.]+, i.e. an alphanumeric string with option underscores) |
| a file path (Should match the generic pattern [cC]:\.*|/.*, i.e. a system file path suitable for the target system) |
| a positive integer (Should match the generic pattern 0,99999999999, i.e. a number between zero and the maximum value) |
| a single character (Should match the generic pattern ^.$, i.e. one symbol) |
| a syslog level (Should match the generic pattern LOG_USER,LOG_DAEMON,LOG_LOCAL0,LOG_LOCAL1,LOG_LOCAL2,LOG_LOCAL3,LOG_LOCAL4,LOG_LOCAL5,LOG_LOCAL6,LOG_LOCAL7, i.e. a syslog constant) |
| a time range (Should match the generic pattern 0,2147483648, i.e. a value from zero to a maximum system time -- but you should use time functions to convert this) |
| a user/group id (Should match the generic pattern [a-zA-Z0-9_$.-]+, i.e. an alphanumeric string with option underscores and hyphens) |
| action |
| allow_blank_fields (true/false allow blank fields in a line (do not purge)) |
| associates (List of associated topics by this forward relationship) |
| audit (true/false switch for detailed audit records of this promise) |
| background (true/false switch for parallelizing the promise repair) |
| backward_relationship (Name of backward/inverse association from associates to promiser topic) |
| before_after (Menu option, point cursor before of after matched line) |
| boolean (Should match the generic pattern true,false,yes,no,on,off, i.e. a positive or a negative) |
| bsdflags (List of menu options for bsd file system flags to set) |
| check_root (true/false check permissions on the root directory when depth_search) |
| chroot (Directory of root sandbox for process) |
| classes |
| comment |
| compare (Menu option policy for comparing source and image file attributes) |
| copy_patterns (A set of patterns that should be copied ansd synchronized instead of linked) |
| copy_size (Integer range of file sizes that may be copied) |
| copylink_patterns (List of patterns matching files that should be linked instead of copied) |
| db_server_host (Hostname or address for connection to database, blank means localhost) |
| db_server_password (Clear text password for database connection) |
| db_server_type (The dialect of the database server) |
| delete_if_contains_from_list (Delete line if a regex in the list match a line fragment) |
| delete_if_match_from_list (Delete line if it fully matches a regex in the list) |
| delete_if_not_contains_from_list (Delete line if a regex in the list DOES NOT match a line fragment) |
| delete_if_not_match_from_list (Delete line if it DOES NOT fully match a regex in the list) |
| delete_if_not_startwith_from_list (Delete line if it DOES NOT start with a string in the list) |
| depends_on (TBD) |
| depth (Maximum depth level for search) |
| disable (true/false automatically rename and remove permissions) |
| disable_suffix (The suffix to add to files when disabling (.cfdisabled)) |
| edit_fstab (true/false add or remove entries to the file system table ("fstab")) |
| empty_file_before_editing (Baseline memory model of file to zero/empty before commencing promised edits) |
| encrypt (true/false use encrypted data stream to connect to remote host) |
| exclude_dirs (List of regexes of directory names NOT to include in depth search) |
| exec_group (The group name or id under which to run the process) |
| exec_program (Execute this command on each file and match if the exit status is zero) |
| exec_timeout (Timeout in seconds for command completion) |
| expireafter (Number of minutes before a repair action is interrupted and retried) |
| extraction_regex (Regular expression that should contain a single backreference for extracting a value) |
| field_operation (Menu option policy for editing subfields) |
| field_value (Set field value to a fixed value) |
| file_result (Logical expression combining classes defined by file search criteria) |
| file_to_print (Path name to the file that is to be sent to standard output) |
| file_types (List of acceptable file types from menu choices) |
| findertype (Menu option for default finder type on MacOSX) |
| force_ipv4 (true/false force use of ipv4 on ipv6 enabled network) |
| force_update (true/false force copy update always) |
| freespace (Absolute or percentage minimum disk space that should be available before warning) |
| groups (List of acceptable groups of group ids, first is change target) |
| handle |
| ifvarclass |
| in_range_define (List of classes to define if the matches are in range) |
| include_basedir (true/false include the start/root dir of the search results) |
| insert_if_contains_from_list (Insert line if a regex in the list match a line fragment) |
| insert_if_match_from_list (Insert line if it fully matches a regex in the list) |
| insert_if_not_contains_from_list (Insert line if a regex in the list DOES NOT match a line fragment) |
| insert_if_not_match_from_list (Insert line if it DOES NOT fully match a regex in the list) |
| insert_if_not_startwith_from_list (Insert line if it DOES NOT start with a string in the list) |
| integer (Should match the generic pattern -99999999999,9999999999, i.e. a number between the minus and positive maximum values) |
| link type (Should match the generic pattern symlink,hardlink,relative,absolute,none, i.e. a support link type) |
| link_type (The type of link used to alias the file) |
| linkcopy_patterns (List of patterns matching symbolic links that should be replaced with copies) |
| log_failed (This should be filename of a file to which log_string will be saved, if undefined it goes to syslog) |
| log_level (The reporting level sent to syslog) |
| log_repaired (This should be filename of a file to which log_string will be saved, if undefined it goes to syslog) |
| log_string (A message to be written to the log when a promise verification leads to a repair) |
| mount_options (List of option strings to add to the file system table ("fstab")) |
| mount_server (Hostname or IP or remote file system server) |
| no_output (true/false discard all output from the command) |
| occurrences (Menu option to replace all occurrences or just first (NB the latter is non-convergent)) |
| out_of_range_define (List of classes to define if the matches are out of range) |
| owners (List of acceptable owners or user ids, first is change target) |
| package_add_command (Command to install a package to the system) |
| package_arch_regex (Regular expression with one backreference to extract package architecture string) |
| package_delete_command (Command to remove a package from the system) |
| package_installed_regex (Regular expression which matches packages that are already installed) |
| package_list_arch_regex (Regular expression with one backreference to extract package architecture string) |
| package_list_command (Command to obtain a list of installed packages) |
| package_list_name_regex (Regular expression with one backreference to extract package name string) |
| package_list_version_regex (Regular expression with one backreference to extract package version string) |
| package_name_convention (This is how the package manager expects the file to be referred to, e.g. $(name).$(arch)) |
| package_name_regex (Regular expression with one backreference to extract package name string) |
| package_noverify_regex (Regular expression to match verification failure output) |
| package_noverify_returncode (Integer return code indicating package verification failure) |
| package_patch_arch_regex (Regular expression with one backreference to extract update architecture string) |
| package_patch_command (Command to update to the latest patch release of an installed package) |
| package_patch_installed_regex (Regular expression which matches packages that are already installed) |
| package_patch_list_command (Command to obtain a list of available patches or updates) |
| package_patch_name_regex (Regular expression with one backreference to extract update name string) |
| package_patch_version_regex (Regular expression with one backreference to extract update version string) |
| package_update_command (Command to update to the latest version a currently installed package) |
| package_verify_command (Command to verify the correctness of an installed package) |
| package_version_regex (Regular expression with one backreference to extract package version string) |
| path_name (List of pathnames to match acceptable target) |
| persist_time (A number of minutes the specified classes should remain active) |
| pgid (Range of integers matching the parent group id of a process) |
| pid (Range of integers matching the process id of a process) |
| posix file mode or permission (Should match the generic pattern [0-7augorwxst,+-]+, i.e. something that you would give as an argument to chmod) |
| ppid (Range of integers matching the parent process id of a process) |
| preserve (true/false whether to preserve file permissions on copied file) |
| preview (true/false preview command when running in dry-run mode (with -n)) |
| priority (Range of integers matching the priority field (PRI/NI) of a process) |
| process_result (Boolean class expression returning the logical combination of classes set by a process selection test) |
| promise_kept (A list of classes to be defined) |
| purge (true/false purge files on client that do not match files on server when depth_search) |
| real number (Should match the generic pattern -9.99999E100,9.99999E100, i.e. a number between the minus and positive maximum values) |
| repair_denied (A list of classes to be defined) |
| repair_failed (A list of classes to be defined) |
| repair_timeout (A list of classes to be defined) |
| report_level (The reporting level for standard output) |
| rmdeadlinks (true/false remove links that point to nowhere) |
| rotate (Maximum number of file rotations to keep) |
| rsize (Range of integers matching the resident memory size of a process) |
| rxdirs (true/false add execute flag for directories if read flag is set) |
| scan_arrivals (true/false generate pseudo-periodic disk change arrival distribution) |
| search_bsdflags (String of flags for bsd file system flags expected set) |
| search_groups (List of acceptable group names or ids for the file, or regexes to match) |
| search_mode (A list of mode masks for acceptable file permissions) |
| search_size (Integer range of file sizes) |
| select_end (Regular expression matches end of edit region from start) |
| select_field (Integer index of the field required 1..n) |
| select_line_number (Read from the n-th line of the output (fixed format)) |
| select_region |
| sensible_count (Minimum number of files that should be defined on a sensible-looking storage device) |
| servers (List of servers in order of preference from which to copy) |
| status (Regular expression matching the status field of a process) |
| system signals (Should match the generic pattern hup,int,trap,kill,pipe,cont,abrt,stop,quit,term,child,usr1,usr2,bus,segv, i.e. a unix signal name) |
| timer_policy (Whether a persistent class restarts its counter when rediscovered) |
| traverse_links (true/false traverse symbolic links to directories (false)) |
| ttime_range (Range of integers matching the total elapsed time of a process) |
| tty (Regular expression matching the tty field of a process) |
| type_check (true/false compare file types before copying and require match) |
| umask (The umask value for the child process) |
| unmount (true/false unmount a previously mounted filesystem) |
| value_separator (Character separator for subfields inside the selected field) |
| verify (true/false verify transferred file by hashing after copy (resource penalty)) |
| vsize (Range of integers matching the virtual memory size of a process) |
| when_linking_children (Policy for overriding existing files when linking directories of children) |
| when_no_source (Behaviour when the source file to link to does not exist) |
| xdev (true/false exclude directories that are on different devices) |