CFEngine Site Policy Summary (version not specified)

Bundle agent update

ARGS:
Promise type is vars, context is any

Resource object 'master_location' make the promise to default promisee 'cf-agent' (about vars)...
........................string => /home/mark/cfengine-inputs , if body context any

Promise (version not specified) belongs to bundle update (type agent) in '/home/mark/.cfagent/inputs/update.cf' near line 7

Promise type is files, context is any

Resource object '/var/cfengine/inputs' make the promise to default promisee 'cf-agent' (about files)...
........................perms => perms system(p, )
.............................mode => '$(p)' if sub-body context any
........................copy_from => copy_from mycopy(from, server, )
.............................source => '$(from)' if sub-body context any
.............................compare => 'digest' if sub-body context any
........................depth_search => depth_search recurse(d, )
.............................depth => '$(d)' if sub-body context any
........................action => action immediate(no parameters)
.............................ifelapsed => '1' if sub-body context any , if body context any

Compliance last checked on Sat Apr 25 11:23:00 2009. At that time the system was COMPLIANT. Average compliance 100.0 pm 0.0 percent.

Promise (version not specified) belongs to bundle update (type agent) in '/home/mark/.cfagent/inputs/update.cf' near line 13

Promise type is files, context is any

Resource object '/var/cfengine/bin' make the promise to default promisee 'cf-agent' (about files)...
........................perms => perms system(p, )
.............................mode => '$(p)' if sub-body context any
........................copy_from => copy_from mycopy(from, server, )
.............................source => '$(from)' if sub-body context any
.............................compare => 'digest' if sub-body context any
........................depth_search => depth_search recurse(d, )
.............................depth => '$(d)' if sub-body context any
........................action => action immediate(no parameters)
.............................ifelapsed => '1' if sub-body context any , if body context any

Compliance last checked on Sat Apr 25 11:23:00 2009. At that time the system was COMPLIANT. Average compliance 100.0 pm 0.0 percent.

Promise (version not specified) belongs to bundle update (type agent) in '/home/mark/.cfagent/inputs/update.cf' near line 20

Bundle common g

ARGS:
Promise type is vars, context is SuSE

Resource object 'crontab' make the promise to default promisee 'cf-common' (about vars)...
........................string => /var/spool/cron/tabs/root , if body context any

Promise (version not specified) belongs to bundle g (type common) in '/home/mark/.cfagent/inputs/site.cf' near line 13

Promise type is vars, context is !SuSE

Resource object 'crontab' make the promise to default promisee 'cf-common' (about vars)...
........................string => /var/spool/cron/crontabs/root , if body context any

Promise (version not specified) belongs to bundle g (type common) in '/home/mark/.cfagent/inputs/site.cf' near line 17

Bundle agent cfengine

ARGS:
Promise type is classes, context is any

Resource object 'integrate_cfengine2' make the promise to default promisee 'cf-agent' (about classes)...
........................and => {'fileexists($(sys.workdir)/inputs/cfagent.conf,)','fileexists($(sys.workdir)/bin/cfagent,)'} , if body context any

Promise (version not specified) belongs to bundle cfengine (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 31

Promise type is vars, context is any

Resource object 'cf2bits' make the promise to default promisee 'cf-agent' (about vars)...
........................slist => {'cfenvd','cfservd','cfexecd'} , if body context any

Promise (version not specified) belongs to bundle cfengine (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 38

Promise type is commands, context is integrate_cfengine2

Resource object '$(sys.workdir)/bin/cfagent' make the promise to default promisee 'cf-agent' (about commands)...
........................action => action longjob(no parameters)
.............................ifelapsed => '240' if sub-body context any , if body context any

Promise (version not specified) belongs to bundle cfengine (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 46

Promise type is files, context is any

Resource object '$(sys.workdir)/inputs/.*' make the promise to default promisee 'cf-agent' (about files)...
........................comment => Check if there are still promises about cfengine 2 that need removing , if body context any
........................edit_line => DeleteLinesMatching(.*$(cf2bits).*,)
........................file_select => file_select OldCf2Files(no parameters)
.............................leaf_name => ' {'promises.cf','site.cf','library.cf','failsafe.cf','.*.txt','.*.html','.*~','#.*'}' if sub-body context any
.............................file_result => '!leaf_name' if sub-body context any , if body context any
........................action => action WarnOnly(no parameters)
.............................action_policy => 'warn' if sub-body context any
.............................ifelapsed => '60' if sub-body context any , if body context any

Compliance last checked on Sat Apr 25 09:55:06 2009. At that time the system was COMPLIANT. Average compliance 100.0 pm 1.6 percent.

Promise (version not specified) belongs to bundle cfengine (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 54

Promise type is files, context is any

Resource object '$(g.crontab)' make the promise to default promisee 'cf-agent' (about files)...
........................edit_line => upgrade_cfexecd , if body context any

Compliance last checked on Sat Apr 25 11:23:01 2009. At that time the system was COMPLIANT. Average compliance 100.0 pm 0.0 percent.

Promise (version not specified) belongs to bundle cfengine (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 63

Promise type is processes, context is exec_fix

Resource object 'cron' make the promise to default promisee 'cf-agent' (about processes)...
........................signals => {'hup'} , if body context any

Promise (version not specified) belongs to bundle cfengine (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 69

Bundle agent main

ARGS:
Promise type is vars, context is any

Resource object 'component' make the promise to default promisee 'cf-agent' (about vars)...
........................slist => {'cf-monitord','cf-serverd'} , if body context any

Promise (version not specified) belongs to bundle main (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 83

Promise type is files, context is any

Resource object '/tmp/resolv.conf' make the promise to default promisee 'cf-agent' (about files)...
........................create => true , if body context any
........................edit_line => resolver , if body context any
........................edit_defaults => edit_defaults def(no parameters)
.............................empty_file_before_editing => 'false' if sub-body context any
.............................edit_backup => 'false' if sub-body context any
.............................max_file_size => '100000' if sub-body context any , if body context any

Compliance last checked on Sat Apr 25 11:23:00 2009. At that time the system was COMPLIANT. Average compliance 100.0 pm 0.0 percent.

Promise (version not specified) belongs to bundle main (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 91

Promise type is processes, context is any

Resource object 'cfenvd' make the promise to default promisee 'cf-agent' (about processes)...
........................signals => {'term'} , if body context any

Compliance last checked on Sat Apr 25 11:23:00 2009. At that time the system was COMPLIANT. Average compliance 100.0 pm 0.0 percent.

Promise (version not specified) belongs to bundle main (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 104

Promise type is processes, context is any

Resource object '$(component)' make the promise to default promisee 'cf-agent' (about processes)...
........................restart_class => canonify(start_$(component),)

Compliance last checked on Sat Apr 25 11:23:00 2009. At that time the system was COMPLIANT. Average compliance 100.0 pm 0.0 percent.

Promise (version not specified) belongs to bundle main (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 114

Promise type is commands, context is any

Resource object '$(sys.workdir)/bin/$(component)' make the promise to default promisee 'cf-agent' (about commands)...
........................ifvarclass => canonify(start_$(component),)

Compliance last checked on Sat Mar 28 09:10:33 2009. At that time the system was COMPLIANT. Average compliance 100.0 pm 0.4 percent.

Promise (version not specified) belongs to bundle main (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 122

Bundle agent garbage_collection

ARGS:
Promise type is files, context is any

Resource object '$(sys.workdir)/outputs' make the promise to default promisee 'cf-agent' (about files)...
........................delete => delete tidy(no parameters)
.............................dirlinks => 'delete' if sub-body context any
.............................rmdirs => 'true' if sub-body context any , if body context any
........................file_select => file_select days_old(days, )
.............................mtime => 'irange(ago(1,0,0,0,0,0,)ago(0,0,$(days),0,0,0,))' if sub-body context any
.............................file_result => 'mtime' if sub-body context any
........................depth_search => depth_search recurse(d, )
.............................depth => '$(d)' if sub-body context any

Compliance last checked on Sat Apr 25 11:23:00 2009. At that time the system was COMPLIANT. Average compliance 100.0 pm 0.0 percent.

Promise (version not specified) belongs to bundle garbage_collection (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 136

Bundle agent anomalies

ARGS:
Promise type is reports, context is rootprocs_high_dev2

Resource object 'RootProc anomaly high 2 dev on $(sys.host) at $(sys.env_time) measured value $(sys.value_rootprocs) av $(sys.average_rootprocs) pm $(sys.stddev_rootprocs)' make the promise to default promisee 'cf-agent' (about reports)...
........................showstate => {'rootprocs'} , if body context any

Promise (version not specified) belongs to bundle anomalies (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 182

Promise type is reports, context is entropy_www_in_high&anomaly_hosts.www_in_high_anomaly

Resource object 'HIGH ENTROPY Incoming www anomaly high anomaly dev!! on $(sys.host) at $(sys.env_time) - measured value $(sys.value_www_in) av $(sys.average_www_in) pm $(sys.stddev_www_in)' make the promise to default promisee 'cf-agent' (about reports)...
........................showstate => {'incoming.www'} , if body context any

Promise (version not specified) belongs to bundle anomalies (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 189

Promise type is reports, context is entropy_www_in_low.anomaly_hosts.www_in_high_anomaly

Resource object 'LOW ENTROPY Incoming www anomaly high anomaly dev!! on $(sys.host) at $(sys.env_time) - measured value $(svalue_www_in) av $(average_www_in) pm $(stddev_www_in)' make the promise to default promisee 'cf-agent' (about reports)...
........................showstate => {'incoming.www'} , if body context any

Promise (version not specified) belongs to bundle anomalies (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 196

Promise type is reports, context is entropy_tcpsyn_in_low.anomaly_hosts.tcpsyn_in_high_dev2

Resource object 'Anomalous number of new TCP connections on $(sys.host) at $(sys.env_time) - measured value $(sys.value_tcpsyn_in) av $(sys.average_tcpsyn_in) pm $(sys.stddev_tcpsyn_in)' make the promise to default promisee 'cf-agent' (about reports)...
........................showstate => {'incoming.tcpsyn'} , if body context any

Promise (version not specified) belongs to bundle anomalies (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 203

Promise type is reports, context is entropy_dns_in_low.anomaly_hosts.dns_in_high_anomaly

Resource object 'Anomalous (3dev) incoming DNS packets on $(sys.host) at $(sys.env_time) - measured value $(sys.value_dns_in) av $(average_dns_in) pm $(sys.stddev_dns_in)' make the promise to default promisee 'cf-agent' (about reports)...
........................showstate => {'incoming.dns'} , if body context any

Promise (version not specified) belongs to bundle anomalies (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 210

Promise type is reports, context is entropy_dns_in_low.anomaly_hosts.udp_in_high_dev2

Resource object 'Anomalous (2dev) incoming (non-DNS) UDP traffic on $(sys.host) at $(sys.env_time) - measured value $(sys.value_udp_in) av $(sys.average_udp_in) pm $(sys.stddev_udp_in)' make the promise to default promisee 'cf-agent' (about reports)...
........................showstate => {'incoming.udp'} , if body context any

Promise (version not specified) belongs to bundle anomalies (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 217

Promise type is reports, context is anomaly_hosts.icmp_in_high_anomaly.!entropy_icmp_in_high

Resource object 'Anomalous low entropy (3dev) incoming ICMP traffic on $(sys.host) at $(sys.env_time) - measured value $(sys.value_icmp_in) av $(sys.average_icmp_in) pm $(sys.stddev_icmp_in)' make the promise to default promisee 'cf-agent' (about reports)...
........................showstate => {'incoming.icmp'} , if body context any

Promise (version not specified) belongs to bundle anomalies (type agent) in '/home/mark/.cfagent/inputs/site.cf' near line 224

Bundle server access_rules

ARGS:
Promise type is access, context is any

Resource object '/home/mark/LapTop' make the promise to default promisee 'cf-server' (about access)...
........................admit => {'127.0.0.1'} , if body context any

Promise (version not specified) belongs to bundle access_rules (type server) in '/home/mark/.cfagent/inputs/site.cf' near line 237

Promise type is access, context is any

Resource object '/home/mark/.cfagent/bin/cf-agent' make the promise to default promisee 'cf-server' (about access)...
........................admit => {'127.0.0.1'} , if body context any

Promise (version not specified) belongs to bundle access_rules (type server) in '/home/mark/.cfagent/inputs/site.cf' near line 241

Promise type is roles, context is any

Resource object '.*' make the promise to default promisee 'cf-server' (about roles)...
........................authorize => {'mark'} , if body context any

Promise (version not specified) belongs to bundle access_rules (type server) in '/home/mark/.cfagent/inputs/site.cf' near line 245

Bundle edit_line resolver

ARGS:
Promise type is vars, context is any

Resource object 'search' make the promise to default promisee 'cf-edit_line' (about vars)...
........................slist => {'search iu.hio.no cfengine.com'} , if body context any

Promise (version not specified) belongs to bundle resolver (type edit_line) in '/home/mark/.cfagent/inputs/library.cf' near line 70

Promise type is delete_lines, context is any

Resource object 'search.*' make the promise to default promisee 'cf-edit_line' (about delete_lines)...

Compliance last checked on Sat Apr 25 11:23:00 2009. At that time the system was COMPLIANT. Average compliance 100.0 pm 0.0 percent.

Promise (version not specified) belongs to bundle resolver (type edit_line) in '/home/mark/.cfagent/inputs/library.cf' near line 74

Promise type is insert_lines, context is any

Resource object '$(search)' make the promise to default promisee 'cf-edit_line' (about insert_lines)...
........................location => location start(no parameters)
.............................before_after => 'before' if sub-body context any , if body context any

Compliance last checked on Sat Apr 25 11:23:00 2009. At that time the system was COMPLIANT. Average compliance 100.0 pm 0.0 percent.

Promise (version not specified) belongs to bundle resolver (type edit_line) in '/home/mark/.cfagent/inputs/library.cf' near line 78

Bundle edit_line DeleteLinesMatching

ARGS:
scalar arg regex
Promise type is delete_lines, context is any

Resource object '$(regex)' make the promise to default promisee 'cf-edit_line' (about delete_lines)...
........................action => action WarnOnly(no parameters)
.............................action_policy => 'warn' if sub-body context any
.............................ifelapsed => '60' if sub-body context any , if body context any

Promise (version not specified) belongs to bundle DeleteLinesMatching (type edit_line) in '/home/mark/.cfagent/inputs/library.cf' near line 105

Bundle edit_line upgrade_cfexecd

ARGS:
Promise type is classes, context is any

Resource object 'exec_fix' make the promise to default promisee 'cf-edit_line' (about classes)...
........................not => regline(.*cf-execd.*,$(edit.filename),)

Promise (version not specified) belongs to bundle upgrade_cfexecd (type edit_line) in '/home/mark/.cfagent/inputs/library.cf' near line 124

Promise type is insert_lines, context is exec_fix

Resource object '0,5,10,15,20,25,30,35,40,45,50,55 * * * * /var/cfengine/bin/cf-execd -F' make the promise to default promisee 'cf-edit_line' (about insert_lines)...

Promise (version not specified) belongs to bundle upgrade_cfexecd (type edit_line) in '/home/mark/.cfagent/inputs/library.cf' near line 130

Promise type is replace_patterns, context is any

Resource object 'cfexecd' make the promise to default promisee 'cf-edit_line' (about replace_patterns)...
........................replace_with => replace_with With(x, )
.............................replace_value => '$(x)' if sub-body context any
.............................occurrences => 'all' if sub-body context any

Promise (version not specified) belongs to bundle upgrade_cfexecd (type edit_line) in '/home/mark/.cfagent/inputs/library.cf' near line 134

Promise type is reports, context is exec_fix

Resource object 'Added a 5 minute schedule to crontabs' make the promise to default promisee 'cf-edit_line' (about reports)...

Promise (version not specified) belongs to bundle upgrade_cfexecd (type edit_line) in '/home/mark/.cfagent/inputs/library.cf' near line 140

All Bodies

common control(no parameters)
.............................bundlesequence => ' {'update','garbage_collection','main','cfengine'}' if sub-body context any
.............................inputs => ' {'update.cf','site.cf','library.cf'}' if sub-body context any

agent control(no parameters)
.............................ifelapsed => '15' if sub-body context any

monitor control(no parameters)
.............................forgetrate => '0.7' if sub-body context any
.............................histograms => 'true' if sub-body context any

executor control(no parameters)
.............................splaytime => '1' if sub-body context any
.............................mailto => 'cfengine_mail@example.org' if sub-body context any
.............................smtpserver => 'localhost' if sub-body context any
.............................mailmaxlines => '30' if sub-body context any
.............................schedule => ' {'any'}' if sub-body context any
.............................exec_command => '$(sys.workdir)/bin/cf-agent -f failsafe.cf && $(sys.workdir)/bin/cf-agent' if sub-body context any

reporter control(no parameters)
.............................reports => ' {'performance','last_seen','monitor_history'}' if sub-body context any
.............................build_directory => '/tmp/nerves' if sub-body context any
.............................report_output => 'html' if sub-body context any

runagent control(no parameters)
.............................hosts => ' {'127.0.0.1'}' if sub-body context any

server control(no parameters)
.............................allowconnects => ' {'127.0.0.1','::1'}' if sub-body context any
.............................allowallconnects => ' {'127.0.0.1','::1'}' if sub-body context any
.............................trustkeysfrom => ' {'127.0.0.1','::1'}' if sub-body context any
.............................cfruncommand => '$(sys.workdir)/bin/cf-agent -f failsafe.cf && $(sys.workdir)/bin/cf-agent' if sub-body context any
.............................allowusers => ' {'root'}' if sub-body context any

perms system(p, )
.............................mode => '$(p)' if sub-body context any

file_select cf3_files(no parameters)
.............................leaf_name => ' {'cf-.*'}' if sub-body context any
.............................file_result => 'leaf_name' if sub-body context any

copy_from mycopy(from, server, )
.............................source => '$(from)' if sub-body context any
.............................compare => 'digest' if sub-body context any

action immediate(no parameters)
.............................ifelapsed => '1' if sub-body context any

file_select OldCf2Files(no parameters)
.............................leaf_name => ' {'promises.cf','site.cf','library.cf','failsafe.cf','.*.txt','.*.html','.*~','#.*'}' if sub-body context any
.............................file_result => '!leaf_name' if sub-body context any

action measure(no parameters)
.............................measurement_class => 'Detect Changes in /usr' if sub-body context any
.............................ifelapsed => '240' if sub-body context any
.............................expireafter => '240' if sub-body context any

perms p(user, mode, )
.............................owners => ' {'$(user)'}' if sub-body context any
.............................mode => '$(mode)' if sub-body context any

depth_search recurse(d, )
.............................depth => '$(d)' if sub-body context any

delete tidy(no parameters)
.............................dirlinks => 'delete' if sub-body context any
.............................rmdirs => 'true' if sub-body context any

file_select days_old(days, )
.............................mtime => 'irange(ago(1,0,0,0,0,0,)ago(0,0,$(days),0,0,0,))' if sub-body context any
.............................file_result => 'mtime' if sub-body context any

changes lay_trip_wire(no parameters)
.............................hash => 'best' if sub-body context any
.............................report_changes => 'content' if sub-body context any
.............................update_hashes => 'yes' if sub-body context any

action longjob(no parameters)
.............................ifelapsed => '240' if sub-body context any

edit_defaults def(no parameters)
.............................empty_file_before_editing => 'false' if sub-body context any
.............................edit_backup => 'false' if sub-body context any
.............................max_file_size => '100000' if sub-body context any

location start(no parameters)
.............................before_after => 'before' if sub-body context any

action WarnOnly(no parameters)
.............................action_policy => 'warn' if sub-body context any
.............................ifelapsed => '60' if sub-body context any

replace_with With(x, )
.............................replace_value => '$(x)' if sub-body context any
.............................occurrences => 'all' if sub-body context any

copy_from scp(from, server, )
.............................source => '$(from)' if sub-body context any
.............................compare => 'digest' if sub-body context any
.............................encrypt => 'true' if sub-body context any
.............................verify => 'true' if sub-body context any