Cfengine 3 example win_emergency.html
#########################################################################
#
#   win_emergency.cf - Emergency Policy To Close Potential Security Holes
#
#   NOTE: The class "emergency" may be set automatically by Cfengine
#         based on some criteria, or it may be explicitly set by a remote
#         execution of cf-agent through cf-runagent (if this is allowed
#         by the server control policy).
#
#########################################################################

bundle agent win_emergency
{
vars:
  "disable_services"   slist => { 
                                "RemoteRegistry"           # Windows Remote Management
                                };
								
  "secure_files"       slist => {
                                "C:\Secret",
						        "$(sys.workdir)\secret.txt"
                                };
								
  "close_ports"	       slist => {
                                "6510",
                                "9300"
                                };

								
commands:
 
 emergency::
 
  "\"$(sys.winsysdir)\netsh.exe\""
    args => "firewall add portopening ALL $(close_ports) \"Port $(close_ports)\" DISABLE",
    comment => "Close firewall ports on emergency";

   
databases:								

 emergency::
 
  "HKEY_LOCAL_MACHINE\SOFTWARE\Cfengine AS\Cfengine"
    database_operation => "create", 
    database_rows => { "emergency,REG_SZ,This is an emergency!" } ,
    database_type     => "ms_registry",
    comment => "Create emergency policy registry settings";

	
files:

 emergency::	
 
   "$(secure_files)"
     acl         => strict,
     comment     => "Secure important file access on emergency";
		
		
services:

 emergency::
 
  "$(disable_services)"
     service_policy => "disable",
     comment => "Disable security-relevant services on emergency";

}
}