PacktLib: CFEngine 3 Beginner’s Guide

CFEngine 3 Beginner's Guide

Credits

About the Author

About the Reviewers

www.PacktPub.com

Preface

Getting Started with CFEngine

Why CFEngine?

Installing CFEngine

Time for action – listing open ports and associated services

Time for action – creating a file under your home directory

Time for action – deleting log files

Summary

Configuring Systems with CFEngine

How do CFEngine components communicate?

Setting up a policy server

Time for action – taking file backups

System configuration

Time for action – user and group configuration

Time for action – setting up a web service

Time for action – setting up a database service

Time for action – mounting a NFS volume

Time for action – setting up a network interface

Time for action – adding a jailed user to a system

System Audit with CFEngine

Classes

Control promises

Time for action – file and directory permissions audit

Time for action – user and group audit

Server control promises

Time for action – log rotation using CFEngine

Access control using CFEngine

Time for action – installing OSSEC

Time for action – auditing the system with CFEngine and OSSEC

Summary

Scheduling Tasks with CFEngine

Monitor control promises

Runagent control promises

Executor control promises

Reporter control promises

Time for action – monitoring a web server

Security Audit with CFEngine

Configuring and auditing access controls

Time for action – managing access control with TCP wrapper

Time for action – auditing SSHD log files for break-in attempts

Time for action – managing iptables with CFEngine

Auditing the file system

Time for action – looking out for suspicious file names

Time for action – verifying the sudoers file

Time for action – finding a file with setuid and setgid

Time for action – auditing Apache logs

Summary

Logging and Reporting with CFEngine

State information

Time for action – generating custom reports

Summary

Workflows

Menu driven configuration

Content driven configuration

CFEngine templates

Time for action – distributing a MySQL configuration file using template expansion

Knowledge management

Time for action – topic map for services

Compliance

CFEngine and ITIL

CFEngine Nova—an introduction

Summary

Advanced Functions and Variables

CFEngine special functions

Time for action – setting system variables

Functions that work on or with regular expressions

Time for action – getting a list of servers that are up and running on the network

Functions that return string

Time for action – concatenating individual objects using a given conjunction

Functions that fill arrays

Time for action – configuring Apache virtual hosts from a list of domains in a file

CFEngine special variables

Variable context mon

Time for action – logging information in case the system's load average is above the threshold

Variable context match

Time for action – comment matching lines

Summary

CFEngine Best Practices

Basic considerations while writing CFEngine promises

General do's and don'ts while writing policies

Policy changes

Version control for policy files

Delegation of responsibility

Summary

CFEngine Cloud Pack—Orion

CFEngine Cloud Pack—Orion

CFEngine Cloud Pack—Orion

CFEngine Cloud Pack—Orion

Important Control Promises

Important Control Promises

Important Control Promises

Important Control Promises

Important Functions and Variables

Functions by Usage

Functions by Usage

Functions by Usage

Functions by Usage

Functions by Usage

Functions by Usage

Functions by Usage

Functions by Usage

Functions by Usage

Functions by Usage

Pop quiz Answers

Pop quiz Answers

Pop quiz Answers

Pop quiz Answers

Pop quiz Answers

Pop quiz Answers

Pop quiz Answers

Pop quiz Answers

Pop quiz Answers

Pop quiz Answers

Index