Dear Eystein,
Thank you. I tried with r1762. I don't get a syntax error any more,
but it does not actually work to detect suspicious file names.
For example:
# cat /var/cfengine/inputs/aleksey_test.cf
body common control
{
bundlesequence => { "report_suspicious_file_names" };
inputs => { "cfengine_stdlib.cf" };
}
body agent control
{
suspiciousnames => { ".mo", "lrk3", "rootkit" };
}
bundle agent report_suspicious_file_names
{
files:
"/root/tmp2"
depth_search => recurse("inf");
}
I do have suspicious file names:
# find /root/tmp2/ -ls
97519378 4 drwxr-xr-x 3 root root 4096 Feb 1 10:51 /root/tmp2/
97519370 4 drwxr-xr-x 2 root root 4096 Feb 1 10:51
/root/tmp2/rootkit
97519371 4 -rw-r--r-- 1 root root 29 Feb 1 10:51
/root/tmp2/rootkit/rootkit
97519372 4 -rw-r--r-- 1 root root 29 Feb 1 10:51
/root/tmp2/.mo
#
But it runs quietly:
# /usr/local/sbin/cf-agent -KIf /var/cfengine/inputs/aleksey_test.cf
#
Please advise?
Best,
Aleksey
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
