Re: checking for suspicious file names with "suspiciousnames" does not work

Aleksey Tsalolikhin Tue, 01 Feb 2011 10:56:16 -0800

Dear Eystein,

 Thank you.  I tried with r1762.  I don't get a syntax error any more,
but it does not actually work to detect suspicious file names.


  For example:


# cat /var/cfengine/inputs/aleksey_test.cf
body common control
{
bundlesequence => { "report_suspicious_file_names" };
inputs => { "cfengine_stdlib.cf" };
}

body agent control
{
suspiciousnames => { ".mo", "lrk3", "rootkit" };
}

bundle agent report_suspicious_file_names
{

files:

"/root/tmp2"

depth_search => recurse("inf");
}



I do have suspicious file names:

# find /root/tmp2/ -ls
97519378    4 drwxr-xr-x   3 root     root         4096 Feb  1 10:51 /root/tmp2/
97519370    4 drwxr-xr-x   2 root     root         4096 Feb  1 10:51
/root/tmp2/rootkit
97519371    4 -rw-r--r--   1 root     root           29 Feb  1 10:51
/root/tmp2/rootkit/rootkit
97519372    4 -rw-r--r--   1 root     root           29 Feb  1 10:51
/root/tmp2/.mo
#

But it runs quietly:

# /usr/local/sbin/cf-agent -KIf /var/cfengine/inputs/aleksey_test.cf
#

Please advise?

Best,
Aleksey
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine

Re: checking for suspicious file names with "suspiciousnames" does not work

Reply via email to