Ah, now I remember - I did a slight change to your policy.
As it was, your files:-promise had no intention about the state, and was
thus skipped.
Try this (just to check).
--
files:
"/root/tmp2"
transformer => "/bin/true $(this.promiser)",
depth_search => recurse("inf");
--
--Eystein
On 02/01/2011 08:56 PM, Aleksey Tsalolikhin wrote:
> On Tue, Feb 1, 2011 at 11:16 AM, Eystein Måløy Stenberg
> <eystein.stenb...@gmail.com> wrote:
>> Perhaps run it in verbose mode to see if it enters the directories?
>> I ran your policy earlier today, and it worked.
>> Note that the suspiciousnames list is only matched against regular
>> files, not directories/symlinks/etc.
>>
>> --Eystein
>
> Dear Eystein,
>
> Got it. .mo is a regular file, but cf-agent does not complain about
> it on my system. Does it complain about it on yours?
>
> # cat /root/tmp2/.mo
> Tue Feb 1 10:51:30 PST 2011
> # ls -l /root/tmp2/.mo
> -rw-r--r-- 1 root root 29 Feb 1 10:51 /root/tmp2/.mo
> #
>
> Here is the verbose output.
>
> community> Initiate variable convergence...
> community> -> Immunizing against parental death
> community> -> Concidering .mo as suspicious file
> community> -> Concidering lrk3 as suspicious file
> community> -> Concidering rootkit as suspicious file
> community> -> Bundlesequence => {'report_suspicious_file_names'}
> community>
> community> *****************************************************************
> community> BUNDLE report_suspicious_file_names
> community> *****************************************************************
> community>
> community>
> community> + Private classes augmented:
> community>
> community> - Private classes diminished:
> community>
> community>
> community>
> community> =========================================================
> community> files in bundle report_suspicious_file_names (1)
> community> =========================================================
> community>
> community>
> community> .........................................................
> community> Promise handle:
> community> Promise made by: /root/tmp2
> community> .........................................................
> community>
> community> -> Using literal pathtype for /root/tmp2
> community> -> Handling file existence constraints on /root/tmp2
> community>
> community> + Private classes augmented:
> community>
> community> - Private classes diminished:
> community>
> community>
> community>
> community> =========================================================
> community> files in bundle report_suspicious_file_names (2)
> community> =========================================================
> community>
> community>
> community> + Private classes augmented:
> community>
> community> - Private classes diminished:
> community>
> community>
> community>
> community> =========================================================
> community> files in bundle report_suspicious_file_names (3)
> community> =========================================================
> community>
> community> Outcome of version (not specified): No checks were scheduled
> community> Estimated system complexity as touched objects = 1, for 1 promises
> community> -> Writing last-seen observations
> community> -> Keyring is empty
> community> -> No lock purging scheduled
>
>
> I also ran cf-agent under strace, and cf-agent does not descend into
> /root/tmp2:
>
> # grep tmp2 strace.out
> 30394 lstat("/root/tmp2", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
> 30394 stat("/root/tmp2", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
> 30394 stat("/root/tmp2", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
> #
>
> Again, here is my policy:
>
> body common control
> {
> bundlesequence => { "report_suspicious_file_names" };
> inputs => { "cfengine_stdlib.cf" };
> }
>
> body agent control
> {
> suspiciousnames => { ".mo", "lrk3", "rootkit" };
> }
>
> bundle agent report_suspicious_file_names
> {
>
> files:
>
> "/root/tmp2"
>
> depth_search => recurse("inf");
> }
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
