So I'm looking for a practical example of how process_select could be
used. What do you do after the selection has been made? How do you
report the process names or take actions (signal or process_stop
them?)
For example, I have this policy that will match on suspicious process
names, but then what?
bundle agent example
{
vars:
"suspicious_process_names" slist =>
{
"sniff",
"eggdrop",
"r00t",
"^\./",
"john",
"crack"
};
processes:
".*"
process_select =>
proc_finder("$(suspicious_process_names)");
}
########################################################
body process_select proc_finder(pattern)
{
command => ".*$(pattern).*";
process_result => "command";
}
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
