Hi,
See the reference manual at
http://www.cfengine.org/manuals/cf3-reference.html#changes-in-files
for a detailed description.
"The best option cross correlates the best two available algorithms
known in the OpenSSL library. "
You can also just pick sha1 (or the other sha's) if you like.
--Eystein
On Thu, May 12, 2011 at 10:17 PM, Aleksey Tsalolikhin
<atsaloli.t...@gmail.com> wrote:
> Interesting. What does "best" mean in this context? (How does
> "best" translate to MD5 and SHA1? Is that on purpose?) Why not just
> use SHA1? (i'm not criticizing, just want to understand.)
>
> Thank you for the tip re detect_content body.
>
> Aleksey
>
> On Thu, May 12, 2011 at 10:05 PM, Eystein Måløy Stenberg
> <eystein.stenb...@gmail.com> wrote:
>> Hi Aleksey,
>>
>> You are right.
>> If you look in cfengine_stdlib.cf, you would see
>>
>> ---
>> body changes detect_all_change
>>
>> # This is fierce, and will cost disk cycles
>>
>> {
>> hash => "best";
>> report_changes => "all";
>> update_hashes => "yes";
>> }
>> ---
>>
>> Consider using the detect_content body for a cheaper but less secure
>> alternative.
>>
>> --
>>
>> Regards,
>> Eystein
>>
>>
>> On Thu, May 12, 2011 at 10:00 PM, Aleksey Tsalolikhin
>> <atsaloli.t...@gmail.com> wrote:
>>> Is it just me, or did Cfengine 3 used to use md5 databases for change
>>> detection? now I see both md5 and sha1 are used. why is that?
>>> (doesn't that double the cost of change detection?)
>>>
>>>
>>> bundle agent example
>>>
>>> {
>>> files:
>>>
>>> "/etc"
>>>
>>> changes => detect_all_change,
>>> depth_search => recurse("inf");
>>> }
>>>
>>>
>>>
>>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>> ALERT: Hash (md5) for /etc/date.txt changed!
>>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>> -> Updating hash for /etc/date.txt to MD5=5e3e868b8f7f69bf2ffb651bf11b4f65
>>> I: Made in version 'not specified' of
>>> './00132_Security__detect_changes_in_etc.cf' near line 17
>>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>> ALERT: Hash (sha1) for /etc/date.txt changed!
>>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>> -> Updating hash for /etc/date.txt to
>>> SHA=62f811f53d0547827b625397ba46f963eddb1efe
>>> I: Made in version 'not specified' of
>>> './00132_Security__detect_changes_in_etc.cf' near line 17
>>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>> ALERT: Last modified time for /etc/date.txt changed Thu May 12
>>> 21:49:23 2011 -> Thu May 12 21:58:20 2011
>>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>> _______________________________________________
>>> Help-cfengine mailing list
>>> Help-cfengine@cfengine.org
>>> https://cfengine.org/mailman/listinfo/help-cfengine
>>>
>>
>
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
