Aleksey, your question is pretty well covered here:
http://www.cfengine.org/manuals/cf3-reference.html#processes-in-agent-promises say, if you want to terminate suspicious process, just kill it: ".*" process_select => proc_finder("$(suspicious_process_names)"), signals => { "kill" }; (Be accurate with your process selector, though.) 2011/5/13 Aleksey Tsalolikhin <atsaloli.t...@gmail.com>: > So I'm looking for a practical example of how process_select could be > used. What do you do after the selection has been made? How do you > report the process names or take actions (signal or process_stop > them?) > > For example, I have this policy that will match on suspicious process > names, but then what? > > bundle agent example > > { > > vars: > > "suspicious_process_names" slist => > { > "sniff", > "eggdrop", > "r00t", > "^\./", > "john", > "crack" > }; > > > processes: > > ".*" > > process_select => > proc_finder("$(suspicious_process_names)"); > } > > > ######################################################## > > body process_select proc_finder(pattern) > > { > command => ".*$(pattern).*"; > > process_result => "command"; > } > _______________________________________________ > Help-cfengine mailing list > Help-cfengine@cfengine.org > https://cfengine.org/mailman/listinfo/help-cfengine > -- SY, Seva Gluschenko. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
