On Mon, Dec 5, 2011 at 2:24 AM, <no-re...@cfengine.com> wrote:
> Forum: CFEngine Help
> Subject: Re: Restricting access to the cfengine3 policy server promise
> files based on cfengine3 client level groups.
> Author: sauer
> Link to topic: https://cfengine.com/forum/read.php?3,24135,24185#msg-24185
>
> neilhwatson Wrote:
> -------------------------------------------------------
> > More often than not it is not worth the trouble of
> > restricting policy downloads of Cfengine clients.
> > The policies are small and usually have no private
> > information.
>
> Anyone managing local account passwords with CFEngine should be
> restricting access to the policies containing those passwords, and only
> distributing the portion of the policy (or the remote scalar) relevant to a
> given machine. Otherwise, a breach on one machine has potential to become
> a breach on all managed machines.
>
> Unless we're talking about a site where every user is identical on every
> system, I suppose. :)
>
>
>
Hi Niel and community,
I am posting a sample promise that I have got for classifying hosts
into groups based on classes.
############################################
body common control
{
bundlesequence => { "a" };
}
#################################
bundle agent a
{
classes:
'groupa' or => { '10.130.55.189' };
'groupb' or => { '10.130.55.135'};
files:
groupa::
'/etc/hosts'
copy_from => remote_cp("/data/hosts-A");
groupb::
'/etc/motd'
copy_from => remote_cp("/data/hosts-A");
}
##############################################
Kindly do provide me your feedbacks about the above promise.
Regards,
--
Vivek Varghese Cherian (विवेक वर्गीस चेरियान)
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
