Forum: Cfengine Help
Subject: Re: duplicate selection of value error
Author: szarag...@salesforce.com
Link to topic: https://cfengine.com/forum/read.php?3,19046,19275#msg-19275
Sorry, forgot to mention I'm running 3.0.5p1 on centos 5.
___
Help-cfengine
Forum: Cfengine Help
Subject: Re: duplicate selection of value error
Author: szarag...@salesforce.com
Link to topic: https://cfengine.com/forum/read.php?3,19046,19274#msg-19274
I see the same type of error message...
cf3 !! Duplicate selection of value for variable "secondary_packages" in scope
Forum: Cfengine Help
Subject: Re: sshd_conf managing with cfengine
Author: zzamboni
Link to topic: https://cfengine.com/forum/read.php?3,19218,19273#msg-19273
By the way, the brackets in the arrays don't come out right through the email
list, although they look fine in the forum. Forum admins, wo
Forum: Cfengine Help
Subject: Re: sshd_conf managing with cfengine
Author: zzamboni
Link to topic: https://cfengine.com/forum/read.php?3,19218,19272#msg-19272
I have implemented an edit_sshd bundle which allows generalized parameter
setting, and handles restarting sshd. Here it is:
bundle agent
I don't understand your question. The login pages are different:
*) Support customers can login to https://cfengine.com/otrs/customer.pl
and ask any question they like about Cfengine
(policies/design/architecture/etc.).
*) Anyone may register for free at http://bug.cfengine.com and report
bugs
On 15 nov 2010, at 22:05, Bas van der Vlies wrote:
>
> On 15 nov 2010, at 18:36, Eystein Måløy Stenberg wrote:
>
>> The link on .com is for help requests from commercial support customers.
>> This is different from reporting bugs in the software (bug.cfengine.com).
>>
>> If you would like to b
On 15 nov 2010, at 18:36, Eystein Måløy Stenberg wrote:
> The link on .com is for help requests from commercial support customers.
> This is different from reporting bugs in the software (bug.cfengine.com).
>
> If you would like to buy commercial support, with help from Cfengine
> professionals
On 11/14/10 3:42 AM, "Nicolas Charles"
wrote:
> On 08/11/2010 16:10, no-re...@cfengine.com wrote:
>> Forum: Cfengine Help
>> Subject: Re: normal ordering
>> Author: neilhwatson
>> Link to topic: https://cfengine.com/forum/read.php?3,19115,19122#msg-19122
>>
>> I suspect that if we sat down for dr
Forum: Cfengine Help
Subject: Re: please advise on cfengine3 security design best practices
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,19246,19267#msg-19267
Mark, this patch looks promising. The exploit I used earlier today failed when
using your patch.
___
Forum: Cfengine Help
Subject: Re: please advise on cfengine3 security design best practices
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,19246,19266#msg-19266
I ran into an Automake SNAFU that prevented me from building the trunk. I
haven't had time to get back to it.
Forum: Cfengine Help
Subject: Re: please advise on cfengine3 security design best practices
Author: matter
Link to topic: https://cfengine.com/forum/read.php?3,19246,19265#msg-19265
I threw the patch in the release version of 3.1. It still work for me okay - I
can still use && in cfruncommands. I
Forum: Cfengine Help
Subject: Re: readstringlist in 3.1.0
Author: mark
Link to topic: https://cfengine.com/forum/read.php?3,19180,19264#msg-19264
A quick test shows that it is not broken, but there is a bug for lists of
length 1, a patch will be released soon.
___
Forum: Cfengine Help
Subject: Re: readstringlist in 3.1.0
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,19180,19263#msg-19263
Do I understand this correctly? Is list iteration broken in 3.1.0? Is there a
bug I can follow?
_
Forum: Cfengine Help
Subject: Re: please advise on cfengine3 security design best practices
Author: mark
Link to topic: https://cfengine.com/forum/read.php?3,19246,19262#msg-19262
I committed an untested patch to svn. Perhaps you would consider it.
___
Forum: Cfengine Help
Subject: Re: please advise on cfengine3 security design best practices
Author: matter
Link to topic: https://cfengine.com/forum/read.php?3,19246,19261#msg-19261
I do see your point Neil. I will have to do some thinking now.
___
Help
Forum: Cfengine Help
Subject: Re: please advise on cfengine3 security design best practices
Author: mark
Link to topic: https://cfengine.com/forum/read.php?3,19246,19260#msg-19260
I recall now the earlier concern. I am currently travelling and will look into
this in the next couple of days. If an
Forum: Cfengine Help
Subject: Re: please advise on cfengine3 security design best practices
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,19246,19259#msg-19259
One of the nice features about the run agent is that you can have your
operators use it on remote hosts withou
Forum: Cfengine Help
Subject: Re: please advise on cfengine3 security design best practices
Author: matter
Link to topic: https://cfengine.com/forum/read.php?3,19246,19258#msg-19258
I don't quite see the security concern. I can see buffer overflows and such if
not programmed correctly, but it is
Forum: Cfengine Help
Subject: Re: please advise on cfengine3 security design best practices
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,19246,19257#msg-19257
The same concerns that prompted us to decide to remove the shell execution
earlier. At that time, allowing &&
Forum: Cfengine Help
Subject: Re: please advise on cfengine3 security design best practices
Author: mark
Link to topic: https://cfengine.com/forum/read.php?3,19246,19256#msg-19256
I don't understand the security concerns. Can you restate what they are clearly?
The shell on execution was put back
The link on .com is for help requests from commercial support customers.
This is different from reporting bugs in the software (bug.cfengine.com).
If you would like to buy commercial support, with help from Cfengine
professionals and a minimum response time, see
http://www.cfengine.com/pages/con
Forum: Cfengine Help
Subject: Re: please advise on cfengine3 security design best practices
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,19246,19254#msg-19254
Mark, could you please comment on this as there are some security concerns.
__
Forum: Cfengine Help
Subject: Re: please advise on cfengine3 security design best practices
Author: matter
Link to topic: https://cfengine.com/forum/read.php?3,19246,19253#msg-19253
Very strange indeed. It does appear to be running:
promises.cf
cfruncommand => "$(sys.workdir)/bin/cf-agen
To whom it concerns. When i try to report an issue via the
'www.cfengine.com'' website i can not login. (Register a ticket)
I can only report issues via: bug.cfengine.com
--
* Bas van der Vliese-mail: b...
Forum: Cfengine Help
Subject: Re: please advise on cfengine3 security design best practices
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,19246,19251#msg-19251
Mat, that change was made. I do not know if it has been reverted. Can you
confirm?
Forum: Cfengine Help
Subject: Re: please advise on cfengine3 security design best practices
Author: matter
Link to topic: https://cfengine.com/forum/read.php?3,19246,19250#msg-19250
Is this true? It still seems to be working for me in 3.0.5 and 3.1.
By the way, as of 3.0.5 Cfengine doesn't allow
Forum: Cfengine Help
Subject: Re: please advise on cfengine3 security design best practices
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,19246,19248#msg-19248
unxxhd01|configa01::
allowallconnects => { @{g.client_networks} };
!(unxxhd01|configa01)::
Forum: Cfengine Help
Subject: Re: please advise on cfengine3 security design best practices
Author: Seva Gluschenko
Link to topic: https://cfengine.com/forum/read.php?3,19246,19247#msg-19247
In the following example I presume that you have a certain way to define your
policy server (typically cla
Forum: Cfengine Help
Subject: please advise on cfengine3 security design best practices
Author: rgrigorov
Link to topic: https://cfengine.com/forum/read.php?3,19246,19246#msg-19246
Below is my security configuration in promises.cf
Cfengine server distributes it to all the clinets. But I do not wan
version: cfengine community 3.1.0
when i process is killed in cfengine 3 we only see the pid:
{{{
cf3 !! Process count for '.*' was out of promised range (1 found)
cf3 I: Made in version '1.2.0' of
'/var/lib/cfengine3/inputs/lisa/quarterly.cf' near line 20
cf3 I: Comment: Kill processes that use
Seva,
Thanks a lot. It works ;-) and i see i made i typo must be exclude_users
instead of exclude_user in process_select. That is why i got confused,
cfengine3 handle this as empty list.
regards
On 15 nov 2010, at 12:06, Seva Gluschenko wrote:
> Bas,
>
> I see certain mistypes in your e
Bas,
I see certain mistypes in your example. Dunno whether they exist in
your original promise. Anyway, the following test promise works for me
(I mean, it matches processes of users excluding the list specified):
bundle agent quarterly {
vars:
any::
"
I am a bit confused on about to pass variables. I want to a variable to the
body process_select for process_owner. So i can dynamically set which user(s)
to skip. How can i accomplish this or is this not possible?
Here is an example that does not work: (tried several variations)
{{{
bundle ag
Forum: Cfengine Help
Subject: Solaris 10 on x86 is not Solaris?
Author: Lars.O
Link to topic: https://cfengine.com/forum/read.php?3,19242,19242#msg-19242
How come Solaris 10 on sparc gets the class solaris defined, but Solaris 10 on
x86 does not?
___
H
On 12 nov 2010, at 21:30, no-re...@cfengine.com wrote:
> Forum: Cfengine Help
> Subject: Re: problem with process_select and ttime
> Author: neilhwatson
> Link to topic: https://cfengine.com/forum/read.php?3,19220,19231#msg-19231
>
> FYI, you might wish to also include sshd in the list of except
On 12 nov 2010, at 19:53, Daniel V. Klein wrote:
> No, I was worng (doh!). I am did more research into this, and it is not the
> selection issue as I suspected. I apologize for any misleading.
>
No that section is only used to set a class.
> There is something wrong with your range - 15 is n
Try something like this:
body common control
{
bundlesequence => { "test" };
inputs => { "/var/cfengine/inputs/cfengine_stdlib.cf" };
}
bundle agent test
{
files:
"/tmp/sshd_config"
edit_line => uncomment_lines_containing("PermitRootLogin.*","#"),
classes => if_repaired("restart_ss
Hello,
i've successfully implemented your solution with the sshd_config file. But the
secound problem is cfengine has to restart the sshd service.
It is possible to restart the service, only i've edited the sshd_config file?
I mean a command with "if" or something else.
Thanks in advance
--
38 matches
Mail list logo
