CFEngine Help: Re: Splaytime in 3.3 seems to be using seconds instead of minutes

Forum: CFEngine Help Subject: Re: Splaytime in 3.3 seems to be using seconds instead of minutes Author: mark Link to topic: https://cfengine.com/forum/read.php?3,25768,25771#msg-25771 Dear Mike, I'm very sorry about this. You seem to be right. Let me investigate what has happened. M __

CFEngine Help: Re: CFEngine Help: Compile problems, 3.3 on Solaris 10

Forum: CFEngine Help Subject: Re: CFEngine Help: Compile problems, 3.3 on Solaris 10 Author: rsm.gbg Link to topic: https://cfengine.com/forum/read.php?3,25729,25770#msg-25770 Hi, I read that thread and tried using /usr/sfw/bin/gcc instead of /usr/local/bin/gcc. Which was the only thing I found

CFEngine Help: Re: Splaytime in 3.3 seems to be using seconds instead of minutes

Forum: CFEngine Help Subject: Re: Splaytime in 3.3 seems to be using seconds instead of minutes Author: msvob...@linkedin.com Link to topic: https://cfengine.com/forum/read.php?3,25768,25769#msg-25769 Bug being tracked here: https://cfengine.com/bugtracker/view.php?id=1099 This is my workaround:

CFEngine Help: Splaytime in 3.3 seems to be using seconds instead of minutes

Forum: CFEngine Help Subject: Splaytime in 3.3 seems to be using seconds instead of minutes Author: msvob...@linkedin.com Link to topic: https://cfengine.com/forum/read.php?3,25768,25768#msg-25768 I started noticing on my 3.3 deployments that clients were contacting the master policy server at a

CFEngine Help: error passing slist from two dimension array

Forum: CFEngine Help Subject: error passing slist from two dimension array Author: milindk Link to topic: https://cfengine.com/forum/read.php?3,25767,25767#msg-25767 Hi I am trying to pass slist variable from a two dimensional array to a bundle , the array consist of string and slist I can pass

edit_template variable expansion

I am just now starting to write some policy that uses the new template feature, its nice but I did notice that it seems I need to reference all variables globally. Is it intended behavior that the variable expansion for edit_template requires variables to be referenced globally? I can see that all

Re: the need for cf-serverd on CF3 clients

On 04/30/2012 10:54 AM, Abid Khwaja wrote: > Thanks for the clarification. I tested by commenting out the cf-serverd > lines in failsafe and cf-serverd did not start. My understanding from the > CF3 Reference Manual was that failsafe is read only if the main policy files > cannot be read/parse

Re: the need for cf-serverd on CF3 clients

On Mon, Apr 30, 2012 at 8:54 AM, Abid Khwaja wrote: > > My understanding from the CF3 Reference Manual was that failsafe is read only > if the main policy files cannot be read/parsed. Hi, Abid. That is the purpose of failsafe.cf, you are correct. However, in version 3.2.1 (I haven't played wit

CFEngine Help: Re: Thoughts of encrypting the entire Cfengine workspace?

Forum: CFEngine Help Subject: Re: Thoughts of encrypting the entire Cfengine workspace? Author: mikesphar Link to topic: https://cfengine.com/forum/read.php?3,25714,25763#msg-25763 Truecrypt is a solid product but it operates on the premise of user intervention. A human agent has to enter a passw

CFEngine Help: Re: Thoughts of encrypting the entire Cfengine workspace?

Forum: CFEngine Help Subject: Re: Thoughts of encrypting the entire Cfengine workspace? Author: msvob...@linkedin.com Link to topic: https://cfengine.com/forum/read.php?3,25714,25762#msg-25762 I appreciate everyone's comments / suggestions on this thread and think its a really healthy discussion

Re: CFEngine Help: Re: Thoughts of encrypting the entire Cfengine workspace?

On Mon, Apr 30, 2012 at 11:09 AM, Nick Anderson wrote: > On 04/30/2012 09:45 AM, no-re...@cfengine.com wrote: >> No, not at all, because no matter what you do, the local cf-agent >> has to decrypt the policy, and that means it's vulnerable to a >> person with root access.  Even if cf-agent only ge

Re: the need for cf-serverd on CF3 clients

On Apr 30, 2012, at 3:19 PM, Nick Anderson wrote: > As far as how to stop it from happening I suspect that cf-serverd is > being started during your update/failsafe. Look in your body executor > control. What is the exec_command? I suspect its something like > "$(sys.cf_twin) -f failsafe.cf && $(s

Re: CFEngine Help: Re: Thoughts of encrypting the entire Cfengine workspace?

On Mon, 30 Apr 2012 10:09:37 -0500 Nick Anderson wrote: NA> Well I think if we approach this with the expectation that we will stop NA> someone with root access from doing anything then we just performing an NA> exercise in futility. NA> You could argue that security is only the the inverse of

Re: CFEngine Help: Re: Thoughts of encrypting the entire Cfengine workspace?

On Mon, 30 Apr 2012 16:24:52 +0200 (CEST) msvob...@linkedin.com wrote: n> Giving developers root access to development machines is a known evil. n> I would rather not give root access to people who aren't n> administrators, but in reality, this doesn't happen. n> Folks that run QA, performance e

Re: CFEngine Help: Re: Thoughts of encrypting the entire Cfengine workspace?

On 04/30/2012 09:45 AM, no-re...@cfengine.com wrote: > No, not at all, because no matter what you do, the local cf-agent > has to decrypt the policy, and that means it's vulnerable to a > person with root access. Even if cf-agent only gets the policy, > decrypts it, applies it, and deletes it 30 m

Re: CFEngine Help: Re: Thoughts of encrypting the entire Cfengine workspace?

On 04/30/2012 09:24 AM, no-re...@cfengine.com wrote: > Giving developers root access to development machines is a known evil. > I would rather not give root access to people who aren't > administrators, but in reality, this doesn't happen. > > Folks that run QA, performance environments, etc.

CFEngine Help: Re: Thoughts of encrypting the entire Cfengine workspace?

Forum: CFEngine Help Subject: Re: Thoughts of encrypting the entire Cfengine workspace? Author: mikesphar Link to topic: https://cfengine.com/forum/read.php?3,25714,25754#msg-25754 msvob...@linkedin.com Wrote: > Ok, lets forget the shared key stored in > cf-exced's anonymous memory segment for a b

CFEngine Help: Re: Thoughts of encrypting the entire Cfengine workspace?

Forum: CFEngine Help Subject: Re: Thoughts of encrypting the entire Cfengine workspace? Author: msvob...@linkedin.com Link to topic: https://cfengine.com/forum/read.php?3,25714,25753#msg-25753 ms> Most exploits / data loss happen from _within_ the organization. If I ms> give a developer / fellow

CFEngine Help: Re: CFEngine Help: Re: libtokyocabinet.so.9 error on AIX 5.2

Forum: CFEngine Help Subject: Re: CFEngine Help: Re: libtokyocabinet.so.9 error on AIX 5.2 Author: raymondcox Link to topic: https://cfengine.com/forum/read.php?3,25650,25752#msg-25752 The output I had was the result of user error. Sorry for the confusion.

Re: the need for cf-serverd on CF3 clients

On 04/30/2012 12:58 AM, Abid Khwaja wrote: > I have a client CF3 host (cfengine 3.2.3) that is running the policy below. > When I run "cf-execd --no-fork”, I see that 2 additional processes are > started: cf-monitord & cf-serverd. Shouldn’t cf-serverd only run the the > CF3 master host? Ther

CFEngine Help: Re: copy_from: would like priority list of sources, then silent fail

Forum: CFEngine Help Subject: Re: copy_from: would like priority list of sources, then silent fail Author: davidlee Link to topic: https://cfengine.com/forum/read.php?3,25584,25750#msg-25750 Many thanks for the replies on this, and my apologies for the delayed acknowledgment. Diego: as I unders

CFEngine Help: NFS mount options and behaviour

Forum: CFEngine Help Subject: NFS mount options and behaviour Author: jbdenis Link to topic: https://cfengine.com/forum/read.php?3,25748,25748#msg-25748 Hello everybody, I've got some questions about the NFS mount behaviour in CFEngine 3.3.0. If I've got this body for mount : body mount nfs3(s