Forum: Cfengine Help
Subject: please advise on cfengine3 security design best practices
Author: rgrigorov
Link to topic: https://cfengine.com/forum/read.php?3,19246,19246#msg-19246
Below is my security configuration in promises.cf
Cfengine server distributes it to all the clinets. But I do not want to allow
195.168.1.* on all the clients.
I only want allow 192.168.1.10 (server) on the clients and 192.168.1.* on the
server.
What is the best way to have different security settings on cfengine server and
cfengine client?
body server control
{
allowconnects => { "192.168.1.*" };
allowallconnects => { "192.168.1.*" };
trustkeysfrom => { "192.168.1.*" };
# Make updates and runs happen in one
cfruncommand => "$(sys.workdir)/bin/cf-agent -f failsafe.cf &&
$(sys.workdir)/bin/cf-agent";
allowusers => { "root" , "aleksey" };
}
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
