Cfengine Help: Re: please advise on cfengine3 security design best practices

no-reply Mon, 15 Nov 2010 06:47:24 -0800

Forum: Cfengine Help
Subject: Re: please advise on cfengine3 security design best practices
Author: Seva Gluschenko
Link to topic: https://cfengine.com/forum/read.php?3,19246,19247#msg-19247


In the following example I presume that you have a certain way to define your 
policy server (typically classmatch against hostname):


body server control
{
    policy_server::
allowconnects         => { "192.168.1.*" };
allowallconnects      => { "192.168.1.*" };
trustkeysfrom         => { "192.168.1.*" };

   !policy_server::
allowconnects         => { "192.168.1.10" };
allowallconnects      => { "192.168.1.10" };
trustkeysfrom         => { "192.168.1.10" };

allowusers            => { "root" , "aleksey" };
}


By the way, as of 3.0.5 Cfengine doesn't allow shell interpreter in 
cfruncommand command, so having '&&' there is not possible anymore.

_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine

Cfengine Help: Re: please advise on cfengine3 security design best practices

Reply via email to