Forum: CFEngine Help
Subject: File mode checking promise state?
Author: sauer
Link to topic: https://cfengine.com/forum/read.php?3,24219,24219#msg-24219
So, I have a promise which is checking the mode on a file, and which should
alert if the mode changes. It seems that the promise is considered to be kept
regardless of whether the mode has changed or not (in both 3.1.5 and 3.2.1).
This seems like a bug to me, but I thought I'd ask if I'm overlooking something
before reporting it as such:
Output:
user@host
$ chmod 755 /tmp/x
user@host
$ ./tripwire.cf
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
ALERT: Permissions for /tmp/x changed 100640 -> 100755
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
R: /tmp/x was ok
user@host
$ chmod 750 /tmp/x
user@host
$ ./tripwire.cf
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
ALERT: Permissions for /tmp/x changed 100755 -> 100750
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
R: /tmp/x was ok
Code:
#!/var/cfengine/bin/cf-agent -Kf
body common control { bundlesequence => { "a" }; }
bundle agent a {
vars:
"file" string => "/tmp/x";
files:
"$(file)"
changes => checksum,
classes => classalert("$(file)");
reports:
agent::
"$(file) was ok" ifvarclass => canonify( "$(file)_ok" );
"$(file) was fixed" ifvarclass => canonify( "$(file)_fixed" );
}
body classes classalert (x){
promise_kept => { "$(x)_ok" };
promise_repaired => { "$(x)_fixed" };
}
body changes checksum {
hash => "sha1";
report_changes => "stats";
update_hashes => "true";
}
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
