Forum: CFEngine Help
Subject: Re: Explanation for 3x iteration in a bundle
Author: Beto
Link to topic: https://cfengine.com/forum/read.php?3,24402,24408#msg-24408
My example didn't copy/paste correctly.
bundle agent check_user_files
{
vars:
!dotFilesFound::
# Put all users in /etc/passwd into the array "HomeDir", excluding
# uids 1-199, nobody (-2), oracle (204), applmgr (205), paris (302),
# manpower (321) hpsmh (430), nfsnobody (65534, 4294967294) and
# ids (1000).
"HomeDirn" int => readstringarray(
"HomeDir",
"/etc/passwd",
"[^\n]*:[*x]:([1-9]|\d{2}|1\d{1,2}|-2|204|205|302|321|430|65534|4294967294|1000):[^\n]*",
":",
"300",
"12000"
);
!dotFilesList.!dotFilesFound::
"HomeUsr" slist => getindices("HomeDir"),
policy => "overridable";
dotFilesFound::
"dotFilesList" slist => splitstring("$(FindDotFiles.dotFiles)","
","800");
classes:
"dotFilesList" expression => isvariable("dotFilesList");
!dotFilesFound::
# FindDotFiles finds user initialization ("dot") files of interest and
returns
# them in the cfengine variable "dotFiles". A module is used because
cfengine
# doesn't support file_select with an edit_line promise.
"dotFilesFound" expression => usemodule("FindDotFiles","");
files:
any::
"$(HomeDir[$(HomeUsr)][5])"
comment => "GEN001860, GEN001880",
perms =>
mog("o-rwx,g-wx","$(HomeDir[$(HomeUsr)][2])","$(HomeDir[$(HomeUsr)][3])"),
depth_search => recurse("1"),
file_select => by_name("\..*");
"$(HomeDir[$(HomeUsr)][5])"
comment => "GEN001480, GEN001500, GEN001520, GEN001540,
GEN001560",
perms =>
mog("o-rwx,g-w","$(HomeDir[$(HomeUsr)][2])","$(HomeDir[$(HomeUsr)][3])"),
depth_search => recurse_include_basedir("inf"),
file_select => exclude("disckpnt.bin");
dotFilesList::
"$(dotFilesList)"
comment => "GEN002560",
edit_line => dot_file_check,
edit_defaults => no_edit_backup;
reports:
# A debug report can be generated with the following command:
# cf-agent -KInbcheck_user_files -Ddebug -f ./promises.cf
debug::
"Checking perms/owner in $(HomeDir[$(HomeUsr)][0]) \
$(HomeDir[$(HomeUsr)][2]):$(HomeDir[$(HomeUsr)][3]) \
$(HomeDir[$(HomeUsr)][5])";
debug.dotFilesList::
"Checking umask in $(dotFilesList)";
"";
"List of files found by FindDotFiles module:";
"$(FindDotFiles.dotFiles)";
}
#########################################################
#
# Bodies
#
bundle edit_line dot_file_check
{
replace_patterns:
"umask\s+0?22"
replace_with => value("umask 077 # GEN002560");
}
body edit_defaults no_edit_backup
{
edit_backup => "false";
}
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
