Again, thank you for responding. This, again, is pretty much default. I added one ignore for /usr/local to the scan options. I don't see an invocation of "tidy" here, unless it is assumed to be part of the "files" function. (I'm going to scan the documents to see if there is a connection there.)
cfagent.conf ---------------------------------------------------------------------------------------- # # Simple cfengine configuration file # control: actionsequence = ( checktimezone files ) domain = ( example.com ) timezone = ( PST ) smtpserver = ( ntp.example.com ) # used by cfexecd sysadm = ( [EMAIL PROTECTED] ) # where to mail output ###################################################################### files: # Check some important files /etc/passwd mode=644 owner=root action=fixall /etc/shadow mode=600 owner=root action=fixall # Do a tripwire check on binaries! /usr # Scan /usr dir owner=root,daemon # all files must be owned by root or daemon checksum=md5 # use md5 or sha recurse=inf # all subdirs ignore=tmp # skip /usr/tmp ignore=local # skip /usr/local action=fixall _______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine