Hi All,
I'm attempting to apply filters for file checks in /tmp and /var/tmp but things aren't working as I had expected. Any ideas?
Below is some (hopefully) relevant info.
Thanks, Harry
filters: { tmpexe
Type: "reg" ExecRegex: "/usr/bin/file (.*executable.*)" Result: "ExecRegex" DefineClasses: "tmpalert" }
files: /tmp filter=tmpexe action=alert r=inf /var/tmp filter=tmpexe action=alert r=inf
Running "/usr/bin/file" on "/tmp/test.sh" results in: /tmp/test.sh: Bourne-Again shell script text executable
Running cfengine in debug mode seems to show that the file should be ignored (which it shouldn't)?
IgnoreFile(/tmp,test.sh) CheckExistingFile(/tmp/test.sh) cf:mason: Checking fs-object /tmp/test.sh CheckExistingFile(+0,-0) IgnoredOrExcluded(/tmp/test.sh) FileObjectFilter(/tmp/test.sh) Applying filter tmpexe Prepending [reg] Prepending [file] Prepending [Type] AddMacroValue(main.this=/tmp/test.sh) ExpandVarstring(/tmp/test.sh) Added Macro at hash address 18 to object main with value this=/tmp/test.sh ExpandVarstring(/usr/bin/file (.*executable.*)) cfpopen(/usr/bin/file ) cfpclose(pp) cfpopen - Waiting for process 23151 Filter result on /tmp/test.sh was 0 Skipping filtered file /tmp/test.sh
_______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine
