Solved

cfengine 3 security

Posted on 2010-11-15
1
753 Views
Last Modified: 2012-05-10
Below is my security configuration in promises.cf
Cfengine server distributes it to all the clinets. But I do not want to allow 195.168.1.* on the clients I only want allow 192.168.1.10 on the clients and 192.168.1.* on the server.
What is the best way to have different security settings on cfengine server and cfengine client?
body server control

{
allowconnects         => { "192.168.1.*" };
allowallconnects      => { "192.168.1.*" };
trustkeysfrom         => { "192.168.1.*" };

# Make updates and runs happen in one

cfruncommand          => "$(sys.workdir)/bin/cf-agent -f failsafe.cf &&
$(sys.workdir)/bin/cf-agent";
allowusers            => { "root" , "aleksey" };
}

Open in new window

0
Comment
Question by:1oo4
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 4

Accepted Solution

by:
1oo4 earned 0 total points
ID: 34144596
body server control
{
    policy_server::
allowconnects         => { "192.168.1.*" };
allowallconnects      => { "192.168.1.*" };
trustkeysfrom         => { "192.168.1.*" };

   !policy_server::
allowconnects         => { "192.168.1.10" };
allowallconnects      => { "192.168.1.10" };
trustkeysfrom         => { "192.168.1.10" };

allowusers            => { "root" , "aleksey" };
}

Open in new window


Policy server class can be defined in a common bundle:
bundle common g
{
# Define some global variables
vars:
        "masterfiles" string => "/var/cfengine/masterfiles";
        "inputs" string => "/var/cfengine/inputs";
        "workdir" string => "/var/cfengine";
        "phost" string => "192.168.1.10";
        "crontab" string => "/etc/crontab";

classes:

"policy_server" expression => classify("$(g.phost)");

}

Open in new window

0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
CENTOS DHCP Server / PXE/TFTP 14 212
Windows Restrict installation 11 54
CLI command keep running after close 7 56
pvcreate issue 5 30
Both MMF (multi-mode fiber) and SMF (single-mode fiber) are types of optical fiber that can aid in communication applications. These thin strands of silica or glass will allow communication to occur between devices. The transmission of light between…
One of the most frustrating experiences a help desk technician will ever encounter is when a customer comes to them with a solution of their own invention and expects the tech to implement it. This often happens when people with a little bit of tech…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question