[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

cfengine 3 security

Posted on 2010-11-15
1
Medium Priority
?
775 Views
Last Modified: 2012-05-10
Below is my security configuration in promises.cf
Cfengine server distributes it to all the clinets. But I do not want to allow 195.168.1.* on the clients I only want allow 192.168.1.10 on the clients and 192.168.1.* on the server.
What is the best way to have different security settings on cfengine server and cfengine client?
body server control

{
allowconnects         => { "192.168.1.*" };
allowallconnects      => { "192.168.1.*" };
trustkeysfrom         => { "192.168.1.*" };

# Make updates and runs happen in one

cfruncommand          => "$(sys.workdir)/bin/cf-agent -f failsafe.cf &&
$(sys.workdir)/bin/cf-agent";
allowusers            => { "root" , "aleksey" };
}

Open in new window

0
Comment
Question by:1oo4
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 4

Accepted Solution

by:
1oo4 earned 0 total points
ID: 34144596
body server control
{
    policy_server::
allowconnects         => { "192.168.1.*" };
allowallconnects      => { "192.168.1.*" };
trustkeysfrom         => { "192.168.1.*" };

   !policy_server::
allowconnects         => { "192.168.1.10" };
allowallconnects      => { "192.168.1.10" };
trustkeysfrom         => { "192.168.1.10" };

allowusers            => { "root" , "aleksey" };
}

Open in new window


Policy server class can be defined in a common bundle:
bundle common g
{
# Define some global variables
vars:
        "masterfiles" string => "/var/cfengine/masterfiles";
        "inputs" string => "/var/cfengine/inputs";
        "workdir" string => "/var/cfengine";
        "phost" string => "192.168.1.10";
        "crontab" string => "/etc/crontab";

classes:

"policy_server" expression => classify("$(g.phost)");

}

Open in new window

0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Popular third-party chat platforms like Slack, Discord, and Telegram are just a few of the many new productivity applications that are being hijacked by cybercriminals to create command-and-control (C&C) communications infrastructures for their malw…
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question