Solved

cfengine 3 security

Posted on 2010-11-15
1
754 Views
Last Modified: 2012-05-10
Below is my security configuration in promises.cf
Cfengine server distributes it to all the clinets. But I do not want to allow 195.168.1.* on the clients I only want allow 192.168.1.10 on the clients and 192.168.1.* on the server.
What is the best way to have different security settings on cfengine server and cfengine client?
body server control

{
allowconnects         => { "192.168.1.*" };
allowallconnects      => { "192.168.1.*" };
trustkeysfrom         => { "192.168.1.*" };

# Make updates and runs happen in one

cfruncommand          => "$(sys.workdir)/bin/cf-agent -f failsafe.cf &&
$(sys.workdir)/bin/cf-agent";
allowusers            => { "root" , "aleksey" };
}

Open in new window

0
Comment
Question by:1oo4
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 4

Accepted Solution

by:
1oo4 earned 0 total points
ID: 34144596
body server control
{
    policy_server::
allowconnects         => { "192.168.1.*" };
allowallconnects      => { "192.168.1.*" };
trustkeysfrom         => { "192.168.1.*" };

   !policy_server::
allowconnects         => { "192.168.1.10" };
allowallconnects      => { "192.168.1.10" };
trustkeysfrom         => { "192.168.1.10" };

allowusers            => { "root" , "aleksey" };
}

Open in new window


Policy server class can be defined in a common bundle:
bundle common g
{
# Define some global variables
vars:
        "masterfiles" string => "/var/cfengine/masterfiles";
        "inputs" string => "/var/cfengine/inputs";
        "workdir" string => "/var/cfengine";
        "phost" string => "192.168.1.10";
        "crontab" string => "/etc/crontab";

classes:

"policy_server" expression => classify("$(g.phost)");

}

Open in new window

0

Featured Post

Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn how ViaSat reduced average response times for IT incidents from 10 minutes to 30 seconds.
Are client relationship the only driver of a successful MSP? While important, client relationships are only one component. Learn how else MSPs can broaden their horizon and differentiate themselves.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question