Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-826

Ability to update checksum_digests silently

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Open
    • Priority: (None)
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: cf-agent
    • Labels:

      Description

      Simple usecase would be:

      • Have change detection for /etc/ {passwd,shadow,group}
      • Add user with cfengine to the client
      • Set class that $(files) were edited.
      • Update the db of given files silently, as we know what files we've edited in this run.

      If the update class isn't set, and the files were touched outside of cfengine, then we'd get a warning as normal.

      Do point me to the right direction if this can already be done.
      Old thread about this: https://groups.google.com/d/msg/help-cfengine/mpRYeHb5g9c/Dd4tYBbWA7sJ

      This could be an additional parameter in body changes, ie:

        body changes detect_all_silently {
          report_changes  => "all";
          update_hashes   => "yes";
          update_silently => "true";
        }
        

      Then in in pseudo-code, we could run something like this as the first and last bundle in sequence:

        bundle agent tripwire {
        files:
         "$(g.trips)"
            comment => "Update hash on $(g.trips) silently",
            changes => detect_all_silently,
            ifvarclass => canonify("$(g.trips)_updated");
         "$(g.trips)"
            comment => "Check for unauthorized changes on $(g.trips)",
            changes => detect_all_change,
            ifvarclass => not(canonify("$(g.trips)_updated"));
        }
        
        body changes detect_all_change {
          report_changes => "all";
          update_hashes  => "yes";
        }
        
        body changes detect_all_silently {
          report_changes  => "all";
          update_hashes   => "yes";
          update_silently => "true";
        }
        

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              terok Tero Kantonen
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:

                Summary Panel