diff options
author | Jonas Smedegaard <dr@jones.dk> | 2005-12-11 16:22:10 +0000 |
---|---|---|
committer | Jonas Smedegaard <dr@jones.dk> | 2005-12-11 16:22:10 +0000 |
commit | 33a0837004c2997a8e2e451151c8a761f1c4e98b (patch) | |
tree | 81f02b8c73448c6ba539e8217ae74b011d175e54 /integrit | |
parent | 18890adf49f168a45dc29f63f50257e724a895e3 (diff) |
Add new CFengine script to adjust default Debian config to sane working condition.
Diffstat (limited to 'integrit')
-rwxr-xr-x | integrit/integrit.cf | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/integrit/integrit.cf b/integrit/integrit.cf new file mode 100755 index 0000000..4c86fe6 --- /dev/null +++ b/integrit/integrit.cf @@ -0,0 +1,51 @@ +#! /usr/bin/cfengine -qf + +control: + OutputPrefix = ("${cf_prefix}") + actionsequence = ( editfiles ) + +editfiles: + { /etc/integrit/integrit.conf + # + # Uncomment suggested defaults + # + SetCommentStart "# " + SetCommentEnd "" + UnCommentLinesMatching "^# root=/" + UnCommentLinesMatching "^# known=/var/lib/integrit/.*" + UnCommentLinesMatching "^# current=/var/lib/integrit/.*" + UnCommentLinesMatching "^# !/cdrom" + UnCommentLinesMatching "^# !/dev" + UnCommentLinesMatching "^# !/etc" + UnCommentLinesMatching "^# !/floppy" + UnCommentLinesMatching "^# !/home" + UnCommentLinesMatching "^# !/lost\+found" + UnCommentLinesMatching "^# !/mnt" + UnCommentLinesMatching "^# !/proc" + UnCommentLinesMatching "^# !/root" + UnCommentLinesMatching "^# !/tmp" + UnCommentLinesMatching "^# !/var" + UnCommentLinesMatching "^# =/usr/include" + UnCommentLinesMatching "^# =/usr/X11R6/include" + UnCommentLinesMatching "^# =/usr/doc" + UnCommentLinesMatching "^# =/usr/info" + UnCommentLinesMatching "^# =/usr/share" + UnCommentLinesMatching "^# =/usr/X11R6/man" + UnCommentLinesMatching "^# =/usr/X11R6/lib/X11/fonts" + UnCommentLinesMatching "^# !/usr/local" + UnCommentLinesMatching "^# !/usr/src" + AppendIfNoSuchLine "!/initrd" + AppendIfNoSuchLine "!/.journal" + AppendIfNoSuchLine "!/usr/local" + AppendIfNoSuchLine "!/usr/src" + AppendIfNoSuchLine "!/dev/cpu/mtrr" + } + { /etc/integrit/integrit.debian.conf + # + # Make sure CONFIGS is set to /etc/integrit/integrit.conf + # + LocateLineMatching "^CONFIGS=.*" + BeginGroupIfNoLineMatching '^CONFIGS="/etc/integrit/integrit.conf"' + ReplaceLineWith 'CONFIGS="/etc/integrit/integrit.conf"' + EndGroup + } |