diff options
| -rwxr-xr-x | integrit/integrit.cf | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/integrit/integrit.cf b/integrit/integrit.cf new file mode 100755 index 0000000..4c86fe6 --- /dev/null +++ b/integrit/integrit.cf @@ -0,0 +1,51 @@ +#! /usr/bin/cfengine -qf + +control: + OutputPrefix = ("${cf_prefix}") + actionsequence = ( editfiles ) + +editfiles: + { /etc/integrit/integrit.conf + # + # Uncomment suggested defaults + # + SetCommentStart "# " + SetCommentEnd "" + UnCommentLinesMatching "^# root=/" + UnCommentLinesMatching "^# known=/var/lib/integrit/.*" + UnCommentLinesMatching "^# current=/var/lib/integrit/.*" + UnCommentLinesMatching "^# !/cdrom" + UnCommentLinesMatching "^# !/dev" + UnCommentLinesMatching "^# !/etc" + UnCommentLinesMatching "^# !/floppy" + UnCommentLinesMatching "^# !/home" + UnCommentLinesMatching "^# !/lost\+found" + UnCommentLinesMatching "^# !/mnt" + UnCommentLinesMatching "^# !/proc" + UnCommentLinesMatching "^# !/root" + UnCommentLinesMatching "^# !/tmp" + UnCommentLinesMatching "^# !/var" + UnCommentLinesMatching "^# =/usr/include" + UnCommentLinesMatching "^# =/usr/X11R6/include" + UnCommentLinesMatching "^# =/usr/doc" + UnCommentLinesMatching "^# =/usr/info" + UnCommentLinesMatching "^# =/usr/share" + UnCommentLinesMatching "^# =/usr/X11R6/man" + UnCommentLinesMatching "^# =/usr/X11R6/lib/X11/fonts" + UnCommentLinesMatching "^# !/usr/local" + UnCommentLinesMatching "^# !/usr/src" + AppendIfNoSuchLine "!/initrd" + AppendIfNoSuchLine "!/.journal" + AppendIfNoSuchLine "!/usr/local" + AppendIfNoSuchLine "!/usr/src" + AppendIfNoSuchLine "!/dev/cpu/mtrr" + } + { /etc/integrit/integrit.debian.conf + # + # Make sure CONFIGS is set to /etc/integrit/integrit.conf + # + LocateLineMatching "^CONFIGS=.*" + BeginGroupIfNoLineMatching '^CONFIGS="/etc/integrit/integrit.conf"' + ReplaceLineWith 'CONFIGS="/etc/integrit/integrit.conf"' + EndGroup + } |