#! /usr/bin/cfengine -qf

control:
	OutputPrefix	= ("${cf_prefix}")
	actionsequence	= ( editfiles )

editfiles:
	{ /etc/integrit/integrit.conf
		#
		# Uncomment suggested defaults
		#
		SetCommentStart "# "
		SetCommentEnd ""
		UnCommentLinesMatching "^# root=/"
		UnCommentLinesMatching "^# known=/var/lib/integrit/.*"
		UnCommentLinesMatching "^# current=/var/lib/integrit/.*"
		UnCommentLinesMatching "^# !/cdrom"
		UnCommentLinesMatching "^# !/dev"
		UnCommentLinesMatching "^# !/etc"
		UnCommentLinesMatching "^# !/floppy"
		UnCommentLinesMatching "^# !/home"
		UnCommentLinesMatching "^# !/lost\+found"
		UnCommentLinesMatching "^# !/mnt"
		UnCommentLinesMatching "^# !/proc"
		UnCommentLinesMatching "^# !/root"
		UnCommentLinesMatching "^# !/tmp"
		UnCommentLinesMatching "^# !/var"
		UnCommentLinesMatching "^# =/usr/include"
		UnCommentLinesMatching "^# =/usr/X11R6/include"
		UnCommentLinesMatching "^# =/usr/doc"
		UnCommentLinesMatching "^# =/usr/info"
		UnCommentLinesMatching "^# =/usr/share"
		UnCommentLinesMatching "^# =/usr/X11R6/man"
		UnCommentLinesMatching "^# =/usr/X11R6/lib/X11/fonts"
		UnCommentLinesMatching "^# !/usr/local"
		UnCommentLinesMatching "^# !/usr/src"
		AppendIfNoSuchLine "!/initrd"
		AppendIfNoSuchLine "!/.journal"
		AppendIfNoSuchLine "!/usr/local"
		AppendIfNoSuchLine "!/usr/src"
		AppendIfNoSuchLine "!/dev/cpu/mtrr"
		AppendIfNoSuchLine "!/sys"
	}
	{ /etc/integrit/integrit.debian.conf
		#
		# Make sure CONFIGS is set to /etc/integrit/integrit.conf
		#
		LocateLineMatching "^CONFIGS=.*"
		BeginGroupIfNoLineMatching '^CONFIGS="/etc/integrit/integrit.conf"'
			ReplaceLineWith 'CONFIGS="/etc/integrit/integrit.conf"'
		EndGroup
	}