path: root/integrit/integrit.cf

#! /usr/bin/cfengine -qf

control:
    OutputPrefix    = ("${cf_prefix}")
    actionsequence  = ( editfiles )

editfiles:
    { /etc/integrit/integrit.conf
        #
        # Uncomment suggested defaults
        #
        SetCommentStart "# "
        SetCommentEnd ""
        UnCommentLinesMatching "^# root=/"
        UnCommentLinesMatching "^# known=/var/lib/integrit/.*"
        UnCommentLinesMatching "^# current=/var/lib/integrit/.*"
        UnCommentLinesMatching "^# !/cdrom"
        UnCommentLinesMatching "^# !/dev"
        UnCommentLinesMatching "^# !/etc"
        UnCommentLinesMatching "^# !/floppy"
        UnCommentLinesMatching "^# !/home"
        UnCommentLinesMatching "^# !/lost\+found"
        UnCommentLinesMatching "^# !/mnt"
        UnCommentLinesMatching "^# !/proc"
        UnCommentLinesMatching "^# !/root"
        UnCommentLinesMatching "^# !/tmp"
        UnCommentLinesMatching "^# !/var"
        UnCommentLinesMatching "^# =/usr/include"
        UnCommentLinesMatching "^# =/usr/X11R6/include"
        UnCommentLinesMatching "^# =/usr/doc"
        UnCommentLinesMatching "^# =/usr/info"
        UnCommentLinesMatching "^# =/usr/share"
        UnCommentLinesMatching "^# =/usr/X11R6/man"
        UnCommentLinesMatching "^# =/usr/X11R6/lib/X11/fonts"
        UnCommentLinesMatching "^# !/usr/local"
        UnCommentLinesMatching "^# !/usr/src"
        AppendIfNoSuchLine "!/initrd"
        AppendIfNoSuchLine "!/.journal"
        AppendIfNoSuchLine "!/usr/local"
        AppendIfNoSuchLine "!/usr/src"
        AppendIfNoSuchLine "!/dev/cpu/mtrr"
        AppendIfNoSuchLine "!/sys"
    }
    { /etc/integrit/integrit.debian.conf
        #
        # Make sure CONFIGS is set to /etc/integrit/integrit.conf
        #
        LocateLineMatching "^CONFIGS=.*"
        BeginGroupIfNoLineMatching '^CONFIGS="/etc/integrit/integrit.conf"'
            ReplaceLineWith 'CONFIGS="/etc/integrit/integrit.conf"'
        EndGroup
    }