--- ./doc.orig/cfengine-Reference.texinfo 2005-01-23 02:08:01.000000000 -0600 +++ ./doc/cfengine-Reference.texinfo 2005-02-01 18:05:05.000000000 -0600 @@ -164,6 +164,7 @@ @noindent The preferred method of installation is then + @smallexample tar zxf cfengine-x.x.x.tar.gz cd cfengine-x.x.x @@ -188,6 +189,7 @@ to a single directory which defaults to @file{/var/cfengine} (by analogy with @file{/var/cron}): +@w{} @smallexample /var/cfengine /var/cfengine/bin @@ -265,6 +267,7 @@ @end itemize To see all of the classes define on a particular host, run + @smallexample host# cfagent -p -v @end smallexample @@ -326,6 +329,7 @@ @noindent For example: + @smallexample classes: @@ -372,6 +376,7 @@ The only place where it makes sense to refer to a file without a complete directory specification is when searching through directories for different kinds of file, e.g. + @smallexample tidy: @@ -387,6 +392,7 @@ has since been ported to Windows operating systems and MacOS X. The Windows operating systems traditionally use a different filename convention. The following are all valid absolute file names under Windows: + @smallexample c:\winnt c:/winnt @@ -396,6 +402,7 @@ The `drive' name "C:" in Windows refers to a partition or device. Unlike Unix, Windows does not integrate these seamlessly into a single file-tree. This is not a valid absolute filename: + @smallexample \var\cfengine\inputs @end smallexample @@ -439,6 +446,7 @@ The very first thing you should do on every host is to establish a public-private key pair. To do this, you need to run the program + @smallexample everyhost# cfkey @end smallexample @@ -477,6 +485,7 @@ The @code{cfshow} command was introduced in cfengine 2.1.11 in order to provide a simple command line query of the various databases used to store operational state by cfagent. + @smallexample everyhost# cfshow -a everyhost# cfshow -l @@ -499,6 +508,7 @@ communication with the current host. The expected interval between communications is also printed. See FriendStatus. The output format is in a form that can easily be parsed by user scripts. e.g. + @smallexample 192.0.2.1 (answered us) at [Wed May 26 16:39:03 2004] i.e. not seen for !2860.08! hours; = @{63325.64@} hours 192.0.2.3 (answered us) at [Wed May 26 16:39:03 2004] i.e. not seen for !2860.08! hours; = @{90465.20@} hours @@ -600,6 +610,8 @@ @subsection The file cfagent.conf @cartouche + +@w{} @smallexample control: @@ -804,6 +816,7 @@ In version 2.0.4, an abbreviation for actionsequence exclusions was added: +@w{} @smallexample $ cfagent --avoid resolve,copy $ cfagent --just tidy --just shellcommands @@ -819,16 +832,19 @@ Variables in cfengine 2 are defined in contexts. Variables in a given context refer to the different phases of execution of cfengine: global, update and main. In the "current" context, variables have the form + @smallexample $(variable) $@{variable@} @end smallexample and are expanded either on parsing or at execution. Variables that cannot be expanded remain as dollar strings. Variables belonging to a context that is not the current one may be referred to as + @smallexample $(@var{context}.variable) $@{@var{context}.variable@} @end smallexample e.g. + @smallexample $(global.env_time) @end smallexample @@ -867,6 +883,7 @@ @cindex Variables, setting to result of a shell command @vindex @code{exec} + @smallexample control: @@ -893,6 +910,7 @@ @table @code @item A(@var{X},@var{Y}) Makes an associative array entry, associating @var{X} and @var{Y}. For instance: + @smallexample control: @@ -901,6 +919,7 @@ @end smallexample @noindent results in: + @smallexample OBJECT: main @@ -910,6 +929,7 @@ @end smallexample @cindex Associative arrays. Another example: + @smallexample control: @@ -950,6 +970,7 @@ @item textkey If this format is specified, @code{ReadArray} tries to interpret the file as a list of lines of the form: + @smallexample key,value @end smallexample @@ -976,6 +997,7 @@ @item textkey If this format is specified, @code{ReadArray} tries to interpret the file as a list of lines of the form: + @smallexample key1,key2,,value @end smallexample @@ -991,6 +1013,8 @@ items on separate lines. The value returned is a list formatted by the @code{Split} character. @cindex Associative arrays. @end table + +@w{} @smallexample hosts = ( ReadList(/var/cfengine/inputs/datafile,lines,#,1000) ) @@ -1004,6 +1028,8 @@ returns a list variable, delimited by the list separation character, for use with Split. @cindex SelectPartitionGroup @cindex Peer to peer methods + +@w{} @smallexample control: @@ -1024,6 +1050,8 @@ a leader for the the group and returns its name as the value of the function. @cindex SelectPartitionLeader @cindex Peer to peer methods + +@w{} @smallexample control: @@ -1057,6 +1085,7 @@ @end smallexample In the latter case, the file could look like this: + @smallexample host$ more /tmp/array one,String to tbe read @@ -1065,6 +1094,7 @@ @end smallexample @noindent and results in the definition of (verify with @code{cfagent -p -d3}): + @smallexample OBJECT: main 960 : listvar[one]=String to tbe read @@ -1173,6 +1203,7 @@ The IPv4 address of the named interface, determined from a probe of the interfaces. This variable belongs in the global context and refers to as in the following examples: + @smallexample $@{global.ipv4[hme0]@} @@ -1196,6 +1227,7 @@ the string, or have a different prefix for different hosts. The value in this variable is appended with the name of the host. The default is equivalent to, + @smallexample OutputPrefix = ( "cfengine:$(host):") @end smallexample @@ -1317,6 +1349,7 @@ in a future version. When a variable is used as an iterator, a character is chosen to represent a list separator, as in the shell @samp{IFS} variable. The default separator is the colon @samp{:} character: + @smallexample control: @@ -1325,12 +1358,14 @@ @end smallexample The action that contains a variable to be interpreted as a list appears as separate actions, one for each case: + @smallexample shellcommand: "/bin/echo $(listvar)" @end smallexample is equivalent to + @smallexample shellcommand: @@ -1340,6 +1375,7 @@ "/bin/echo four" @end smallexample If multiple iterators are used, these are handled as nested loops: + @smallexample cfengine::/bin/echo one 1: one 1 cfengine::/bin/echo one 2: one 2 @@ -1359,6 +1395,7 @@ cfengine::/bin/echo four : four 4 @end smallexample Where iterators are not allowed, the implied lists are treated as scalars: + @smallexample alerts: @@ -1368,6 +1405,7 @@ "do $(list1) $(list2)" @end smallexample e.g. + @smallexample cfengine:: do one:two:three:four 1:2:3:4 @@ -1479,6 +1517,8 @@ @cindex Compound classes @cindex Classes, compound + +@w{} @smallexample myclass.sun4.Monday:: @@ -1557,6 +1597,7 @@ and similarly, so allow all hosts in a user-defined group @code{mygroup}, @emph{except} for @code{myhost}, you would write +@w{} @smallexample @var{action}: @@ -1654,6 +1695,8 @@ @cindex ACLs @cartouche + +@w{} @smallexample acl: @@ -1784,6 +1827,7 @@ set equal to a specified mask. The @samp{+} symbol means add, the @samp{-} symbol subtract and @samp{=} means set equal to. Here are some examples: + @smallexample @var{acltype}:@var{id/*}:@var{mask} @@ -1873,6 +1917,8 @@ DFS permissions are comprised of the bits @samp{crwxid}, where: + +@w{} @smallexample @b{c} - Grants control privileges, to modify an acl. @b{r} - Grants read privileges. @@ -1903,6 +1949,7 @@ @cindex NT, ACL NT ACEs are written as follows: + @smallexample acl_type:user/group:permissions:accesstype @end smallexample @@ -1913,6 +1960,7 @@ object. However this functionality is as of today not yet implemented. In NT, the ACL type can be one of the following: + @smallexample user group @@ -1920,6 +1968,7 @@ Both types require that you specify the name of a user or a group. NT permissions are comprised of the bits @samp{rwxdpo}, where: + @smallexample r - Read privileges w - Write privileges @@ -1935,6 +1984,7 @@ provided with cfengine as well. You can use the standards by setting the permission to @code{read}, @code{change} or @code{all}. The bit implementation of each standard is as on NT: + @smallexample read - rx change - rwxd @@ -1947,6 +1997,7 @@ NT defines several different access types, of which only two are used in connection with the ACL type that is implemented in cfengine for NT. The access type can be one of the following: + @smallexample allowed denied @@ -2067,6 +2118,7 @@ every host. In a huge network this could result in vast amounts of Email. This behaviour can be forced, however, by creating an alias for the class `any' that is defined on the affected hosts. + @smallexample alerts: @@ -2087,6 +2139,7 @@ @cindex SetState() @cindex UnsetState() +@w{} @smallexample alerts: @@ -2109,6 +2162,7 @@ The @code{ShowState()} function reports on state gathered by the cfenvd daemon. + @smallexample ShowState(incoming.tcpsyn) ShowState(outgoing.smtp) @@ -2119,6 +2173,7 @@ @end smallexample To limit the frequency of alerts, you can set locking times: + @smallexample # ROOT PROCS @@ -2130,6 +2185,7 @@ @end smallexample Alerts can also be channeled directly to syslog, to avoid extraneous console messages or email. + @smallexample SysLog(LOG_ERR,"Test syslog message") @@ -2147,6 +2203,7 @@ For example, consider setting a class that acts like a non-resettable timer. It is defined for exactly 10 minutes before expiring. + @smallexample SetState("preserved_class",10,Preserve) @@ -2154,12 +2211,14 @@ @end smallexample Or to set a class that acts as a resettable timer. It is defined for 60 minutes unless the SetState call is called again to extend its lifetime. + @smallexample SetState(non_preserved_class,60,Reset) @end smallexample Existing persistent classes can be deleted with: + @smallexample UnsetState(myclass) @@ -2296,6 +2355,8 @@ executed. The syntax of declarations here is: @cartouche + +@w{} @smallexample control: @@ -2598,6 +2659,7 @@ mechanism has been introduced in version 1.5 which allows you to include a module of your own making in order to define or undefine a number of classes. The syntax + @smallexample module:mytests @@ -2850,6 +2912,7 @@ Normally cfagent warns about redefinitions of variables during parsing. This is presumed to be a mistake. To avoid this behaviour, add the name of the variable to this list, and the warning disappears. + @smallexample control: @@ -2871,6 +2934,7 @@ @node AutoDefine, BinaryPaddingChar, AllowRedefinitionOf, control @subsection AutoDefine +@w{} @smallexample control: @@ -2892,6 +2956,8 @@ @node BinaryPaddingChar, ChecksumDatabase, AutoDefine, control @subsection BinaryPaddingChar + +@w{} @smallexample BinaryPaddingChar = ( \0 ) @end smallexample @@ -2908,6 +2974,7 @@ @node ChecksumDatabase, BindToInterface(cfagent), BinaryPaddingChar, control @subsection ChecksumDatabase +@w{} @smallexample ChecksumDatabase = ( /var/cfengine/cfdb ) @@ -2947,7 +3014,7 @@ @node ChecksumPurge, ChecksumUpdates, BindToInterface(cfagent), control @subsection ChecksumPurge - +@w{} @smallexample ChecksumPurge = ( on ) @@ -2962,6 +3029,7 @@ To purge files now and then, but at no particular time, one could do something like this: + @smallexample strategies: @@ -2988,7 +3056,7 @@ @node ChecksumUpdates, childlibpath, ChecksumPurge, control @subsection ChecksumUpdates - +@w{} @smallexample ChecksumUpdates = ( on ) @@ -3047,6 +3115,7 @@ Note that all entries defined under a specified class are valid only as long as that class is defined. For instance + @smallexample @var{class}:: @@ -3086,6 +3155,7 @@ Sets the default value of the @code{pkgmgr} attribute for @code{packages} items. +@w{} @smallexample DefaultPkgMgr = ( rpm ) @end smallexample @@ -3191,6 +3261,8 @@ @subsection DryRun @cindex DryRun @vindex DryRun + +@w{} @smallexample DryRun = ( @var{on/}@b{off} ) @@ -3200,6 +3272,7 @@ This variable has the same effect as the command line options @kbd{--dry-run} or @kbd{-n}. It tells cfengine to only report what it should do without actually doing it. + @smallexample @var{classes}:: @@ -3310,6 +3383,7 @@ Note that all entries defined under a specified class are valid only as long as that class is defined. For instance + @smallexample @var{class}:: @@ -3336,6 +3410,7 @@ Note that all entries defined under a specified class are valid only as long as that class is defined. For instance + @smallexample @var{class}:: @@ -3363,6 +3438,8 @@ attempt to restart the action. @cartouche + +@w{} @smallexample ExpireAfter = ( @var{time-in-minutes} ) @@ -3419,6 +3496,8 @@ @cindex Wildcards in homepattern @cindex Searching for home directories + +@w{} @smallexample homepattern = ( u? ) @end smallexample @@ -3487,6 +3566,8 @@ which it will be executed again. @cartouche + +@w{} @smallexample IfElapsed = ( @var{time-in-minutes} ) @@ -3520,6 +3601,7 @@ @node Inform, interfacename, IfElapsed, control @subsection Inform +@w{} @smallexample Inform = ( @var{on/}@b{off} ) @@ -3635,7 +3717,7 @@ @cindex LastSeen @cindex Hanging processes - +@w{} @smallexample LastSeen = ( off ) @@ -3661,6 +3743,7 @@ Note that all entries defined under a specified class are valid only as long as that class is defined. For instance + @smallexample @var{class}:: @@ -3684,6 +3767,7 @@ log data. This defaults to @file{/var/run/cfengine} or @file{/var/cfengine}. +@w{} @smallexample LogDirectory = ( /var/cfengine ) @@ -3697,6 +3781,7 @@ @node LogTidyHomeFiles, moduledirectory, LogDirectory, control @subsection LogTidyHomeFiles +@w{} @smallexample LogTidyHomeFiles = ( off ) @@ -4090,6 +4175,7 @@ @node singlecopy, site, showactions, control @subsection SingleCopy +@w{} @smallexample singlecopy = ( on ) @@ -4121,6 +4207,7 @@ @noindent Would result in: +@w{} @smallexample /dist/hosts/loghost1.example.com/etc/syslog.conf being copied to loghost1.example.com /dist/solaris/etc/syslog.conf being copied to Solaris systems @@ -4301,6 +4388,7 @@ @node Syslog, SyslogFacility, sysadm, control @subsection Syslog +@w{} @smallexample Syslog = ( @var{on/}@b{off} ) @@ -4327,6 +4415,7 @@ @node SyslogFacility, timezone, Syslog, control @subsection SyslogFacility +@w{} @smallexample SyslogFacility = ( @var{facility} ) @@ -4343,6 +4432,7 @@ @end smallexample Valid arguments are + @smallexample LOG_USER LOG_DAEMON @@ -4393,6 +4483,7 @@ @node TimeOut, Verbose, timezone, control @subsection TimeOut +@w{} @smallexample TimeOut = ( 10 ) @@ -4411,6 +4502,7 @@ @node Verbose, Warnings, TimeOut, control @subsection Verbose +@w{} @smallexample Verbose = ( @var{on/}@b{off} ) @@ -4442,7 +4534,7 @@ @node Warnings, warnnonuserfiles, Verbose, control @subsection Warnings - +@w{} @smallexample Warnings = ( @var{on/}@b{off} ) @@ -4563,6 +4655,8 @@ The syntax summary is: @cartouche + +@w{} @smallexample copy: @@ -4647,6 +4741,7 @@ open up a terminal. The following commands will copy MyFile 's data and resource forks into two separate files which can then be recombined by cfengine: + @smallexample cp MyFile MyFile-datafork cp MyFile/..namedfork/rsrc MyFile-rsrcfork @@ -4849,6 +4944,7 @@ installing a corrupted file (the copying of an empty password file, for instance). Sizes are in bytes by default, but may also be quoted in kilobytes or megabytes using the notation: + @smallexample @var{number}bytes @@ -5092,6 +5188,8 @@ special variable @code{$(binserver)} here. @cartouche + +@w{} @smallexample disks: @@ -5188,6 +5286,8 @@ The form of a declaration is: @cartouche + +@w{} @smallexample directories: @@ -5250,6 +5350,8 @@ be examined later. The syntax is @cartouche + +@w{} @smallexample disable: @@ -5309,6 +5411,7 @@ @code{at} utility. Such a command could be followed by a file action, @xref{files}, +@w{} @smallexample files: @@ -5401,6 +5504,7 @@ operation only if the size of the file is less than, equal to or greater than some specified size. Sizes are in bytes by default, but may also be quoted in kilobytes or megabytes using the notation: + @smallexample @var{number}bytes @@ -5457,6 +5561,8 @@ @code{Ignore} (see Recursive File Sweeps in the tutorial). @cartouche + +@w{} @smallexample editfiles: @@ -5559,6 +5665,7 @@ @noindent @code{Slash} implies a comment of the C++ type: +@w{} @smallexample // comment @end smallexample @@ -5566,6 +5673,7 @@ @noindent @code{Percent} implies a comment of the type: +@w{} @smallexample % comment @end smallexample @@ -5723,6 +5831,7 @@ or "off", no backup is kept of the edited file. If the value is set to "single" or "one" then only the last version of the file is kept, overwriting any previously saved versions. + @smallexample Backup "single" @end smallexample @@ -5887,6 +5996,7 @@ @item EditMode "Binary" If set to binary, the file will be edited as if it were a non-ASCII file. See discussion below. + @smallexample EditMode "Binary" @end smallexample @@ -6167,6 +6277,7 @@ several lines. e.g. If using C style @samp{/*} and @samp{*/} comments, the command @code{UnCommentNLines "3"} would uncomment + @smallexample /* 1 */ /* 2 */ @@ -6174,6 +6285,7 @@ @end smallexample @noindent and also + @smallexample /* 1 2 @@ -6307,6 +6419,8 @@ the form of the statement in pseudo-code: @cartouche + +@w{} @smallexample files: @@ -6408,6 +6522,7 @@ The free BSD Unices have additional filesystem flags which can be seton files. Refer to the BSD @code{chflags} documentation for this. For example, + @smallexample /tmp/flags.01 mode=0600 owner=0 group=0 @@ -6441,6 +6556,7 @@ @item action=@var{action} The action is one of the following keywords. + @smallexample warnall warndirs warnplain fixall fixdirs fixplain @@ -6636,6 +6752,7 @@ by other arbitrary users. As a corollary to this, you may write something like + @smallexample any:: @@ -6742,11 +6859,13 @@ Filter objects can be used in @code{copy}, @code{editfiles}, @code{files}, @code{tidy} and @code{processes}. In most cases one writes + @smallexample .. filter=filteralias @end smallexample in the appropriate command. The exception is @code{editfiles}, where the syntax is + @smallexample @{ .. @@ -6767,6 +6886,7 @@ Filters are defined in a separate section. Filters for files and processes are defined together. They differ only in the criteria they contain. Here is are examples of file filters: + @smallexample Filters: @@ -6838,6 +6958,7 @@ These specify ranges From and To. If the file's time stamps lie in the specified range, this returns true. Times are specfied by a six component vector + @smallexample (year,month,day,hour,minutes,seconds) @end smallexample @@ -6860,6 +6981,7 @@ which are to be matched. The list should be separated by the OR symbol `|', since these types are mutually exclusive. The possible values are currently + @smallexample file|reg|link|dir|socket|fifo|door|char|block @end smallexample @@ -6913,6 +7035,7 @@ logical combination of above returned by filter (quoted regex) @end table Examples: processes started between 18th Nov 2000 and now. + @smallexample @{ filteralias @@ -6921,6 +7044,7 @@ @} @end smallexample All processes which have accumulated between 1 and 20 hours of CPU time. + @smallexample @{ filteralias @@ -6938,6 +7062,7 @@ Here is an example filter to search for all files which are either directories or links, or any kind of file owned by mark, in group cfengine. + @smallexample control: @@ -6963,6 +7088,7 @@ @end smallexample Find all ELF executables using data from the Unix @code{file} command. Caution, this takes a long time if used indescriminately. + @smallexample control: @@ -7065,6 +7191,7 @@ @cindex NIS, netgroup support @vindex + +@w{} @smallexample groups: @@ -7092,6 +7219,8 @@ @cindex Removing entries from netgroups @cindex Negating entries from netgroups @cindex Netgroups, negating entries + +@w{} @smallexample group = ( +mynetgroup -specialhost -otherhost ) @@ -7146,7 +7275,6 @@ If you apply a class predicate before a definition then the result is effectively the AND of the classes: - @smallexample Hr00:: @@ -7271,6 +7399,8 @@ is @cartouche + +@w{} @smallexample ignore: @@ -7283,6 +7413,7 @@ For example: @cindex ignore command +@w{} @smallexample ignore: @@ -7387,6 +7518,8 @@ @cartouche + +@w{} @smallexample interfaces: @@ -7438,6 +7571,8 @@ @code{files} action @xref{files}. The syntax of a link item is: @cartouche + +@w{} @smallexample @var{from-link} ->[!] @var{to-object} @@ -7782,6 +7917,7 @@ to change the link type to be either relative to the source or to be an absolute path. What this means is the following. Consider the following link: + @smallexample /var/tmp/cfengine -> /local/cfengine @@ -7934,6 +8070,8 @@ decoupling between client request and service provision. @cartouche + +@w{} @smallexample methods: @@ -7993,6 +8131,7 @@ The function arguments may not be empty, but a null value can be transmitted with a dummy value, e.g. @code{Function(null)} or @code{function(void)}. Here is an example method call. + @smallexample # cfagent.conf @@ -8017,6 +8156,7 @@ @end smallexample With method file (located in the ModulesDirectory), + @smallexample # cf.simple @@ -8069,6 +8209,7 @@ The following example collects the tar file, unpacks it, configures and compiles it, then tidies its files. + @smallexample #################################################### # @@ -8187,6 +8328,7 @@ A more complex example is given below: + @smallexample GetAnalysis("$@{parent1@}",param2,ReadFile("/etc/passwd",300)) @@ -8220,6 +8362,7 @@ string "param2" and the first 300 bytes of the file @file{/etc/passwd}. On return, if the method gets executed, the values will be placed in the four variables: + @smallexample $(GetAnalysis.a) $(GetAnalysis.b) $(GetAnalysis.c) $(GetAnalysis.d) @end smallexample @@ -8256,6 +8399,7 @@ @end cartouche e.g. + @smallexample control: @@ -8351,6 +8495,8 @@ miscellaneous filesystems using a statement of the form: @cartouche + +@w{} @smallexample miscmounts: @@ -8368,6 +8514,7 @@ @noindent For example + @smallexample physics:: @@ -8425,6 +8572,7 @@ @end smallexample e.g. + @smallexample mountables: @@ -8476,6 +8624,8 @@ form of a process command is @cartouche + +@w{} @smallexample processes: @@ -8774,6 +8924,8 @@ The syntax summary is: @cartouche + +@w{} @smallexample packages: @@ -8950,6 +9102,8 @@ special variable @code{$(binserver)} here. @cartouche + +@w{} @smallexample required: @@ -8983,6 +9137,7 @@ fewer than @code{sensiblecount} files, then it also fails the test and a warning is issued. +@w{} @smallexample required: @@ -9000,6 +9155,7 @@ @cindex Warning about full disks @cindex Full disk warnings +@w{} @smallexample required: @@ -9060,6 +9216,7 @@ variable (set here to @code{uio.no}) results in a @code{/etc/resolv.conf} file of the form: +@w{} @smallexample domain uio.no @@ -9112,6 +9269,8 @@ The syntax is simply to quote the command you wish to be executed. @cartouche + +@w{} @smallexample shellcommands: @@ -9320,6 +9479,8 @@ entry is: @cartouche + +@w{} @smallexample tidy: @@ -9561,6 +9722,8 @@ equivalent). The syntax is simply @cartouche + +@w{} @smallexample unmount: @@ -9644,6 +9807,8 @@ file is as follows: @cartouche + +@w{} @smallexample control: @@ -9714,6 +9879,8 @@ @cindex cfservd.conf iteration Iteration of variables is allowed, hence: @noindent + +@w{} @smallexample control: Split = ( " " ) @@ -9727,6 +9894,7 @@ $(base)/$(dirs) $(hostlist) @end smallexample results in: + @smallexample Path: /usr/bin (encrypt=0) Admit: 10.10.10.1 10.10.10.2 10.10.10.3 root= @@ -9782,6 +9950,7 @@ number of ways i) as substrings, ii) as address ranges denoted by the "-" hyphen, or iii) as CIDR (Classless Inter Domain Routing) notation. For example + @smallexample 128.39.73 128.39.74.10/23 @@ -9795,6 +9964,7 @@ represents the number of bits from the left which are fixed for matching; all remaining bits are wildcards. The following forms are equivalent: + @smallexample 128.39.74. 128.39.74.10/24 @@ -9816,6 +9986,7 @@ This can be used to prevent hanging connection attacks from malicous hosts and other denial of service attacks which would bind thread resources. + @smallexample control: @@ -9861,6 +10032,7 @@ @cindex cfrun, limiting users on server @cindex Key security of users +@w{} @smallexample AllowUsers = ( mark root ) @@ -9970,6 +10142,7 @@ Hosts which are included by the allow-list above can be explicitly denied access using this list. + @smallexample control: @@ -10184,6 +10357,8 @@ The general syntactic form of the @code{cfrun} command is @cartouche + +@w{} @smallexample cfrun -@var{option} --@var{longoption} @var{class1} @var{class2 ...} @@ -10198,6 +10373,8 @@ To clarify this distinction, the arguments are organized as follows: @cartouche + +@w{} @smallexample cfrun -@var{local options} -- @var{remote options} -- @var{remote classes} @@ -10247,6 +10424,8 @@ is as follows @cartouche + +@w{} @smallexample # @@ -10334,6 +10513,7 @@ If the port command is given cfrun uses this to connect to the client instead of the default (5308) one. Here is an example (@file{cfrun.hosts}): + @smallexample domain=example.org access=mark,sigmund @@ -10363,6 +10543,7 @@ In wrapper mode (non-forking, non-daemon mode), cfagent is run by adding a line to the root crontab file of each system: + @smallexample 0,30 * * * * /usr/local/sbin/cfexecd -F @end smallexample @@ -10373,6 +10554,7 @@ @cindex Output logs In addition, if you add the following to the file @file{cfagent.conf}, the system administrator will be emailed a summary of any output: + @smallexample control: @@ -10401,6 +10583,7 @@ a scheduling policy. The default policy is to run once every hour (equivalent to @code{Min00_05}). Here is how you would modify @file{cfagent.conf} in order to make the daemon execute cfagent every half-hour: + @smallexample control: @@ -10419,6 +10602,7 @@ Note, that if problems with library path for compiled in libraries occur, an explicit library path can be specified with the @samp{-L} option. + @smallexample 0,30 * * * * /usr/local/sbin/cfexecd -F -L /local/iu/lib:/local/lib/mysql:/local/lib:/local/gnu/lib @end smallexample @@ -10566,6 +10750,7 @@ @noindent To redefine the filesystem table for GNU/linux, you would write: + @smallexample linux.fstab: /etc/linuxfstab @end smallexample @@ -10656,6 +10841,7 @@ @section cfagent.conf @cindex @file{cfagent.conf} +@w{} @smallexample ##################################################################### # @@ -10712,6 +10898,7 @@ @section cf.groups @cindex @file{cf.groups} +@w{} @smallexample ############################################################## # @@ -10773,6 +10960,7 @@ @section cf.main @cindex @file{cf.main} +@w{} @smallexample ############################################################## # @@ -11013,6 +11201,7 @@ @section cf.site @cindex @file{cf.site} +@w{} @smallexample ############################################################## # @@ -11392,6 +11581,7 @@ @section cf.motd @cindex @file{cf.motd} +@w{} @smallexample ################################################################## @@ -11454,6 +11644,7 @@ with inexperienced users, but please don't feel as though you have to be this totalitarian. +@w{} @smallexample ################################################################# # @@ -11565,6 +11756,7 @@ @node cf.solaris, cf.linux, cf.users, Example configuration file @section cf.solaris +@w{} @smallexample ################################################################# # @@ -11778,6 +11970,7 @@ @node cf.linux, cf.freebsd, cf.solaris, Example configuration file @section cf.linux +@w{} @smallexample ################################################################# # @@ -11981,6 +12174,7 @@ @section cfservd.conf @cindex @file{cf.site} +@w{} @smallexample ######################################################### #