配制文件将不定期更新 一、中心配制服务器(10.129.60.138) 1、/var/cfengine/inputs/cfservd.conf # cfservd.conf control: cfrunCommand = ( "/var/cfengine/bin/cfagent" ) domain = ( domain.com ) AllowConnectionsFrom = ( 10.129.60.0/24 ) TrustKeysFrom = ( 10.129.60.0/24 ) AllowUsers = ( root ) MaxConnections = ( 150 ) MultipleConnections = ( true ) admit: /masterfile/inputs 10.129.60. /var/cfengine 10.129.60. 2、/masterfile/inputs/cfagent.conf control: actionsequence = ( copy editfiles files disable tidy ) schedule = ( Min00_05Min30_35 ) smtpserver = ( mail.domain.com ) EmailFrom = ( cfengine@centos ) sysadm = ( xiaowei@domain.com ) # EmailMaxLines = ( 0 ) timezone = ( CST ) day_of_week = ( ExecResult(/bin/date %a) ) cfinputs_version = ( 1.0.1 ) copy: Hr01.OnTheHour:: /etc dest=/usr/local/backup/${day_of_week}/etc purge=true r=inf editfiles: { /etc/crontab AppendIfNoSuchLine "0 * * * * root /var/cfengine/bin/cfexecd -F" } files: /etc/passwd m=644 o=root action=fixall /etc/shadow m=600 o=root action=fixall /etc/group m=644 o=root action=fixall /tmp m=1777 action=fixdirs disable: /root/.rhosts /etc/hosts.equiv tidy: /tmp recurse=inf age=7 rmdirs=sub 3、/var/cfengine/inputs/cfrun.hosts domain=domain.com 10.129.60.29 二、客户端(10.129.60.29) 1、/var/cfengine/inputs/cfservd.conf # cfservd.conf control: cfrunCommand = ( "/var/cfengine/bin/cfagent" ) domain = ( domain.com ) AllowConnectionsFrom = ( 10.129.60.0/24 ) TrustKeysFrom = ( 10.129.60.0/24 ) AllowUsers = ( root ) MaxConnections = ( 150 ) MultipleConnections = ( true ) admit: /masterfile/inputs 10.129.60. /var/cfengine 10.129.60. 2、/var/cfengine/inputs/update.conf # update.conf classes: have_ppkeys = ( FileExists(/var/cfengine/ppkeys/localhost.priv) ) control: actionsequence = ( copy processes shellcommands tidy ) domain = ( domain.com ) policyhost = ( 10.129.60.138 ) master_cfinput = ( /masterfile/inputs ) workdir = ( /var/cfengine ) Syslog = ( off ) copy: $(master_cfinput) dest=$(workdir)/inputs r=inf mode=700 type=binary server=$(policyhost) trustkey=true processes: "cfservd" signal=term restart "${workdir}/bin/cfservd" "cfenvd" signal=term restart "${workdir}/bin/cfenvd -H" "cfexecd" signal=term restart "${workdir}/bin/cfexecd" shellcommands: !have_ppkeys:: ${workdir}/bin/cfkey tidy: $(workdir)/outputs pattern=* age=7 # End |
|小黑屋|最新主题|手机版|微赢网络技术论坛
( 苏ICP备08020429号 )
GMT+8, 2024-9-29 11:37 , Processed in 0.218655 second(s), 12 queries , Gzip On, MemCache On.
Powered by Discuz! X3.5
© 2001-2023 Discuz! Team.
