Re: editfiles

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: editfiles

From:	David Kewley
Subject:	Re: editfiles
Date:	Mon, 19 Apr 2004 14:48:06 -0700
User-agent:	KMail/1.5

Brendan Strejcek wrote on Monday 19 April 2004 13:41:
> David Kewley wrote:
> > > Should it really take me 9 lines to code 'Make sure SyslogFacility
> > > is set to AUTHPRIV in /etc/ssh/sshd_config' as he does it:
>
> This is what I do:
>
>     BeginGroupIfNoLineMatching "^$1.*"
>         Append "$1$2"
>     EndGroup
>     ResetSearch "1"
>     LocateLineMatching "^$1.*"
>     BeginGroupIfNoMatch "^$1$2$"
>         ReplaceLineWith "$1$2"
>     EndGroup
>     DeleteLinesAfterThisMatching "^$1.*"
>
> I use m4 to munge this. I hear other people use other preprocessors
> (like perl).
>
> > I'm not a guru, just a clever newb :), but here's how I do something
> > similar, changing 4 parameters in sshd_config using 8 cfengine
> > statements:
> >
> >     HashCommentLinesMatching "[^#]*StrictModes.*$"
> >     AppendIfNoSuchLine "StrictModes no"
>
> Not good:
>
>     $ cat set_variable.cf
>     #!/usr/sbin/cfagent -qKf
>
>     control:
>
>         actionsequence = ( editfiles )
>         file = ( /tmp/junk )
>
>     editfiles:
>
>         { ${file}
>             HashCommentLinesMatching "[^#]*somevar .*$"
>             AppendIfNoSuchLine "somevar otherval"
>         }
>     $ cat /tmp/junk
>     somevar somevalue
>     $ ./set_variable.cf
>     $ cat /tmp/junk
>     # somevar somevalue
>     somevar otherval
>     $ ./set_variable.cf
>     $ ./set_variable.cf
>     $ ./set_variable.cf
>     $ ./set_variable.cf
>     $ cat /tmp/junk
>     # somevar somevalue
>     # somevar otherval
>     # somevar otherval
>     # somevar otherval
>     # somevar otherval
>     somevar otherval
>     $
>
> You might need to do log rotation on your config files...

Good point for the general case.  In my case, however, in each cfengine run I 
start with a pristine sshd_config from the RHL 9 package, edit using the code 
I wrote earlier, and copy it into place if the checksums are different.  So I 
don't accumulate lines.

I do it this way because for most files I do NOT want to start with the file 
that's on the host; I want to start with a known-good file.  /etc/fstab is a 
notable exception.

David

[Prev in Thread]

Current Thread

[Next in Thread]

editfiles, James Treleaven, 2004/04/16
- Re: editfiles, David Kewley, 2004/04/19
- Re: editfiles, David Kewley, 2004/04/19
  - Re: editfiles, Brendan Strejcek, 2004/04/19
    - Re: editfiles, David Kewley <=
    - Re: editfiles, David Kewley, 2004/04/19
    - Re: editfiles, Brendan Strejcek, 2004/04/19
    - Re: editfiles, David Kewley, 2004/04/19
- Re: editfiles, Jamie Wilkinson, 2004/04/20

Prev by Date: Re: shellcommands returns 256, not 0
Next by Date: Re: editfiles
Previous by thread: Re: editfiles
Next by thread: Re: editfiles
Index(es):
- Date
- Thread