[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cfengine and multiple firewalls/security realms

From: Scott Omar Burch
Subject: Re: Cfengine and multiple firewalls/security realms
Date: Wed, 23 Jun 2004 13:35:02 -0500
User-agent: Mozilla Thunderbird 0.5 (X11/20040306)


I haven't responded to Tim yet, but I can respond to both of you here. I'm not sure what Tim is referring to when he says Cfengine can be made to do a push. I don't believe Cfengine ever does a matter what you do...clients/servers always pull their configuration from a master. If you execute cfrun on the policy all that does is cause a remote host to run cfagent to pull its configuration from the policy server. Sure I can do an scp of an internal master to an external master, but want Cfengine to manage its configuration internally..and in our case I can not simply have one external policy I said before we have multiple external networks with multiple firewalls. If Cfengine ever implements the option of pushing rather than pulling then it will be much easier to handle in our type of environment. Unfortunatley I am not a programmer, nor do I have the ability myself to fund that type of change, but I would suspect there are many in the corporate world that would benefit from code changes that would allow Cfengine to function without creating holes through firewalls. I realize we have a fairly complex security design, but I imagine there are many others that implement similar types of designs.


Chip Seraphine wrote:
On Tuesday 22 June 2004 18:26, Tim Nelson wrote:

        Well, cfengine can already be set to do push
Then it does an automatic scp to copy the files in the external directory to the "Gold Mirror" machine.

Is  the scp copying the 'push' you refer to?  Or am I missing something?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]