#mkdir
#cd /var/opt/dsau/cfengine/inputs
#scp master_server:/var/opt/dsau/cfengine/inputs/update.conf
./update.conf
To allow this client to accept cfrun requests, do the following:
1.Edit /etc/rc.config.d/cfservd and set the CSYNC_CONFIGURED variable to "1"
2.Start cfservd:
#/sbin/init.d/cfservd start
3.Test the configuration with cfagent (see cfagent(8)):
#cfagent --no-lock --verbose --no-splay
The verbose output will display the client, checking for updated copies of the master policy files, copying them down to /var/opt/cfengine/inputs if needed, and then executing the contents of cfagent.conf/cf.main.
For additional troubleshooting information, refer to the section “cfengine Troubleshooting” (page 39).
2.3.2.4 Choosing a Synchronization Invocation Method
As the administrator, you can push changes out to managed clients by using the cfrun command (see cfrun(8)). cfrun contacts the cfservd daemon on each managed client and cfservd invokes cfagent which does the actual synchronization work. You can also choose to have cfagent run at intervals on the client. There are two approaches:
•Run cfagent from a cron job.
When running cfagent from cron, invoke it using cfexecd
0 * * * * /var/opt/dsau/cfengine/bin/cfexecd
This crontab entry will cause cfagent to be run every hour.
In this example, cfexecd (see cfexecd(8)) acts a wrapper for cfagent and collects any output and places it in /var/opt/dsau/cfengine/outputs. cfexecd can also cause mail to be sent to the administrator if specified in the cfagent.conf file. For details, refer to the cfengine reference manual in /opt/dsau/doc/cfengine.
Note that the default cf.main has an example for automatically adding the above line to the crontab file of each managed client.
•Run cfexecd in daemon mode.
cfexecd has
2.4Security Notes
cfengine has many security features that range from parameters that control
•Key exchange
•Network port usage