#!/var/cfengine/bin/cfagent -qKf

# cfengine-policy-description: check config file contents


control:

    actionsequence = ( editfiles )



editfiles:

    ipv4_123_123_123:: 

        { /etc/resolv.conf

        WarnIfNoLineStarting "search example.com"

        # cfengine-policy-description: /etc/resolv.conf should contain "search example.com" if the machine is on the 123.123.123 network

        }

    ipv4_123_123_123:: 

        { /etc/aliases

        WarnIfNoLineMatching "root.*:.*rootmail@example.com.*"

        # cfengine-policy-description: /etc/aliases should contain "root: rootmail@example.com" if the machine is on the 123.123.123 network

        }


    ipv4_123_123_123:: 

        { /etc/ntpd.conf

        WarnIfNoLineMatching "listen on \*"
        WarnIfNoLineMatching "server 1.2.3.4"

        # cfengine-policy-description: /etc/ntpd.conf should contain "listen on *" and "server 1.2.3.4" if the machine is on the 123.123.123 network

        }


    ipv4_10_10:: 

        { /etc/aliases

        WarnIfNoLineMatching "root.*:.*root@internal.example.com.*"

        # cfengine-policy-description: /etc/aliases should contain "root: root@internal.example.com" if the machine is on the 10.10 network

        }


    ipv4_10_10:: 

        { /etc/ntp.conf

        WarnIfNoLineMatching "server 1.2.3.4"
        WarnIfNoLineMatching "restrict 1.2.3.4 mask 255.255.255.255 nomodify notrap noquery"

        # cfengine-policy-description: /etc/ntp.conf should contain lines "server 1.2.3.4" and "restrict 1.2.3.4 mask 255.255.255.255 nomodify notrap noquery" if the machine is on the 10.10 network

        }