Chapter 23. cf.processes

#!/var/cfengine/bin/cfagent -qKf


    actionsequence = ( processes )

# cfengine-policy-description: watch for processes that shouldn't be running.


    "cfenvd" signal=kill 	# we don't want cfenvd running in production,
				# we don't use it and its potentially
				# resource-intensive

    "cfservd" signal=kill

# cfengine-policy-description: kill "cfenvd" and "cfservd" processes

# cfengine-policy-description: kill IRC-related processes: eggdrop, BitchX,enting, bnc
"eggdrop" signal=kill	# IRC bots

"BitchX" signal=kill  	# IRC clients

"enting" signal=kill	# ???

"bnc" signal=kill 	# "bnc" stands for IRC bouncer (and is an IRC
			# proxy used to remove the user from any DoS
			# attacks aimed at the IRC-connected IP address).

# cfengine-policy-description: kill "ping" - we don't need any DoS attacks from our systems, thanks.   except myhost_003 - it runs Nagios and Nagios uses ping for monitoring.

    !myhost_003::  " ping" signal=kill     # DoS attacks

    !myhost_003::  "/ping" signal=kill     # DoS attacks

# note - we don't want to catch /usr/libexec/mapping-daemon, hence
# the double rule above for ' ping' and '/ping'.

# cfengine-policy-description: On Linux systems, kill "automount" if it is running, as it should not be.  (Linux systems only.)

    linux:: "automount"    signal=kill

# cfengine-policy-description: On Linux systems, make sure all our daemons are running: sendmail, snmpd, sshd, ntpd, syslogd.  If not running, start the daemon.

    linux:: "sendmail" restart "/sbin/service sendmail start" # check that the process
							# is running, and restart
							# if it isn't

    linux:: "snmpd"    restart "/sbin/service snmpd start"

    linux:: "sshd"     restart "/sbin/service sshd start"

    linux:: "ntpd"     restart "/sbin/service ntpd start"

    linux:: "syslogd"  restart "/sbin/service syslog start"

    hpux:: "sendmail" restart "/sbin/init.d/sendmail start"

    hpux:: "snmpd"    restart "/sbin/init.d/net-snmp start"

    hpux:: "sshd"     restart "/sbin/init.d/secsh start"

    hpux:: "ntpd"     restart "/sbin/init.d/xntpd start"

    hpux:: "syslogd"  restart "/sbin/init.d/syslogd start"