#!/var/cfengine/bin/cfagent -qKf
control:
actionsequence = ( processes )
# cfengine-policy-description: watch for processes that shouldn't be running.
processes:
"cfenvd" signal=kill # we don't want cfenvd running in production,
# we don't use it and its potentially
# resource-intensive
"cfservd" signal=kill
# cfengine-policy-description: kill "cfenvd" and "cfservd" processes
# cfengine-policy-description: kill IRC-related processes: eggdrop, BitchX,enting, bnc
"eggdrop" signal=kill # IRC bots
"BitchX" signal=kill # IRC clients
"enting" signal=kill # ???
"bnc" signal=kill # "bnc" stands for IRC bouncer (and is an IRC
# proxy used to remove the user from any DoS
# attacks aimed at the IRC-connected IP address).
# cfengine-policy-description: kill "ping" - we don't need any DoS attacks from our systems, thanks. except myhost_003 - it runs Nagios and Nagios uses ping for monitoring.
!myhost_003:: " ping" signal=kill # DoS attacks
!myhost_003:: "/ping" signal=kill # DoS attacks
# note - we don't want to catch /usr/libexec/mapping-daemon, hence
# the double rule above for ' ping' and '/ping'.
# cfengine-policy-description: On Linux systems, kill "automount" if it is running, as it should not be. (Linux systems only.)
linux:: "automount" signal=kill
# cfengine-policy-description: On Linux systems, make sure all our daemons are running: sendmail, snmpd, sshd, ntpd, syslogd. If not running, start the daemon.
linux:: "sendmail" restart "/sbin/service sendmail start" # check that the process
# is running, and restart
# if it isn't
linux:: "snmpd" restart "/sbin/service snmpd start"
linux:: "sshd" restart "/sbin/service sshd start"
linux:: "ntpd" restart "/sbin/service ntpd start"
linux:: "syslogd" restart "/sbin/service syslog start"
hpux:: "sendmail" restart "/sbin/init.d/sendmail start"
hpux:: "snmpd" restart "/sbin/init.d/net-snmp start"
hpux:: "sshd" restart "/sbin/init.d/secsh start"
hpux:: "ntpd" restart "/sbin/init.d/xntpd start"
hpux:: "syslogd" restart "/sbin/init.d/syslogd start"