2.2.1
scli: type section added. This is a special case of shellcommands, which
send commands to the special shell scli by Juergen Schoenwaelder for
communicating with snmp devices.
Code refactoring for package management.
Bug fixes for problems introduced in 2.2.0.
2.2.0
Apart from minor changes, this version is about structural internal
changes that ease the eventual confluence with cfengine 3 and the work
going on behind the scenes there. Every effort is being made to
make this change easy for users and existing installations. New features
will be introduced into 2.2.x gradually, and the new front-end will
eventually merge into this.
This version accompanies a new introduction to cfengine published as
a SAGE Short Topics book.
* Some changes
EMANICS extensions and reference testing for context sensitive
network navigation patterns using voluntary cooperation contracts.
PrintFile("name") function added to alerts
!! List expansion in editfiles actions. This is an important change
because it can potentially affect existing configurations that contain
variables with a list separator in them. EditSplit is used for this.
elsdefine fixed in tidy
processes with action=warn only install fix
ifelapsed/expireafter fixed in editfiles
Instrumentation of copy/shellcommands measuring time/averages
use cfshow --performance
background=true in shellcommands was not implemented! (Fixed)
SLES10 recognition
RedHat/Fedora further classes
SELinux support begun by Jeff Sheltren UCSB, who notes.
> Currently, I have editfiles and copy working with selinux security
> contexts, although so far copy only has support for regular files; I
> haven't worked on links, etc. yet.
> Use --enable-selinux during compilation
Bug / misleading error message in ReadArray fixed
HostRange bug for numericals in hostname fixed by Steve Radar.
2.1.22
IMPORTANT: cfshow output formatting changes
database internal format changes
Rewritten the checksum subsystem to allow for future development
and improvements and tidied the fragile Berkeley DB code. Cfservd
no longer caches checksums, as this causes update issues. This could
lead to additional load.
The checksum code has been rewritten with a new database model, so all
old data will be rebuilt. The checksum database has been renamed.
ChecksumDatabase variable is not longer used.
Package manager debian patch added to iterate over packages
under installation.
Package manager for AIX code added, courtesy of Anthony Rassin
Package manager for Gentoo added, courtesy of Eric Searcy
ShowState(rootprocs), ShowState(otherprocs) added for
better process reporting
General code reorganization for better separation of concerns, looking
towards cfengine 3.
cfconvert removed. Change of future strategy for cfengine 3 migration.
Rationalization of internal instrumentation and better integration
with cfenvd.
Bug fixes to miscmounts. Editing was broken with respect to editfilesize variable.
Option processing for miscmounts was also broken.
Support for old Berkeley DB APIs abandoned.
Encryption level added for full encryption of opendir traffic.
Must set FullEncryption = ( true ) in control for compatability
server=none now signals noop in method execution and copy.
Varstring expansion bug for nested variables.
2.1.21
copy action now supports this $(this) variable which is made equal to the
current server. This allows separating files from multiple hosts when downloading.
cfenvd LDT fixes
Bugs in PeerLeader/Group functions fixed.
Some buffer limits too small and hardcoded in item.c - fix
PH support removed from cfenvd during code rationalization - never used
Cfenvd code rationalization and channge in database format.
THe first time cfenvd runs, it will convert the database into the new format,
be aware that this could take some time as it is disk intensive.
Matt Shibla (ARM) ReturnsZeroShell function added.
Cfrun ignored port number, fix
2.1.20
ipv6 structure compilation error for Tru64
Tested for compilation with latest Berkeley4.4-NC
New option in cfservd.conf "LogEncryptedTransfers" (true/false).
If true, any file that is granted access and is marked "encrypt=true"
will be logged in syslog. i.e. one can keep a record of sensitive
transfers.
Linkcopy fix in 2.1.19 broke copying of links that point
nowhere. Fixed.
Copy was missing from the multi-pass detection. Fixed
Patch to debian package management. (bastiaans@sara.nl) fixed -
debian package always returned eq/true without cmp/version
statement" (checking if a package is installed, regardless of
version, now works
However the "Comparison result" is always "eq" (equal) somehow for
me... "
If you are experiencing problems with 2.1.19 please get 2.1.19a.
One of the changes in 2.1.19 has had bizarre side effects in links
and disks.
2.1.19
cfagent will now exit and cease processing if any class in the defined
control list
AbortClasses = ( class_name_1 class_name_2 ... )
The singlecopy feature has been rewritten after reports of it not
working, besides, the code was bizarre and the documentation was
even worse.
The autodefine code also patched and tested. In both these cases,
there are lists of *patterns* or wildcards. The code and docs now
agree
ExecResult now runs its command in -n mode
Error parsing strings (esp shellcommands) that contain the $
symbol due to a bug in 2D-lists.
VMWare ESX recognition.
Bug in cfservd stat-mode on symbolic links not correctly
evaluated. Bug in linktype=copy for copy fixed.
Bug in array expansion fixed - would truncate string after expansion
Constant-cosmetics and length alterations. CF_SMALLBUF introduced,
and MAXHOSTNAMELEN used
PID file added for each daemin in WORKDIR == /var/cfengine
Patch for function argument parsing
Typo in docs. SelectPartitionGroup -> SelectPartitionNeighbours
Inform=true support for packages
HostRange bug - recoding not implemented properly from
2.1.16. Caused seg fault.
Joe Buehler's harmless patch to cfexecd to flag daemon and batch mode.
Serious bug in binserver handling fixed. (Rarely used feature)
home tidying did not set the "done flag" for multiple pass avoidance.
Patches to setting unqualified and qualified names
SuSE 10 detection patch
Minor error fixes discovered by Joe Buehler and his wonderful
software.
Files is the "suspicious" list were marked "not sensible" so that
follow-up rules e.g. to delete them would not be triggered This is
now considered a confusion of roles. Suspicious files are no
longer skipped.
More memory leaks in cfservd
Compilation fix for non-IPv6 savvy machines
2.1.18
Error in FileExists() left over from 2.1.16 changes. Fixed
elsedefine was not defined if a copy was requested of a non-existent file. Fixed.
HostnameKeys (dynamic keys for dhcp clients) fix for cfservd.
Error in stat'ing links that point to non-existent files in
cfservd. Missing "else" caused this to be reported as an error in
remote file copy.
5 second timeout reduced to 10 in cfservd file change check.
Error message returned by cfservd is non-specific and previously
said authentication denied, regardless of failure. The daemon now replies
"Unspecified refusal". Users should use -v or -d2 on both sides of a connection
to diagnose the true cause of failure,
Segmentation fault when in verbose mode fixed - editfiles pointer.
Error in parsing quotes and escaped quotes in functions.
Bug in implementation of tidy scheduling during dependent classes fixed.
BeginGroupIfLineMatch
BeginGroupIfMatch
BeginGroupIfLineContaining operations added
Function ExecShellResult similar to ExecResult, but a shell is used,
cfservd some additional memory reclamation during file updates, could cause memory leaks..
2.1.17
This is a minor bugfix release
WARNING - the handling of function arguments has been changed. You are recommended to
use normal C/Perl quoting of argument strings., e.g.
result = ( ExecResult("/bin/sh -c \"${pf_cc} -V | head -1 | cut -d\ -f3\"") )
not
result = ( ExecResult(/bin/sh -c "${pf_cc} -V | head -1 | cut -d\ -f3") )
IsWildItemIn now has reflexive check - some confusion in the code about whether
the needle or the haystack is the wildcard.
Templating in editfiles. A new editfiles directive "ExpandVariables"
adds an "m4" like function to cfengine -- allowing predefined variable strings
to be expanded into text.
Patch contributed to expansvariables: Davor Ocelic <docelic@mail.inet.hr>
Alerts patch - some alerts not installed, if classes not defined.
Patch for missing variable expansion after function
parameter rewrite in 2.1.16. Some functions were not fully ported.
vicf eliminated from distribution
PrepModule environment fix
Compilation error C++ mixed into cfetool fix
Chdir to / when ascting as a daemon for cfservd, cfexecd etc
2.1.16
Bugfix release
Moved method parameter setting to fix a bug where parameters would
be set too late to be used in the parser
action=warn in copy required inform=true to work, fixed.
Function arg expansion bug and improvement fix
Include directive added to cfrun.hosts (Olivier Fauchon)
MOUNT_RO name collision fix
SEG fault fixed when signalling cfenvd
SkipIdentify partial fix
Alf Wachsmann and Elizabeth Cassel's cfetool added, based on cfenvd.
"cfetool makes a standalone tool out of cfenvd that accepts arbitrary
periodic data. In addition, it has support for yearly periodic data.
It's function and the user interface is in many aspects like rrdtool's.
cfetoolgraph was added to work with the new features of cfetool.
It works basically like cfenvgraph."
Bug fix for multipass evaluation when resolving dependencies.
Cfservd reread patch. Timeout on polling for linux,
Default route code now uses "route" command exclusively for portability.
EmailFrom patch to cfexecd / redundant code was paste error
Increase pass depth in evaluation of action sequence.
Skipident patch
Size increase for interface buffer list
HPUX,AIX ifconfig location fix
Methods documentation improved.
New control function for testing tcp services
var = ReadTCP(host,port,"send string",maxbytes)
2.1.15
-f removal in cfservd patch
Segmentation fault in cfservd with RSA key exchange fixed.
Disk freespace alerting bug - did not agree with manual specification. Message
appears only in verbose. Fixed.
Autodefine install patch.
Abspath in shellcommands was not parsed and acted on...
Warnall action was not respected in copy. Permissions were altered on destination file anyway.
cfcolon added to special symbols.
2.1.14
Alerts processed now in update context.
More locking canonification fixes
Exception for ReplaceALL convergence warning. Warning is not fatal
if the operation is inside an editgroup.
md5/sha1 message incorrect on new file found.
Fixup Makefile.am and doc/Makefile.am. Docs are now installed
in the CFEngine "share" directory where they belong.
Directory iteration fixed. New: owner=LastNode sets the owner of
the directory to the name of the last node in the dir name. This allows
the creation of homedirs.
CentOS support added.
Extra encryption stage added in C5 protocol. NOTE: This makes 2.1.14
cfagent clients unable to talk to older servers. (Upgrade servers
first, or at the same time.)
Class "no_default_route" is now defined if a default route is not previously
set, and a default route is defined for the current host.
Added class functions IsGreaterThan, IsLessThan for numerical or string comparisons
control:
actionsequence = ( files )
a = ( 2.12 )
b = ( 2.11 )
classes:
lt = ( LessThan(${a},${b}) )
gt = ( GreaterThan(${a},${b}) )
alerts:
lt:: "$(a) LESS THAN $(b)"
gt:: "$(a) GREATER THAN $(b)"
Bugfix for cfshow -c options (Nathan Hruby)
2.1.13
Mistake in placement of update.conf runs fixed.
Alteration to lock hashing to avoid conflicts
Mandrake version type patch/repatched
Error message in disable now
underlines move to respository where defined.
Locking patch to tidy. Did not release lock when tidying
recursively with subdirectory deletions. (Eric Sorensen).
Host range patched (again) (Bas VdV)
2.1.12
cf.preconf can now cause an abort if the script prints out a string
containing the substring "cfengine-preconf-abort".
An exit code of 2 signals this failure
Cfrun bug in placement of workdir initialization. Would try to open
/inputs/cfrun.hosts instead of /var/cfengine/inputs/cfrun.hosts
Moved mutex locks in address purging, to see if it prevents some
segmentation faults.
In image.c:
/* if (TRAVLINKS || ip->linktype == 'n') */
Took out linktype reference. This appears to be erroneous.
Patch to tidy: "Guolin Cheng" <guolin@alexa.com>
Patch to -Q to prevent update.conf from being executed.
Patch to rationalize choice of port number for new getaddrinfo
interfaces. (ip.c)
small patch to allow the use of PCRE if it is compiled with
--with-pcre. This is using the POSIX compatible API that PCRE provides,
so the change necessary is to use pcreposix.h instead of regex.h and to
link in pcreposix.so. cindy.marasco@pnl.gov)
2.1.11
SUPPORT FOR POSIX ACLS IN LINUX IS NOT AS STRAIGHTFORWARD AS
ORIGINALLY THOUGHT. THE API DOES NOT MATCH EXISTING
IMPLEMENTATIONS AND SEEMS SIGNIFICANTLY MORE COMPLEX. IN THE
INTERESTS OF STABILITY THIS WILL HAVE TO BE DEFERRED TO A LATER
RELEASE.
Comma in function argument bug in FileExists etc, fixed
Option -z (--schedule) now prints only the run schedule. Option
-Q (--query) added to print values of variables defined in
configuration
cfagent -Q sysadm,domain,site,ipaddress
in format varname=value
New variables can be used in cfagent.conf for cfexecd control:
EmailFrom = ( )
EmailTo = ( ) - overrides sysadm if set
White Box linux class recognition added
When setting classes or variables by function call, the function
evaluation is no longer performed if it is not in an active class.
Cfexecd now calls cfagent with -D from_cfexecd to define the class
"from_cfexecd::" when run from the executor
WarnIfFileMissing added to editfiles and default is not to warn
of non-existent files, except in inform/verbose modes.
Check added for DefineInGroup, signals error if not in group
Added copy type "any" for any matching criteria, date/sum etc.
Respository variable was not expanded like a normal variable
cfshow tool added for consulting the databases
Better autodetection of Berkeley DB in some distros of Linux (SuSE) - has anyone heard of "standards"?
Date format changed in cfexecd output files
Errors if remote copy is not encrypted when server demands encryption. (patch)
Renaming of directories is now allowed if dest= is set specifically.
Check added for variables defined in terms of undefined variables.
Patch for solaris package manager added (Louis Erickson - wwonko@rdwarf.com)
file added as synonym til reg in filter
Patch to HostRange (item.c) (rader@ginseng.hep.wisc.edu)
Internal variable determining WORKDIR for non-privileged users.
Various minor changes and cosmetics.
Lock string must include server name in copy - added
Method reply bundles fixed to work correctly with ipv6 addresses
SIGPIPE and SIGCHLD added to signal handler (SIGCHILD ignored against posix, but
how the hell do you sort this out?)
srand -> srand48 typo in cfenvd
Multiple method reply variables were incorrectly separated.
Added options to disable LastSeen data recording feature.
fclose used instead of pclose when calling ifconfig - resulted in zombies
2.1.10
Persistent class protection added to returned remote vrpc calls to prevent
meaningless multiple replies.
Change added to IPRange to avoid possible bootstrap problem with unconfigured resolver.
IP address setting was contingent on having DNS. Misplaced } fixed in nameinfo
EmptyResolvConf removed only nameserver entries. Now removes everything.
Due to an error in constructing 2.1.9 some of the advertised
changes below were not included. They are included in this version.
Workaround error message for parser bug with nested variables.
2.1.9
WORKDIR/state/allclasses file caches all class date during cfagent execution, just
like the $(allclasses) variable, but the file can grow much larger without
overflow.
.cfengine -> .cfagent in non-root public keys (some missing conversions)
Expand buffer incorrectly zeroed out public name key causing empty keyname in RSA dialogue
Old style bind reverse lookup added to Hostname2IPAddress
2.1.8
Additional checks added to bolster server transaction security.
Fix of bug in copy server variable list expansion (unexpanded variables) introduced in 2.1.7
Typo in locks fixed
Mutex deadlock fix in cfservd for systems with up to date POSIX implementations.
QNX class data added
Syslog facility patches to cfservd. (Leonardo Helman)
Fix to avoid recursive imports
Variables were not expanded in PrepModule
Symbolic links were not tidied
Missing initializations in links could dump core
Logging route switching bug in disk/required fixed
Bugs in implementation of remote method protocol. Classes were not
transferred properly.
Bug in HostnameKeys for cfrun fixed.
2.1.7p1
Bug in resolv node introduced in 2.1.7. Ordering of
nameservers was reverse.
2.1.7
Mandrake Linux detect patch
Unbelievably no documentation about strategies ever found its way
into the manual!! Fixed.
Sorting of anomaly histogram data
Date patch for SMTP in cfexecd
Bugfix for TTime filters in ParseTTime() - submitted Bob B. Crosbie.
Trinity Centre for High Performance Computing,
ReplaceFirst function to replace first occurrence of a string in line.
Umask saving patch in editfiles (Sergio Gelato)
Patch for variable socket length structs (BSD)
Apparent bug in local methods from recent change. Name localhost
would be converted into an address which would then fail to match hail.
Iteration over server= variable in copy added
Iteration over resolver variables added
Bug in class evaluation was introduced in 2.1.6 by a sorting
algorithm. Some classes would evaluate to false even though true.
Default route setting has been broken in linux for a long time.
A workaround has been added using the shellcommand /sbin/route
Bug in rmdirs in tidy - old type mismatch corrected. Might cause
cfengine to delete an empty root-search directory undesirably.
Some bizarre coding in the resolver section replaced. Could lead
to incomplete class data.
Added option SkipIdentify = ( true ) for avoiding DNS lookup in
client side authentication.
Bug in method evaluation if peers have inconsistent resolvers and
cannot agree on whether to use IPv6/v4.
ReadList() function added to control for reading an iterator
from a file
2.1.6
Patch for incorrect symbolic link resolution with ".." internals.
Would chop off a leading slash.
Patches for alerts appearing twice. InitAction added in install.c
--with-docs option added and default is to not build the docs
Change to df.c to avoid rounding errors in small blocks for linux
wait status patch for returnszero()
dpkg debian package management support (Morten Werner)
tidy rmdirs=all did not remove top directory since v2.0.0. Fixed.
Problem was new method to aviod races can never reach this location,
so have to use absolute path for top dir.
DARWIN patches to cfservd.c/ip.c to fix definitions
Separate ExpandVarstring buffer-size with new expandsize value
This removes some spurious use of VBUFF scratch space. One bug
in tidy path expansion found here. Variables were not expanded.
2.1.5
KNOWN BUG in persistent state memory for tcpdump data - long ipv6
addresses can make a byte count > old for fewer incoming so it remembers
wrong snapshot
Double DeleteParser() fixed.
Code cosmetics:
Annoying tabs removed from sources
bzero -> memset explicitly
bcopy -> memcpy
Segmentation fault in list handling fixed (seldom occurrence)
2.1.4
"Bug" found in method recognition - only constant parameters allowed.
Time of day or relative hostames as parameters will not work
Mutexes around locking now.
Variable expansion of server deferred in copy to allow dynamic server choice
Removed old dns lookup caching for ipv4 - means no prior check for existing hostnames,
but allows running with dynamical variables
-q option added to cfexecd. If set it invokes cfagent with -q flag (--no-splay)
Rewritten function analysis for multiple arguments in assignments
ReadTable() and ReadArray() functions to read associative arrays from files
hpux class changed from 9000* to * in class matching. Assume old versions now dead
tcpdump interface for cfenvd
Attempt to detect ipv6 address from ifconfig on unix and add classes. Cannot yet bind to interface.
Make internal list representation of IP addresses.
Error in -f evaluation introduced in recent version fixed.
Bind to outgoing interface implemented for new getaddrinfo libs functions.
Same of fior cfservd
BindToInterface = ( )
editfiles additions:
DeleteLinesContainingFileItems @var{filename}
DeleteLinesMatchingFileItems @var{filename}
DeleteLinesStartingFileItems @var{filename}
DeleteLinesNotContainingFileItems @var{filename}
DeleteLinesNotMatchingFileItems @var{filename}
DeleteLinesNotStartingFileItems @var{filename}
AppendIfNoSuchLinesFromFile @var{filename}
Special function added to alerts:
FriendStatus(hours)
shows hosts that have not reported in for hours.
2.1.3
Voluntary RPC remote methods implemented.
Bug in ignore when doing file recursion fixed.
Wildcard match did not include plain files when expanding wildcards
Internal array representation added to expression evaluation
$(array[key]) $(array[$(key)])
Arrays may be defined using the association function:
assoc_array = ( A(B,"is for bird") A(C,"is for cat") )
2.1.2
Various minor patches
singlecopy locking patch (Eric Sorenson)
Patches Iain Morgen (NASA)
cfexecd add From line to mail
RegCmp(regex,$listvar) function added to match classes
Documentation of iteration added to reference manual - was missing.
Domain variable was overwritten in 2.1.0 when methods were initialized. Corrected.
Cfexecd #ifdefs not compatible with cygwin - rewritten workaround
Entropy measure anomaly classes
Comparator uninitialized in process matches, creating bogus outout with -d3
Chop function removes all trailing spaces.
interfaces now records ip addreses
Variables can override context using a dot notation:
${context.variable} ${global.env_time}
Interface addresses on multiple interfaces:
${global.ipv4[hme0]}
${global.ipv4[eth1]}
cfservd list handling bugs after user patch, plus enchanced iteration:
e.g. now make multiple rules in a sinlgle stanza
control:
Split = ( " " )
hostlist = ( "10.10.10.1 10.10.10.2 10.10.10.3" )
dirs = ( "bin etc lib" )
base = ( /usr )
#########################################################
admit:
$(base)/$(dirs) $(hostlist)
results in:
Path: /usr/bin (encrypt=0)
Admit: 10.10.10.1 10.10.10.2 10.10.10.3 root=
Path: /usr/etc (encrypt=0)
Admit: 10.10.10.1 10.10.10.2 10.10.10.3 root=
Path: /usr/lib (encrypt=0)
Admit: 10.10.10.1 10.10.10.2 10.10.10.3 root=
Allow modules during parsing to initialize classes etc.
control:
gotinit = ( PrepModule(startup1,"arg1 arg2...") )
classes:
gotinit = ( PrepModule(startup2,"arg1 arg2"}) )
2.1.1
Permissions on explicitly mentioned links to files could result in file permission
being changed instead.
Error in permission evaluation for copied files fixed.
Mac OSX finder patches added
ID classes rationalized into nameinfo.c
scanarrivals option to disks/required - for research.
Improved anomaly analysis.
setting repository in cfservd.conf caused crash - fixed.
& is now a synonym for "." - the AND operator in class evaluation
! negation of functions in class assignments is now handled
New option noabspath=true for copy allows one to override the need for
a full path in certain situations, e.g. "export A=x; /dothis""
Redhat 9 class names patch JY.
Case insensitive domain matching
2.1.0
************************************************************************************
* * * * * * * * * * * * * * * ** * * * * * * * * * * * * * * * * * * * * * * * * * *
Main addition to 2.1.0 is * methods *. Methods replace modules for most applications
=========
* * * * * * * * * * * * * * * ** * * * * * * * * * * * * * * * * * * * * * * * * * *
************************************************************************************
Error in cfenvd update policy for huge anomalies. Could never learn large values.
New parser did not pick up restart sequence in processes if not enclosed by quotes.
Bug in AppendIfNoLineMatching - infinite loop is SetLine not set, fixed,
ExecProgram was incorrectly listed as Exec in filters. fixed
Minor alterations to cfenvd policy. Calculational details, and
persistent information now lasts up to 30 minutes.
Patch for red hat enterprise server classes
New variable
HostnameKeys = ( true )
if this is set, public keys are stored as user-hostname rather than
user-ipaddress. This can be useful for dhcp hosts. However, there is
a potential loss of security during key-exchange
due to implicit reliance on DNS or asserted
identity.
------------------------------------------------------------------------------
DeleteItemNotMatching added to editfiles
DeleteItemNotStarting added to editfiles
DeleteItemNotContaining added to editfiles
SyslogFacility = ( ) new variable to alter syslog facility level.
Possible values:
LOG_USER, LOG_DAEMON, LOG_LOCAL0-4
--------------------------------------------------------------------------------
Persistent state memory can be added through a system alert functions:
SetState(name,ttl,policy)
Set a class that acts like a non-resettable timer. It is defined for exactly 10
minutes
SetState("preserved_class",10,Preserve)
Set a class that acts as a resettable timer. It is defined for 10 minutes unless
the SetState call is called again to extend its lifetime.
SetState(non_preserved_class,6,Reset)
Delete a persistent class.
Delete an existing class:
UnsetState(myclass)
--------------------------------------------------------------------------------
rename: is now a synonym for disable: and a new option dest= is added to
these so that you can formally rename a file with any destination, not just suffix ".cfdisabled"
(though this remains the default).
Classes now allowed in group / classes definitions for consistency and ANDing of classes
Added to Alerts to send messages directly and silently to syslog
SysLog(LOG_ERR,"Test syslog message")
--------------------------------------------------------------------------------
b2
cfservd no longer does reverse DNS lookup on keys that do not have to
be trusted, i.e. existing keys whose identity has been confirmed.
Strategy evaluation was performed too late, so that it could not be
used to define variables. Fixed. Now strategies are evaluated as
soon as they are defined,, just define them at the start of the program..
Various minor patches.
2.1.0b1
Patch to packages for non linux rpm
localhost method calls implemented
- todo: multiple methods calls
---------------------------------------------------------------------------------
KNOWN BUGS : Functions cannot contain both subfunctions and spaces in strings
This will not be fixed until the language becomes fixed
---------------------------------------------------------------------------------
Error in init.c erroneously referred to old directory .cfengine instead of .cfagent for
non-root users.
Builtin function ReadFile(filename,maxbytes) allows us to read
a maximum number of bytes from a file into a variable e.g.
control:
mylist = ( ReadFile("/etc/passwd",20) )
Split = ( "_" ) # NOTE careful with split character
myvar = ( ReadFile(/etc/passwd,220) )
2.0.8 - released this far as a 2.0.x patch
Check for illegal characters in classes.
Able to bind to a specific IP addressed interface in cfservd.
BindToInterface = ( 10.10.43.6 )
Security fix to transaction lengths in remote copying.
Suspicious names now applies only to regular files
2.1.a8
Imports allowed in update.conf
Extra locking applied to methods
Parser error in cfservd fixed. Would ignore single character objects (ordering
error in lexer).
2.10a7
Methods parsing added
Granular locking added to all parts of cfengine
ifelapsed
expireafter added to each action as options e.g. ifelapsed=20
2.1.0a6
Admit /deny did not do variable expansion on pathnames - fixed
Reduced stating level during file transfer in cfservd - helps to prevent
thrashing when transferring files with server fragmentation.
class "windows" is added as a synonym for "nt"
xdev=true option to image, tidy, files
Timeout added to receive in file copying
mounts are only performed in pass 1
edit warnings are only carried out during pass 1
Bug fix for Mode class in file filters - was not matching modes properly
Can't copy files less than 17 bytes now supposedly fixed
Add mutex around syslog() to see if it helps weird file errors.
2.0.7p3
Parser bugfix for group defintions from script (in old compat obsolete syntax)
2.0.7
Resolv.conf search directive removed from code. This was wrong, in spite
of pressure to put it in.
EditBackup -> Backup corrected in manual
Check for class definitions that are not installable
SMTP client handling patch in cfexecd - must wait for reply
AppendIfNoLineMatching replaced with regex, not Setline value
ChecksumPurge = ( on ) causes cfagent to purge its checksum database of
files that no longer exist.
Forgotten built in function RandomInt(a,b) - returns a random number in variable
assignments. Actually introduced in 2.0.6. Forgot this
control:
rand = ( RandomInt(4,7) )
Major rewrite of parser
- code simplifications
- Allowed escaping of quotes in strings and newlines e.g.
var1 = ( "a b c\"substring\" d e" )
var2 = ( "a b
c" )
Tidy code tidied and bug fixed for new scheduler
Moduledirectory defaults to /var/cfengine/modules
2.0.6
SKIPVERIFY removed from AccessControl checks. This was wrongly allowing
access to files if they only had an accepted encryption key.
SetLine added to AppendIfNoLineMatching to allow current line to be added.
ForEachLineIn "/tmp/in"
AppendIfNoLineMatching "ThisLine"
EndLoop
Changed /etc/services reference to port 5308 in ipv6 compatible calls.
Efficiency, removed getpwnam from GetFile(). Was unnecessarily looking
up the uid multiple times, which delays copying speed. Copy rates improved
by five to ten times!!
Single copy uses too much cache memory. Optimize by only caching
copies that use the singlecopy keyword.
Message status change: %s is a link which points to %s, but that file doesn't seem to exist
Verbose only
Patches to editfiles to check empty files. DefineinGroup added.
2.0.5
Cfrun ipv6 patch
Syslog messages name patch
mountables, binservers variable usage fix
backup=timestamp added in copy so that multiple backups can coexist.
Other backups use this by default.
Cfenvd records loadaverage - and av.db renamed to cf_averages.db since
records in av.db no longer compatible.
Iteration added to disk paths
Typo in filters.c UID -> USER meant that Owner field in filters would not always
work for processes.
Bug in removal of spaces in process-filter matches could cause some criteria
to fail to match.
Netstat changed entry in solaris 2.9
Hard class hpux10 -> hpux and the old hpux is deprecated
tidy //tmp would start tidying / due to error in ExpandWildcardsAndDo. FIxed
Cfenvd netstat state recorded in separate files now in WORKDIR, by
protocol and incoming/outgoing. This allows accurate record of the
state to which classes refer.
excludes and ignores would not appended in a tidy command if
a path already existed in another previous command. Fixed so that all excludes
and ignores are concatenated for all related paths.
Local AF_LOCAL addresses not handled by sockaddr in IPv6 compatible functions.
Now returns 127.0.0.1 (why not ::1??)
Typo in tidy.c prevented tidy old links from working.
Documentation patches.
Checksums no longer performed on dry run (-n) in files, but still in
copy.
No errors written to syslog in dryrun mode.
Umask patch in editfiles - umask was not properly installed
New copy options / variables singlecopy= and autodefine added.
Alerts added as own section alerts: allow users to define a custom message
triggered by a class activation. Alerts can also quote state information
from cfenvd and the process table.
tidy define= does not set class if file could not be tidied.
debian detect patch (Andy Stribblehill)
cfservd descriptor leak (Andy Stribblehill)
cfservd daemonize modification
2.0.4
cfexecd now reports identical messages only once per day. (Bas)
***************************************************************************
File copying failover=classes sets classes if open server connection fails,
or file is unavailable --
this allows failover rules to be activated instead.
***************************************************************************
***************************************************************************
Evaluated classes added:
IsDefined(varname)
StrCmp(s1,s2)
***************************************************************************
If a public key authentication succeeds, cfservd now adds a host to the
skipverify list, so that we don't waste time checking ID by two separate
methods. It has to succeed once though... and the is emptied if the config
file changes, and we start over again.
elsedef didn't work in processes
New test in processes for executability of restart sequence would fail
if the sequence had arguments. Fixed.
---------------------------------------------------------------------------
"AUTHENTICATION" BUGS:
This seems to have been due to threading collisions.
Malloc is not thread-safe. Added mutex to NewConn in cfservd. This
could cause new connections to be mixed up in memory, under heavy
load and result in authentication failure on multiprocessor
systems. Also changed pthread_mutex locking around gethostbyname
- could cause reverse lookup to fail and create the illusion of a
bad public key authentication.
Implicit mallocs are also in some of the public/private key functions.
Moved some of the mutexs to encompass these, and it seems to have
fixed the authentication errors.
Change in mutex locking policy of CheckFileChanges. Don't need a mutex
there, just check that ACTIVE_THREADS is 0 and we're single threaded.
---------------------------------------------------------------------------
Tidying directories with atime is meaningless, since the necessary
stat'ing automatically invalidates the result except for age=0.
Thus all directory time comparisons are now changed to mtime, regardless
of the type.
Default preview value for shellcommands was true - shuld be false.
cfrun - with -T did not accept keys on trust (typo) fixed
Classes defined within update.conf are now also private, like a
separate module. These go away before cfagent.conf
Typo in item-ext.c in regfree of GlobalRreplace led to segmentation
fault for some edits.
AllowRedefinitionOf = ( variable name list ) allows redefintion of the
named variables during parsing.
Editfiles scheduling error for classes not immediately defined, fixed.
Inform=false didn't affect purge=true
Setting chmod 000 on a directory could prevent 2.0.3 from fixing it.
Fix for hyphen fix - can have numbers and hyphens in hostnames...
Fix for freebsd fix...ugh
IP address range minor fix >= -> > in lower range
$ cfagent --avoid resolve,copy
$ cfagent --just tidy --just shellcommands
The latter does tidy and shellcommands, but nothing else in the
action sequence.
2.0.3
import in cfservd.conf was blocked. update.conf run when doing -a
or -z DESTINATION used in link.c (legacy) without allocation -
caused segfault. IMPORT in cfservd was excluded -b for
--update-only was used up, changed to -B (too many options!)
hyphen in cfservd.conf admit/deny hostname was misinterpreted as IP range in 2.0.2
Fixed
Interface detection on FreeBSD messed up. Fixed.
Unknown edit command error in include/exclude.
SECURITY : Recursive descent functions vulernable to race
conditions. Directories could be replaced by symbolic links and
this would affect any operation that relies on directory parsing;
files, tidy, editfiles (copy is non-destructive). Recursive
descent functions are reworked to check inode numbers and device
numbers in order to detect attacks. This leads to a small inefficiency
in recursive descent. The solution is to chdir to the actual directory
concerned, check that it is the same one we stat'ed and scan only those
relative names afterwards, so we freeze each directory one at a
time. The problem only applies to systems who have non-trusted
users.
Editfiles error messages added for class definitions within conditionals.
Some segmentation faults corrected.
Check added to prevent cfagent from following links it does not own.
Work around to delete cfparse.c from the distribution cause autoconf won't do it.
This was causing incorrect alloca() usage for HPUX and AIX.
2.0.2
New option -b --update-only (changed in 2.0.3 to -B)
Runs only the update.conf script
Host ranges in IP addresses 128.39.89.10-34 or CIDR notation 129.39.89.1/24
to specify groups / classes or host lists in cfservd.conf.
groups:
myseries = ( IpRange(128.39.74-75.10-20) )
myseries = ( IpRange(128.39.74.10/24) )
128.39.74.10/23 == 128.39.75.56
128.39.74-75.10-20 == 128.39.75.12
2001:700:700:3:290:27ff:fea2:4730-4790 == 2001:700:700:3:290:27ff:fea2:477b
2001:700:700:3:290:27ff:fea2:4730/64 == 2001:700:700:3:290:27ff:fea2:477b
New list in cfservd.conf, DynamicAddresses = ( ipranges )
this assumes that hosts get IP addresses from DHCP or someting
and can change over time. This changes the security model somewhat.
(see reference manual)
Bug in cfservd for files which were unreadably by the daemon.
Could lead to incorrect file being transmitted instead of rejection.
Changes to mount list. Can now include mount options in the
cfengine mount model (see reference manual)
Bug in classification of variable assignment and authorization
assignments fixed.
Structures for convergence analysis added. Option -g (future work)
NAT handling in cfservd.c patch
Signal names were wrong in some cases due to differing conventions - OS dependent.
Incorrect code in file time filter comparisons fixed.
License ammendment in COPYING makes it clear that users are encouraged to
use the OpenSSL library. I see no problems with this.
Purge exclusions segfault bug fix.
Purge should not purge patterns in include= (fixed)
Purge symbolic link error fixed. (Bas)
/* Bas
The following patch helps with the, for me at least, irritating
problem where I have a cf.<conf> file which has sections depending
upon classes which do file checks or copy based upon a user/group
which doesn't exist on certain machines :-
flagisoff::
file owner=user group=group
cfengine complains about this even though flagisoff is off :-)
It also means that a user can be created earlier in a configuration
and used later on without the warnings.
Anyway patch does :-
- don't complain about missing uid/gid while parsing
- set uid/gid to -2 if missing and copy the name to the uid/gid
structure
- when actually doing things, recheck to see if the user exists use it
if its now found, otherwise complain
*/
SMTP \r added to cfexecd, caused problems for stricter mailers.
(I wasn't reading RFC2822!!)
Connection from version 1 client could cause version 2 server to segfault.
Fixed uninitialized field.
If we specify purge, then the following options will also be set
and cannot be altered: forcedirs=true typecheck=false - for safety sake.
Some windows patches.
2.0.1
Some error messages demoted to verbose only
Some documentation corrections
cfenvd given a -H option for histogram measurement. (research)
More problems with configure finding libraries fixed
Extra time classes Q1,Q2,Q3,Q4 are set in each quarter of the hour.
Also abbreviations of HrXX.Q1 ca write Hr12_Q1, for instance.
VSYSTEMHARDCLASS was not defined in cfservd
tidy .cfengine files could have permission 777. Missing permission added.
openbsd bind() fix in cfservd - openbsd does not map ipv4 addresses in ipv6!!!
error in assigning hardclass for openbsd (typo) and this affected several other operating systems. Fixed
2.0.0
Hpux config changes
Red Hat compilation issues with Berekely DB
cfservd.conf did not re-read input file properly if -f was used.
mode checks patch (Martin Jost)
GNU autoconf classes renamed to compiled_on_solaris2.7
Cfengine 2.0 ----------------------------------------------------------------
b4
configure changes to compile on systems without pthread.
Increase thread stacksize to avoid seg fault on some systems, which
set a small basic pthread stack.
parser checks update.conf on -p
bug in reading imported files if CFINPUTS set to non-abolsute path
b3
Some typos and solaris memory error fixed, in cfpopen().
Add optional argument to disable to warn only about existing files.
Modules no longer time-locked
b2
IPv6 implementation
Bug fix in access lists of cfservd
a23
Added support for variable and class built-in functions.
a21
Martin Andrews' NT/Windows patches incorporated.
a20
Code tidying
a19
cfrun fixed for RSA usage, and
AllowUsers = ( ) added to cfservd.conf
Bas' NAT fixes to cfrun included
BeginGroupIfDefined in editfiles incorporated
a18
Symmetric key encryption rewritten, using Blowfish and RSA key exchange
Several efficiency modifications have been added, and this change allows
for future multiple enryption schemes.
install.c rationalized, to standardize true/false switches
Standardedized true/false api in switches with HandleCharSwitch.
Internal representation is now 'y'/'n' not t/f and y/n.
verify= added to file transfers allowing cfengine to compute an
MD5 verification of the transmitted data before installling.
secure= -> (encrypt=,type=) split up, so encryption can be used
independentently of the update method.
a17
RSA authentication added
cfkey changed to generate public/private keys
a16:
Cfagent will now attempt to rename non-directories which
are "in the way" during copying, if forcedirs=true
The function MakeDirectoriesFor thus has a new argument
for whether this should be forced or not. THe policy regarding
other uses of the function has changed:
- For creation of essential cfengine directories, it is compulsory
- For other optional actions dirs a re not forced
exclude= and ignore= now allowed in tidy
include= is a synonym for pattern=
Replace old checksum functions with OpenSSL interfaces. Larger
checksum database, due to longer hashes. Can now have checksum=sha1
in files.
Checksum databases will be rewritten in a new format, as the datasize has changed.
Might result in checksum changed warnings when installing new version.
Editfiles scheduling bug, with new scheduler, fixed. Classes
specified in the action sequence would not be executed.
Exclamation = ( off ) - to switch of exclamations in alerts
% included in filename spec
a14/15:
Compilation issues. Restructuring and fiddling with cfenvd.
a13:
control option EmptyResolvConf = ( true ) removes old nameserver entries.
Bug fix in file copying. A missing test could cause problems when cfservd
was remote copied by itself, if error strings were aligned on page boundaries.
Typo in popen.c fixed. Shouldn't have any effect on code.
Hosts with multiple interfaces now register all subnets as classes.
Now adds ipv4 address groups in the form ipv4_128_39_89
ip43_128_39
ipv4_128
Owner filter added to process filters (oversight)
a12:
Editfiles filters implemented
cfengine.conf -> cfagent.conf
WORKDIR = LOGDIR = LOCKDIR = /var/cfengine (like /var/mail)
/var/cfengine/bin - default local binary
/inputs - default inputs dir
/outputs - record of old runs
cfexecd a replacement scheduler. Used as cfexecd -F (no fork)
it can be placed in cron to replace "cfwrap cfengine". It needs
you to define smtphost = ( smtpmailer ) in cfagent.conf.
This program stores the output of cfagent in the outputs directory
and then mails a copy if smtphost or sysadm are defined.
It truncates long mail.
Cfengine could be used to pick up the output files for collation by a central
monitor, if desired.
Cfengine now looks for a config file called /var/cfengine/inputs/cf.update which
is run before the main configuration. This is intended to be used
to get an updated configuration, so that it can be parsed
immediately afterwards. If there is an error in cfagent.conf,
cf.update will still be able to run.
Don't forget to move the keys file to /var/cfengine
a11:
resolver uses search directive, deprecating "domain" once and for all.
This might hit really old systems...?
Using shellcommands to set classes noe suppresses output from command.
a8:
snprintf for added security or just for certainty, where appropriate.
If CFINPUTS is not defined, cfengine will look in CONFIGDIR
for input. Files are always checked for their security by checking
the owner and permissions.
--with-lockdir=LOCKDIR deprecated
--with-CFINPUTS=CONFIGDIR - default CFINPUTS internal (/etc/cfengine/inputs)
Extensive changes to locking policy.
LockDirectory = ()
LogDirectory = () --- are no longer configurable from cfengine.conf
due to required compatibilty with cfenvd.c
cfenvd added. Records long term data and transfers class information
to cfengine aboutthe average state of the system. Classes pin-<number>
also defined for every open service-port on the host.
a6: undefined_domain is now removed from the class list when
a proper doman is defined. This allows us to test for this
as a class for debugging.
recurse option in home tidy now allowed.
Option LogTidyHomeFiles to switch off generation of
log files in user homedirs.
Bug in DeleteToLineMatching, mismatch with documentation
functionality. Fixed.
Process options changes from ax to auxw for BSD-like ps.
cfenvd introduced
Some FreeBSD patches.
Locking changed to use Berkeley DB if available
Default workdir changed to /var/cfengine from /var/run
since /var/run gets emplied on reboot in linux.
Cfengine 2.0 -alphas---------------------------------------------------
* Expansion of $(dollar) broken in 1.6.0 - fixed
* Locking problem in cfd fixed. Problem causing access
denied while re-reading config files. MAXTRIES increased
for high volume services, was causing premature apoptosis.
dest= could not refer to a filename with spaces, fixed.
* Made recipient variables in client.c long instead of
size_t in rstat, for 64 bits. With %ld in scanf.
* Cfengine 1.6.0-1.6.3 introduces filters into processes
and files.
* 1.6.3 change from Berkeley DB2 to DB3 - not backward compatible!!!
Update Berkeley db with
cd build_unix
../dist/configure
make; make install
ln -s /usr/local/BerkeleyDB.3.2 /usr/local/BerkeleyDB
2000-06-13 David Masterson <David.Masterson@kla-tencor.com>
* 1.6.0.a2: re-released to Mark after stupid mistakes.
* src/Makefile.am (noinst_HEADERS): add cfparse.h
* Makefile.am (EXTRA_DIST): add acconfig.h
2000-06-12 David Masterson <David.Masterson@kla-tencor.com>
* 1.6.0.a2: released to Mark
* General: Attempted to convert to reincorporate all my Automake
stuff into the release.
2000-06-12 Mark Burgess <Mark.Burgess@hio.no>
* 1.6.0-alpha1: released
* General: Rewrite of DCE code by Transarc/IBM. Add elsedefine=
tag as complement to define=. CompressCommand action=compress in
files, tidy, compress=true for compressing files on the fly. Bug
in copy with size= fixed. Was ignored if file didn't exist.
Modules: in addition to setting classes, can return lines
=ENVVAR=value which sets cfengine environment variables. This
allows modules to set variables which can be inherited directly by
scripts.
2000-05-11 David Masterson <David.Masterson@kla-tencor.com>
* contrib/Makefile.am (pkgdata_SCRIPTS): change cfemacs.el to
cfengine.el in keeping with internal documentation. Also renamed
the file as well.
2000-05-08 David Masterson <David.Masterson@kla-tencor.com>
* Release: V1.6 released to Mark for verification.
* Everything: Many things have been changed and reorganized for
the shift to automake generated Makefiles. See the end of the
NEWS file for more information.
2000-04-24 David Masterson <David.Masterson@kla-tencor.com>
* ChangeLog: Created and initialized with old VERSION.DIFF
***************** Minor Version 5 ********************
KNOWN BUGS: linux, when making directories, ownership can perms can be wrong.
1.5.4
Added security message in checksum=md5 for cfengine if new files appear
Bug in class evaluation with multiple embedded groups fixed
Bug in file transfer could hang a server in special circumstances.
Bug in secure recursive copy (access denied incorrectly).
Type change, size is off_t in cfstat struct
Multiple define bug in copy: could cause endless loop
Thread counting error fixed in cfd
Required/disk suspicious warnings now cause classes to be defined
Resolver could delete substring lines
Extra measures against Denial of Service attacks on cfd, only one
instance of a host-IP may be connected at one time.
1) Multiple connections from the same host are refused by default
(before any recv())
2) A DenyConnectionsFrom list will prevent named IP adresses from connecting
(before any recv) or a general AllowConnectionsFrom mask...
3) If the thread table is full for more than five requests, cfd commits
suicide (apoptosis) to avoid resource usage by spamming.
The control variable "DenyConnectionsFrom = ( ip1 ip2 ... )" allows a list
of numerical IP masks to be specified, which cfd will deny connections from.
This can be used to prevent hanging connection attacks from malicous hosts
and other Denial of Service attacks.
e.g. cfd.conf
control:
AllowConnectionsFrom ( 128.39.89 )
DenyConnectionsFrom = ( 128.39.89.4 )
This is in addition to tcp wrapper stuff, but the TCP wrapper code cannot
protect against denial of service attacks.
typecheck=false in copy switches off error messages on type mismatch.
1.5.3
Configuration fixes for strange platforms.
Segmentation fault with long hostnames in cfd.
A number of security minded improvements to coding.
1.5.2 (Minor patches)
DeleteNonOwnerMail excluded check of NonUserMail
Almost complete port to SCO, missing data on mount model
Some compilation problems addressed. Move to OpenSSL
latest version.
Domain name issue fix in remote copying between domains.
Exec strings in variable assignments are now chopped.
1.5.1 (bugfixes only)
Segmentation fault with blank lines fixed in editfiles.
Segmentation fault with remote copy access denied fixed.
IP address and subnet (first three bytes of IP) are now
added as classes e.g. 128_39_89 and 128_39_89_10
Checksum update bug fix
->! works on directories, with some care checks
mutex variables in cfd made static. Serialized gethostbyname()
to avoid races in multithreaded lookup.
BUG: cfd seems unable to copy itself on memory mapped solaris
1.5.0
Security enhancements and bug fixes.
!! GNU Regular expression library replaced by POSIX calls. !!
!! The old code is still present for legacy systems but !!
!! this will not be supported in the future. Legacy systems !!
!! should install the GNU Posix library rx-1.5 for compatibility. !!
!! *** check complex regex's before using this! *** !!
RFC931 user authentication for cfd, on systems
supporting/running identd.
Editfiles: Checks that the file differs
from the disk version after multiple edits
before saving (fixes circular do-undo problems)
All pthread libraries are now trusted to work by default
(make of this what you will).
BSD chflags attributes now handled (by Andreas KluBmann)
home/ in directories
LogDirectory
LockDirectory - variables in control: can override defaults.
define= added to shellcommands. Defined if shellcommand
returns zero.
Cfengine will not edit a link to a file unless the
owner of the link is the owner of the file.
Careful attempts to avoid exploitation of race conditions
during file writing.
New copy option, secure=true allows 3DES encryption with
secret keys in file LOCKDIR/keys. Filenames and contents
are encrypted only.
New threading policy makes compatibility with earlier versions
of cfd impossible. Should be more effective now. Discontinued
-m flag.
cfd options: root=host1,host2 determines whether a connecting host
can read files on the remote system which are not
owned by the initiator of the connection.
secure=true means that cfd will only serve the file
on a secure line.
New cfkey program which generates a key file, e.g.
cfkey > /var/run/cfengine/keys; chmod 600 /var/run/cfengine/keys
New copy type "mtime"
Control variable: DefaultCopyType = ( mtime ) can be used to set on all
copies following this.
Problem with pthreads and GNU/Linux fixed
***************** Minor Version 4 ********************
1.4.17
Multihomed host fixes for hosts with multiple names on
interfaces.
1.4.16
Options owner= group= in shellcommands, allow running
programs with effective user id, i.e. su -c user command
ShowActions = ( on ) makes cfengine print out the exact action
in output, using the adaptive lock string. For specialized
processing only.
Symbolic link attack security hole closed.
1.4.15
Bug in size= in tidy files which could cause parsed value to
be incorrect if the size value had many digits.
Setuid logs were not saved after copy:
stealth on remote copies was broken.
Username authentication added (weak and discretionary).
Bug with new Berkeley database v2 fixed. Seems to work now.
New class name digital added causing incorrect class id's!
Option checksum=md5 added to files to give Tripwire functionality.
(Requires libdb v2 from sleepycat)
1.4.14a
Editfiles Replace/With error incorrectly fixed in 1.4.13.
Caused segmentation fault if last line of file.
1.4.14 (Post LISA changes)
SuspiciousNames = ( .mo lrk3 ) in control adds a list of filenames which
cfengine will warn about if it detects them in the course of scanning
directories.
SecureInput = ( false/true ) option which switches on checking of the
permissions on the input files. If this is set cfengine will not
read files which are not owned by the uid running the program, or
which are writable by groups or others.
Copy default to source=destination name if dest not specified (assumes
that server is not localhost)
1.4.13
N.B. When upgrading to this version. ALL systems should be upgraded.
Debian ID changed to use /etc/debian_version.
Special GNU/linux distributions detected incorrectly.
cfd patches: removed forking from 1.4.12 and fixed error protocol bug which
allowed files to be overwritten with an error message (ouch!)
Multi-homed host fix which works with solaris nsswitch/nis
When copying symbolic links, both image and link, the file pointed to
by the link could end up with the permissions of the link. Fixed.
File recursion was broken in some earlier version.
Process match/define fix. Classes got defined even when processes missing.
In file,copy,link new option ignore= allows locally defined ignores. Often
a better alternative to the global ignore list which affects all three and
tidy as well. (This is like include/exclude but also works on directories/recursion)
AutoCreate/dry-run created file. Fixed.
Variable expansion in import.
Imported files which are not found now give only warning in verbose
mode. They do not stop execution. This allows inclusion of
possibly existing files like cf.local
Obscure bug in class evaluation fixed.
OpenBSD classes added.
Purging without authentication disabled, otherwise possible to
wipe out a whole directory.
Link defaults changed during copying so that links will be created
to nonexistent files.
Didn't find some processes if username contained a number on sys V.
Bug in macro hashing could cause segmentation fault.
When recursively copying dirctories with non-alphanumeric filenames
it was possible to enter into enter into silly loops which looked
for non-existent files. Fixed.
Variables allowed in defaultroute.
control: variable = ( `exec shellcommand` ) now sets variable to output
of command.
New options for unmount deletefstab=true/false deletedir=true/false
New option stealth=true/false determines whether the access/ctime of
source files are modified during copy.
Security feature tests ownership and permissions of input files.
Files writable by others than the owner are skipped. If cfengine.conf
is not secure program terminates.
New List in control FileExtensions = ( c gif txt ) etc
If directories have these names they will be reported as
security warnings.
NonAlphaNumFiles = ( on ) switches on disabling (marking) of
files with control character filenames and other non-alphanumeric
names, with some exceptions. These are suffixed with .cf-nonalpha
which can then be removed if desired by tidy.
1.4.12
Ownership of links was not checked, fixed for those systems which have
lchown() (solaris and osf/digital)
Automatic domain name detection in cases where sites use fully qualified
domain names locally (eg in /etc/hosts) Helps to solve the problem of
what to do if you havge multiple domains in a cfengine.conf file
and want to define classes based on the domain name which hasn'r been
set yet.
processes: include and exclude lists can be added to match or exclude specific
literals in addition to the regular expressions (which don't seem to
work very reliably) when searching through the process table.
Tidy with single / as root ignored command. Fixed
miscmounts rw/ro only option made more like other options with mode=rw,mode=ro etc.
Default value is rw. Backward compatibility maintained.
Variable expansion now performed in owner= and group=
Error capture while checking link permissions fixed. Old perror() method missed.
Multithreaded cfd. stat error message fixed.
-m option to cfd to switch on multithreaded operation.
Systems which do not have working pthreads fork() processes
during copy commands only. Note that solaris 2.[56] is the only working
pthread implementation that is implemented, since I only have linux
and solaris to test on. To get pthreads working on other platforms
you have to add a NOTBROKEN to configure.in and rerun autoconf/autoheader.
cfd now is able to run cfengine at timely intervals in collaboration with,
or instead of cron. This allows cron to be restarted by cfengine/cfd on linux boxes, where
it crashes all the time, and it allows cfd to be restarted by cfengine/cron
if it crashes (occasionally). See AutoExecInterval/AutoExecCommand
Purging files didn't remove deep directories on client, fixed.
Domain name case control tweaks.
File recursion bug fix.
Bug in execute bit permissions on directories.
Support for multiple network interfaces
Copy could lead to empty file.
New db v2* api used.
dirlinks=tidy didn't work, fixed.
Bug in home expansion of user patterns
Multiple timezone aliases
1.4.11
Copy repatched. Erroneous patch in filedir.c copy modes not settable
Lexer tweaking
Travlinks patch in tidyfiles. Did not detect links properly.
Home tidy optimization.
Bug in IsMountedFileSystem fixed
Bug in relative linking from / , missing / fixed.
Link update in copy files repaired.
Editfiles: Backup, Syslog, Inform
New class additions are automatically canonified to protect from plugins.
Can now set syslog=on/off, inform=on/off per action so that output can be
routed as desired, overriding global settings. (For Greg Maples)
processes, useshell=dumb ignores I/O and allows programs like cron to
be restarted without hanging cfengine with a zombie. This doesn't
work via cfrun, unfortunately...
Bug in parser, defaults not reset if previous action was not installed.
Global replace bug fixed.
internal variable $(ipaddress) contains numerical form of IP for current host.
addinstallable for declaring dynamical classes before they are used.
Memory leak in cfd fixed.
1.4.10
Multi-homed host fix for cfd.
Mail check extras: test for dubious files
Warn/DeleteNonOwnerMail
Warn/DeleteNonUserMail
Edit: CatchAbort markers introduced to add a kind of exception handling
so searches do not have to abort an edit compeltely.
Some typos fixed in the logging code. Segmentation faults caught
and erronenous messages fixed.
Extra new lines from logging code fixed, e.g. with cfengine -a
Bug fix to edit command DeleteLinesAfter...
TimeOut parameter added to adjust network timeouts on slow networks.
Access control in cfrun (access = mark,uid,uid2 in cfrun.hosts)
matches=0 allowed in processes
Unixware support added
8-bit clean for flex users
percentages added for filessystem checking (diskusage=)
extra options for rmdirs so top directory needn't be removed in tidy
1.4.9
ReleaseCurrentLock exited if remove failed. This was wrong,
should only have returned and caused a truncation of the
action sequence.
ERESTARTSYS deadlock patch for POSIX.1/SVR4 while restarting
daemons. Processes would hang, never receiving end-of-file on
the pipe. A timeout has been added as a workaround.
Support for Access Control Lists in files and copy. Currently
implemented for solaris, and dfs only.
blocksize calculations rewritten to avoid division by zero error.
Error in installing required class info. Introduced in 1.4.8
define= directives added to process, editfiles, files, tidy, link and disable
DNS lookup case control to avoid unusual problems with case mismatch.
$(host) not expanded when domain not set: fixed.
Output rationalization in different modes, including possibility of logging.
Note that the status of some messages has changed. You might need
to set Inform = ( on ) in order to see the messages you want to see.
Messages may now be routed to syslog.
Bug in server= fixed for net copy. Previously a pointer error
New option to shellcomand: useshell=true/false. If false, cfengine
uses an internal popen replacement which does not use an intermediary
shell to start programs. This addresses several security issues in
starting programs with root privileges.
New option to copy: purge=true/false. If true, cfengine will remove
files in the destination dir which do not exist in the source dir
when recursively copying directories.
control options Verbose = ( on ), Inform = ( on ), Syslog = ( on )
which switches the output level from within the config file. Also:
Warnings = ( on ), DryRun = ( on ) to set other command line options.
Bug in relative linking fixed.
Bug in overlaying permissions mostly fixed in copy. Still some
residual weirdness when using complex masks.
Garbage appeared in copy define=classes.
AutoCreate would not work with BeginIfFileNewer
1.4.8
Cfengine now detects redhat linux and defines a class. Welcome redhat.
Variables can now be used in the control section itself, to define other
variables and so forth.
Drop setpgrp and use setsid instead, if it is found, to get around the
incompatible argument.
Non canonical $(arch) canonified so that it is not confused as a list variable.
OutputPrefix doesn't automatically append hostname now, since you can always
do this yourself with variables in the OutputPrefix string.
Bug in copy, permissions finally fixed? Pleeeaasse?
Output format changes.
New option to links, nofile=force allows you to create links to files
which do not presntly exist.
1.4.7
Copy : "return" instead of "continue" in GetLock. Meant that if one
lock failed, all copies were abandoned.
Setuid root files copied without setuid bit. Fixed.
Segmentation fault in "InsertFile" Fixed for empty files.
Scanf workaround for linux in remote copying, caused incorrect
values to be read and thereby incorrect file modes.
Problem in variable expansion fixed?
setpgrp() in cfd
Documentation updates.
Possible segmentation fault in inode caching fixed.
Minor suggestions to autoconf implemented.
1.4.6
CompressPath moved to filename.c to avoid linking problem in OSF.
More Too Many open files bloopers fixed.
cfd: transfer synchronization problem could break filenames in readdir() fixed.
Recursive tidy including directories fixed so that top directory is now
deleted.
cfwrap altered so that identical multiple messages are filtered, or shown only
once per day
1.4.5
Symbolic link inode number transferred incorrectly from cfd, leads to remaking
symbolic links during remote copies, owing to confusion of hard and soft links.
Some unclosed socket loopholes fixed. Too many open files error.
Variable syntax error, misdiagnozed if other braces used. Fixed.
1.4.4
Repository error, files not being properly backed up. Fixed.
Documentation config changes.
1.4.3
AIX4 -> AIX in df.c. Typo in freespace code.
Incorrect locking of editfiles fixed. Unique names previously omitted.
Editfilesize can be set to zero to be ignored.
Class defines in required: bugfix, items not installed.
BeginGroupIfFileExists checked the wrong file!!
cdrom filesystems do not generate warnings if not immediately mountable
html files no longer distributed
Binaries are now installed in sbin instead of bin.
scripts are now installed in lib/cfengine instead of sbin
1.4.2
Timeout for reading input files (can happen during hanging NFS) could lead to
multiple cfengines being started unwillfully.
Emacs major-mode contributed by Rolf Ebert
include/exclude patterns in files fixed (broken in 1.4.0)
Broken pipe error in cfrun fixed.
Variable OutputPrefix can be used to change the default "cfengine:"
prefix on output lines.
1.4.1
Bug in parser. Trailing slashes defeat 2Dlist expansion. Fixed for tidy.
cfd rereads system clock.
Copy permission bug fixed.
File reorganization to reflect inheritance structure.
Change in cosmetic details of locking implementation.
Some manual inconsistencies fixed.
Bug in cfrun parsing comments fixed. (Missed next line)
Bug in editfiles increment pointer fixed. Decrement to before start of file
is not longer a fatal error.
Permissions on rotated files were not preserved in 1.4.0. Fixed.
Trailing dots from DNS/gethostbyname are now truncated away
Editing symbolic links, edits file instead.
Default value of IfElapsed is now zero, so that antispam locks are turned
off by default.
1.4.0
Debian systems now detected and have an additional class "debian" in addition to linux
New option "define=class1,class2" to "copy" command defines a list
of classes only if a file is copied.
This allows followup actions to be added to other sections.
Variable list iteration in shell-commands. Enhanced iteration source code.
New option in disable: size=, size=>, size=< for byte size comparisons. Files are
only disabled if the criterion is met.
Hourly classes are added to the automatic class engine: Hr00 to Hr23 can now be used.
Update messages in copy were erroneous in some cases, although copying was performed
correctly. Fixed.
Hyphens in hp-ux etc hard classes changed to underscores.
It is now possible to override the name of the network interface in the control
section of the program. This allows funny OS installations on unusual hardware
to set the net interface for a specific class.
control:
nextstep::
interfacename = ( blah0 )
New editing commands:
CommentLinesContaining,
BeginGroupIfFileIsNewer,
BeginGroupIfFileExists,
BeginGroupIfNoLineContaining,
AutoCreate
Bug in alpha/netbsd with segmentation fault in exit() repaired,
some kind of pointer misunderstanding with a null string.
New safer algorithm for copying files, first copies a modified
file to a new file on the local filesystem. When transfer is complete it is
renamed into place. This helps avoid race-conditions and problems
where copying is halted underway due to network lossage.
New debugging option d3 provides summarial info.
Timeout option in shellcommands allows timeouts after a fixed number
of seconds.
Timeouts in place for all RPC operations connected with "mount".
Sizes in disable and tidy now may specify units, bytes, kilobytes, megabytes (b,k,m)
First character significant only. e.g. size=30kilobytes is okay.
include=, exclude= patterns in file searches
Remote copying partially implemented with server daemon cfd.
Typo in tidy concatenation with multiple wildcards fixed.
Extra time classes added allowing a complete front end for cron. Additional
manual chapter on this.
copying of links without a directory reference now prepends "./"
Copying now preserves hard links where possible.
File Rotation in disable does not break file handles any more.
Copied/disabled files now back up to .cfsaved whereas edited files
back up to .cfedited, to avoid overwriting the backup in copy-then-edit
scenarios.
Checksum comparisons are now optimized by checking the number of
bytes before launching into a checksum computation.
Several new edit commands.
New locking mechanism with atomic locks which allow several cfengine's
to coexist. Also antispamming mechanisms built in.
CheckResolv reworked to avoid editing each time.
AddToFstab will add to file if fs mounted
SplayTimes added. causes cfengine to sleep a unique amount
of time for each host, up to a maximum time. Can be used to
avoid race conditions and contention.
Improved expression evaluation with parentheses.
Support for Cray. (Unsure whether these choices will match
all cray systems).
beta2:
New options -q -K for switching off locks