Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Configuring a System
Using Distributed Systems Administration Utilities
Chapter 3180
Network Port
Usage
cfservd uses TCP port 5308 by default. You can instruct cfagent to
connect to cfservd using a different port by specifying a port in the
cfrun.hosts file. For example:
host1.abc.xyz.com # Use standard port
host2.abc.xyz.com# Use standard port
host3.abc.xyz.com:4444# Use port 4444
Also, cfengine will honor a cfengine tcp port defined in /etc/services.
Encryption In general, file transfer traffic between the master server and a managed
client is not encrypted. For many system management related
configuration files this is acceptable. For certain files, an encrypted file
transfer is desirable. The copy action in cfagent.conf has an “encrypt =
true”option to encrypt the specified file. For additional encryption
options, please refer to the cfengine reference manual located in
/opt/dsau/doc/cfengine.
Checksum Alerts cfengine has a checksum alert feature similar to Tripwire. To monitor
changes to a file’s checksum, do the following:
• Add the following stanza to
/var/opt/dsau/cfengine_master/inputs/cfagent.conf:
ChecksumUpdates = ( “on” )
•Incfagent.conf’s “files”actionsequence, add checksum = md5 or
checksum = sha options for the files to monitor. For example:
files:
class::
/etc/example
mode = 644
checksum = md5
Note that that this checksum option is different from the checksum =
true option used in the copy actionsequence. That option tells
cfengine to use checksum instead of timestamps when deciding if
files need to be copied.
cfagent creates the checksum database on the client if it does not
already exist. When ChecksumUpdates is set to “on”or “true,” then the
current checksum for the monitored files is added to or updated in the
checksum database. After this initial run to populate the checksum