Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Configuring a System
Using Distributed Systems Administration Utilities
Chapter 3 181
database, change ChecksumUpdates to “off.” At this point, any changes
to a checksum of a monitored file causes a security warning. For
example:
host1: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
host1: SECURITY ALERT: Checksum for /etc/example changed!
host1: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Disabling Use of cfengine
The csync_wizard does not have an unconfigure option to stop a system
from being a master server. To disable a master server, simply stop
cfservd:
# /sbin/init.d/cfservd stop
To prevent cfservd from starting at system startup, edit
/etc/rc.config.d/cfservd and change CSCYN_CONFIGURED to “0”.
If the csync_wizard was used to create the cfengine configuration and
add managed clients, it can be used to remove managed clients. Run the
wizard on the master server and select the “Remove a client”option. The
wizard requires that non-interactive ssh access to the managed client
has been configured as described in the section “Configuring a
Synchronization Client” on page 161. The specified client will be deleted
from cfrun.hosts, and its public key deleted from the master ppkeys
directory, and the master’s key deleted from the client’s ppkeys directory.
Logging Options
cfengine is intentionally silent about most configuration changes but
there are several configuration options to increase the verbosity of
cfengine output, as follows:
• Most cfagent.conf actions such as “copy”, “editfiles”, and
“processes”, support a syslog = true option to cause the specific
action to be logged to syslog.
• Similarly, most actions support an “inform = true”option to cause
cfagent to report any changes.
• cfagent.conf’s control section supports global “inform = (true)”
and “syslog = true”options.