'''cfengine''' [[TableOfContents]] == Cfengine °³·« == CfengineÀº À¯´Ð½º ÄÄÇ»ÅÍ ½Ã½ºÅÛ ¼³Á¤ ¹× À¯Áöº¸¼ö¸¦ ȯ»óÀûÀ¸·Î ÇØÁÖ´Â À¯¿ëÇÑ ÅøÀÌ´Ù. CfengineÀº µ¶¸³Çü(stand-alone) µµ±¸¸ðÀ½À¸·Î ¼³Á¤ ÆÄÀÏ¿¡ ÀÖ´Â ¸í·É¿¡ µû¶ó ÄÄÇ»Å͸¦ ¼³Á¤ÇÏ°í °ü¸®ÇÑ´Ù. ¼³Á¤ ÆÄÀÏÀº ½ÀµæÇؼ­ »ç¿ëÇϱ⠽¬¿î °í±Þ ¾ð¾î·Î ´Ù¾çÇÑ ½Ã½ºÅÛ ÄÄÆ÷³ÍÆ®¿¡ ÀûÇÕÇÑ ¼Ó¼ºÀ» Á¤ÀÇÇÏ°í ÀÖ´Ù(ÇÁ·Î±×·¡¹ÖÀº ÇÏÁö ¾Ê¾Æµµ µÊ). ÀÌ·± ¹æ½ÄÀ¸·Î CfengineÀº °¢°¢ÀÇ ½Ã½ºÅÛÀ» Á¤ÀÇµÈ ¼³Á¤ ½ºÆå¿¡ ¸Â°Ô ÀÚµ¿À¸·Î ¿©·¯ ½Ã½ºÅÛÀ» ¼³Á¤ÇØ ÁÙ ¼ö ÀÖ´Ù. ¶ÇÇÑ, °è¼ÓÇؼ­ ½Ã½ºÅÛÀ» °¨½ÃÇϸ鼭 ÇÊ¿ä¿¡ µû¶ó ¼³Á¤À» Á¶ÀýÇØÁÖµµ·Ï ÇÒ ¼öµµ ÀÖ´Ù. == CfengineÀ¸·Î ÇÒ ¼ö ÀÖ´Â ÀÛ¾÷ == * ³×Æ®¿öÅ© ÀÎÅÍÆäÀ̽º ¼³Á¤ * ½Ã½ºÅÛ ¼³Á¤ ÆÄÀÏ ¹× ±âŸ ÅؽºÆ® ÆÄÀÏ ÆíÁý * »ó¡Àû ¸µÅ© »ý¼º * ÆÄÀÏ ±ÇÇÑ°ú ¼ÒÀ¯ÀÚ Á¡°Ë ¹× ¼öÁ¤ * ºÒÇÊ¿äÇÑ ÆÄÀÏ »èÁ¦ * ¼±ÅÃµÈ ÆÄÀÏ ¾ÐÃà * Á¤È®ÇÏ°í ¾ÈÀüÇÑ ¹æ½ÄÀ¸·Î ³×Æ®¿öÅ©¿¡¼­ ÆÄÀÏ ¹èÆ÷ * ÀÚµ¿À¸·Î NFS ÆÄÀÏ ½Ã½ºÅÛ ¸¶¿îÆ® * ÁÖ¿ä ÆÄÀÏ ¹× ÆÄÀÏ ½Ã½ºÅÛ Á¸Àç ¿©ºÎ¿Í ¹«°á¼º È®ÀÎ * ¸í·É¾î ¹× ½ºÅ©¸³Æ® ½ÇÇà * ÇÁ·Î¼¼½º °ü¸® * º¸¾È°ü·Ã ÆÐÄ¡ ¹× À¯»çÇÑ ¼öÁ¤»çÇ× Àû¿ë À§¿Í °°Àº ´Ù¾çÇÑ ÀÛ¾÷À» ¸ðµÎ Áß¾ÓÀÇ ¼­¹ö¿¡¼­ Áß¾ÓÁýÁßÀûÀÎ ¹æ½ÄÀ¸·Î °ü¸®¸¦ ÇÒ ¼ö ÀÖ´Ù. Ŭ·¡½º¸¦ ÀÌ¿ëÇÏ¿© ƯÁ¤ È£½ºÆ®º°·Î ±×·ìÀ» ¹­À» ¼öµµ ÀÖ°í ¿î¿µÃ¼Á¦¸¦ ¹­¾î ¸í·ÉÀ» ´Ù¸£°Ô Àû¿ëÇÒ ¼öµµ ÀÖ´Ù. == ÇÁ·Î±×·¥ ±¸¼º == cfagent ·ÎÄà ½Ã½ºÅÛ¿¡ ¼³Á¤ ÆÄÀÏÀ» Àû¿ëÇÏ´Â ÁÖ¿ä À¯Æ¿¸®Æ¼ cfrun ¸®¸ðÆ® ½Ã½ºÅÛ¿¡ ¼³Á¤ ÆÄÀÏÀ» Àû¿ëÇÏ´Â À¯Æ¿¸®Æ¼ cfservd cfrunÀ» Áö¿øÇÏ´Â ¼­¹ö ÇÁ·Î¼¼½º. ¸®¸ðÆ® ½Ã½ºÅÛÀ¸·ÎºÎÅÍ Cfengine ¿¡ÀÌÀüÆ® ±â´ÉÀ» »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇØÁÜ. cfexecd ÀÛ¾÷ ½ºÄÉÁ층 ¹× º¸°í µîÀ» ÀÚµ¿È­ ÇØÁÖ´Â µ¥¸ó cfenvd ¹®Á¦ °¨Áö µ¥¸ó cfkey º¸¾È Å° »ý¼º À¯Æ¿¸®Æ¼ °¢ È£½ºÆ®º°·Î cfagent ¸¦ ÀÌ¿ëÇÏ¿© ÀÛ¾÷ÇÒ ³»¿ëÀ» ¹Ì¸® Á¤ÀÇÇسõ´Â´Ù. À̸¦ ÀÌ¿ëÇÏ¿© ¼­¹ö 1´ëº°·Î ½Ã½ºÅÛ°ü¸® ÀÛ¾÷À» ÀÚµ¿È­ÇÒ ¼ö ÀÖ´Ù. ±×·¯³ª ¿ì¸®°¡ ¿øÇÏ´Â °ÍÀº ÀÌ°ÍÀÌ ¾Æ´Ò °ÍÀÌ´Ù. Áß¾ÓÀÇ °ü¸®¼­¹ö¿¡ ÇÊ¿äÇÑ ÆÄÀÏ µîÀ» ¿Ã·Á³õ°í °¢ ¼­¹ö¿¡¼­ Áß¾ÓÀÇ °ü¸®¼­¹ö¿¡¼­ ÆÄÀÏÀ» °¡Á®¿À°Ô ÇÒ ¼öµµ ÀÖ°í Áß¾ÓÀÇ °ü¸®¼­¹ö¿¡¼­ ¿ø°ÝÀ¸·Î °¢ ½Ã½ºÅÛÀÇ cfagent ¸¦ ½ÇÇàÇÒ ¼öµµ ÀÖ´Ù. Áß¾ÓÀÇ °ü¸®¼­¹ö¿¡¼­ cfrun À» ÀÌ¿ëÇÏ¿© °¢ È£½ºÆ®¿¡ Á¢¼ÓÇÒ ¼ö°¡ Àִµ¥ À̶§ °¢ È£½ºÆ®¿¡´Â cfservd °¡ µ¹¾Æ°¡°í ÀÖÀ¸¸é µÈ´Ù. cfexecd ´Â °¢ È£½ºÆ®¿¡¼­ cron ó·³ »ç¿ëÇÏ´Â °ÍÀÌ´Ù. cfkey ´Â º¸¾È Å° »ý¼º À¯Æ¿¸®Æ¼·Î °¢ °ü¸®ÇÒ È£½ºÆ®¿¡¼­ ½ÇÇàÇÏ¸é µÈ´Ù. ÀÌ Å°¸¦ ÀÌ¿ëÇÏ¿©(°³ÀÎÅ°/°ø°³Å° ¹æ½Ä) Áß¾Ó°ü¸®¼­¹ö¿Í °¢ È£½ºÆ®°£¿¡ Åë½ÅÀ» ÇÑ´Ù. ¼­¹ö¿¡¼­´Â cfservd°¡ ¶° ÀÖ¾î¾ß ´Ù¸¥ ´ë»ó ÄÄÇ»ÅÍ¿¡¼­ ¸¶½ºÅͼ­¹öÀÇ ÆÄÀÏÀ» °¡Á®¿Ã ¼ö ÀÖ´Ù. ´Ù¸¥ ´ë»ó ÄÄÇ»ÅÍ¿¡¼­´Â ¼öµ¿À¸·Î ¶Ç´Â ÀÚµ¿À¸·Î(cfexecd ¶Ç´Â cron ÀÌ¿ë) cfagent¸¦ ½ÇÇàÇÏ¸é µÈ´Ù. == »ç¿ëÀü ÁÖÀÇ»çÇ× == °¢ È£½ºÆ®´Â hostnameÀÌ ÀÖ¾î¾ßÇÏ°í DNS lookupÀ» Çϸé ip¸¦ ¹ÝȯÇϸç ip·Î ÁúÀǸ¦ ÇÏ¸é µ¿ÀÏÇÑ hostnameÀÌ ³ª¿Í¾ßÇÑ´Ù. º¸Åë hostname-> ip´Â ³×ÀÓ¼­¹ö¿¡ ¼¼ÆÃÀ» ÇÏÁö¸¸ ip-> hostnameÀ» dns¿¡ ¼¼ÆÃÇÏÁö ¾Ê´Â °æ¿ì°¡ ¸¹Àºµ¥ ÀÌ·² °æ¿ì¿¡´Â /etc/hosts¿¡ ¸ðµç È£½ºÆ®¸íÀ» ³Ö¾îµÎ¾î¾ßÇÑ´Ù. == ¼³Ä¡ == === ¼Ò½º ¼³Ä¡ === http://www.cfengine.org/pages/download ¿¡¼­ ´Ù¿î·Îµå ¸ÕÀú md5sumÀ» ÀÌ¿ëÇØ ¼Ò½ºÇÁ·Î±×·¥ÀÇ ¹«°á¼º È®ÀÎÇÑ´Ù. ¼Ò½º¸¦ Ǭ´Ù. {{{ # ./configure --prefix=/usr/local/cfengine (±âº»Àº /usr/local ¿¡ ¼³Ä¡) # make # make check (¼¿ÇÁ Å×½ºÆ®) # make install }}} ¿©±â¼­ ¼³Ä¡½Ã µÎ°¡Áö °³¹ß°ü·Ã ÇÁ·Î±×·¥ÀÌ ÇÊ¿äÇÏ´Ù. Berkeley Database obtainable from http://www.sleepycat.com OpenSSL obtainable from http://www.openssl.org RHEL, CentOS¿¡¼­´Â db4-devel, openssl-devel ÀÌ ÇÊ¿äÇÏ´Ù. {{{ # yum -y install db4-devel openssl-devel }}} ¼³Ä¡ÆÐÅ°Áö´Â ¾Æ·¡¿Í °°´Ù. /usr/local/cfengine ¿¡ ¼³Ä¡ÇÑ´Ù. {{{ > ./sbin/cfagent > ./sbin/cfservd > ./sbin/cfrun > ./sbin/cfkey > ./sbin/cfenvd > ./sbin/cfenvgraph > ./sbin/cfexecd > ./sbin/cfshow > ./sbin/cfetool > ./sbin/cfetoolgraph > ./sbin/cfdoc 21a33,57 > ./share/cfengine > ./share/cfengine/cfengine.el > ./share/cfengine/cf.chflags.example > ./share/cfengine/cf.freebsd.example > ./share/cfengine/cf.ftp.example > ./share/cfengine/cf.groups.example > ./share/cfengine/cf.linux.example > ./share/cfengine/cf.main.example > ./share/cfengine/cf.motd.example > ./share/cfengine/cf.preconf.example > ./share/cfengine/cf.services.example > ./share/cfengine/cf.site.example > ./share/cfengine/cf.solaris.example > ./share/cfengine/cf.sun4.example > ./share/cfengine/cf.users.example > ./share/cfengine/cfservd.conf.example > ./share/cfengine/cfagent.conf.example > ./share/cfengine/cfagent.conf-advanced.example > ./share/cfengine/update.conf.example > ./share/cfengine/cfrc.example > ./share/cfengine/cfrun.hosts.example > ./share/cfengine/README > ./share/cfengine/ChangeLog > ./share/cfengine/INSTALL > ./share/cfengine/NEWS }}} === RPM ÀÌ¿ëÇϱâ === * Á» ´õ Æí¸®ÇÏ°Ô »ç¿ëÇÏ·Á¸é Ãʱâ kickstart ÀÌ¿ëÇÏ¿© ¼³Ä¡½Ã ÀÚµ¿À¸·Î cfengineÀ» ¼³Ä¡ÇÏ°í update.conf¸¦ À¥¼­¹ö µî¿¡¼­ °¡Á®¿Àµµ·Ï Çϴ°ÍÀÌ ÁÁ´Ù. * rpmfind ¿¡¼­ ã¾Æº¸¸é cfengineÀ» [ftp://rpmfind.net/linux/fedora/extras/development/SRPMS/cfengine-2.1.21-2.fc6.src.rpm rpm]À¸·Î ¸¸µé¾î³õÀº °ÍÀÌ ÀÖ´Ù. fedora ÂÊÀÇ SRPMÀ» °¡Á®´Ù°¡ RPMÀ» ¸¸µé¾î¼­ »ç¿ëÇÏ´Ï ¹®Á¦°¡ ¾øÀÌ Àß ½ÇÇàÀÌ µÇ¾ú´Ù. {{{ # cd /usr/src/redhat/SPEC # rpmbuild -ba --target i686 cfengine.spec }}} * ¹ÙÀ̳ʸ®, man page, ¹®¼­ µîÀº CentOS(Redhat) Ç¥ÁØ µð·ºÅ丮 ±¸¼ºÀ» µû¶ó°¨. Ŭ¶óÀ̾ðÆ® ¼³Á¤µð·ºÅ丮´Â À§¿Í µ¿ÀÏÇÏ°Ô /var/cfengine ÀÌ¸ç ¼³Ä¡Çϸ鼭 ÀÚµ¿À¸·Î cfkey¸¦ ÀÌ¿ëÇÏ¿© Á¢¼Ó¿¡ ÀÌ¿ëÇÒ Å°¸¦ »ý¼ºÇÑ´Ù. * ¼öµ¿À¸·Î update.conf ÆÄÀÏ °¡Á®¿Í /var/cfengine/inputs ¿¡ µÎ°í cfkey ¿¡¼­ »ý¼ºÇÑ Å°(/var/cfengine/ppkeys/localhost.pub) ¸¸ ¸¶½ºÅͼ­¹ö·Î ¿Å°ÜµÎ¸é ½ÇÇàÀÌ Àß µÈ´Ù. ¿©±â¼­ Å°¸¦ º¹»çÇÒ¶§´Â root-ip.pub ÇüÅ·Πº¹»çÇؾßÇÑ´Ù. * Æäµµ¶óÀÇ RPMÀ» ÀÌ¿ëÇÒ °æ¿ì ¹ÙÀ̳ʸ® ÇÁ·Î±×·¥Àº /usr/sbin/¿¡ ÀÖÀ¸¸ç /var/cfengine/bin/¿¡´Â /usr/sbin/cfagent¸¸ ½Éº¼¸¯ ¸µÅ©°¡ µÇ¾îÀÖ´Ù. RPMÀ» ÀÌ¿ëÇÑ´Ù¸é ±»ÀÌ ¹Ù²ÙÁö ¾Ê¾Æµµ µÇ´Â ºÎºÐÀÌÁö¸¸ ÁÖÀÇÇØ¾ß ÇÒ ºÎºÐÀ̱⿡ ¼³¸íÀ» Àû´Â´Ù. * À§ÀÇ rpmµµ yum ÀÚü ·¹ÆÄÁöÅ丮¿¡ Ãß°¡ÇسõÀ¸¸é ¼³Ä¡ ¹× °ü¸®°¡ Æí¸®ÇÒ °ÍÀÌ´Ù. [[DateTime(2006-11-07T09:01:13)]] ÇöÀç cfengine.tunelinux.pe.kr ÀÇ ÀÚü ·¹ÆÄÁöÅ丮¿¡ Ãß°¡°¡ µÇ¾îÀÖ´Ù. ¾Æ·¡¿Í °°ÀÌ ¼³Ä¡¸¦ ÇÏ¸é µÈ´Ù. {{{ # rpm -ivh http://cfengine.tunelinux.pe.kr/tune/4.4/i386/RPMS/cfengine-2.1.21-2.i686.rpm }}} == ¼¼Æà == === Ãʱⱸ¼º ¹× Å×½ºÆ® === * ¸ÕÀú ÇÁ·Î±×·¥À» ÄÄÆÄÀÏÇÏ¿© /usr/local/cfengine µð·ºÅ丮¿¡ »ý¼ºÇÏ¿´´Ù°í °¡Á¤ÇÑ´Ù. ¶Ç´Â rpm À̶ó°í ÇÏ´õ¶óµµ ÀÛ¾÷Àº °ÅÀÇ µ¿ÀÏÇÏ´Ù. * rpmÀ¸·Î ¼³Ä¡ÇÏÁö ¾ÊÀº °æ¿ì¶ó¸é ¸ÕÀú /var/cfengine µð·ºÅ丮¿Í ÇÏÀ§¿¡ inputs µð·ºÅ丮¸¦ ¸¸µç´Ù. * /var/cfengine/inputs ¿¡ cfagent.conf ÆÄÀÏÀ» ÀûÀýÈ÷ »ý¼ºÇÑ´Ù. ÀÌ ÆÄÀϸ¸ ÀÖÀ¸¸é ÀÛ¾÷Àº °¡´ÉÇÏ´Ù. ¿©±â¼­ ¿øÇÏ´Â ÀÛ¾÷À» Å×½ºÆÃÇÏ¸é µÈ´Ù. ´Ü, ¿©±â¼­´Â ·ÎÄà Çϳª¸¸ Å×½ºÆÃÀ» ÇÏ´Â °ÍÀÌ´Ù. * Å×½ºÆÃÀÌ µÇ¾úÀ¸¸é ÀÌÁ¦ ¸¶½ºÅÍ ¼­¹ö¿Í Ŭ¶óÀ̾ðÆ®¸¦ ±¸¼ºÇÏÀÚ. ¿©±â¼­ ¸¶½ºÅÍ ¼­¹ö´Â À§ÀÇ ¼³Á¤ÆÄÀÏÀ» ³Ö¾îµÎ´Â ¼­¹ö¸¦ ¸»ÇÑ´Ù. === ¸¶½ºÅͼ­¹ö±¸¼º === * /usr/local/var/cfengine/inputs µð·ºÅ丮´Â °¢ Ŭ¶óÀ̾ðÆ®¿¡¼­ ¸¶½ºÅÍ ¼­¹öÀÇ ¼³Á¤ÆÄÀÏÀ» °¡Á®¿Ã µð·ºÅ丮ÀÌ´Ù. ¹°·Ð ´Ù¸¥ µð·ºÅ丮·Î º¯°æÇÏ¿©µµ µÈ´Ù. ÀÌ À§Ä¡´Â cfservd.conf ¿¡ µé¾î°£´Ù. ¿©±â¿¡ µé¾î°¥ ÆÄÀÏÀº cfagent.conf, cfrun.hosts, cfservd.conf, update.conf ÀÏ °ÍÀÌ´Ù. cfagent.conf, update.conf ´Â ÃÖ¼ÒÇÑÀ¸·Î ÇÊ¿äÇÏ´Ù. cfservd ¸¦ ¶ç¿ì·Á¸é cfservd.conf ¼³Á¤ÀÌ ÇÊ¿äÇÏ´Ù. ¸¶½ºÅͼ­¹ö´Â ¹Ýµå½Ã cfservd °¡ µ¹¾Æ°¡¾ß ÇÑ´Ù. cfservd ¸¦ ¶ç¿ö¾ß Ŭ¶óÀ̾ðÆ®¿¡¼­ ¼­¹ö¿¡ Á¢¼ÓÇÒ ¼ö ÀÖ´Ù. * À§ÀÇ ¸¶½ºÅ͵ð·ºÅ丮´Â ¹öÀü°ü¸®¸¦ À§ÇÏ¿© CVS¸¦ ÀÌ¿ëÇÏ´Â °ÍÀÌ ÁÁ´Ù. ==== cfagent.conf ==== {{{ ################################################## # # cfagent.conf # # This is a simple file for getting started with # cfengine. It is harmless. If you get cfengine # running with this file, you can build on it. # ################################################## ### # # BEGIN cfagent.conf (Only hard classes in this file ) # ### classes: # cfengine master server master_server = ( cfengine.tunelinux.pe.kr ) # server group testingservers = ( cent.tunelinux.pe.kr cent2.tunelinux.pe.kr ) #testingservers = ( cent2.tunelinux.pe.kr ) webhosting = ( cent.tunelinux.pe.kr ) mailhosting = ( '/usr/bin/test -d /var/qmail' ) dnshosting = ( '/usr/bin/test -f /etc/named.conf' ) dnsservers = ( '/usr/bin/test -f /etc/named.conf' ) intraservers = ( cfengine.tunelinux.pe.kr intranet.tunelinux.pe.kr project.tunelinux.pe.kr ) #intra_ip_range = ( IPRange(111.112.137.1-100) ) intra_ip_range = ( IPRange(111.112.137.0/24) ) # tune servers tuneservers = ( testingservers webhosting mailhosting dnshosting intraservers intra_ip_range ) # specific server centosservers = ( '/usr/bin/test -d /usr/share/doc/centos-release-4' ) cfengineservers = ( '/usr/bin/test -f /usr/sbin/cfagent' ) yumservers = ( '/usr/bin/test -f /etc/yum.repos.d/CentOS-Base.repo' ) techlabservers = ( 111.112.137.141 techlab.tunelinux.pe.kr ) ################################################## control: domain = ( tunelinux.pe.kr ) timezone = ( MET ) smtpserver = ( localhost ) # used by cfexecd sysadm = ( joon@tunelinux.pe.kr ) # where to mail output # IfElapsed = ( 0 ) schedule = ( Hr00 ) ChecksumUpdates = ( on ) # cfengine tune repogitory master_files = ( /usr/local/var/cfengine/tune ) master_server = ( cfengine.tunelinux.pe.kr ) # html repogitory html_files = ( /var/www/html/tune ) # security check SpoolDirectories = ( /var/spool/mail /var/spool/cron ) WarnNonOwnerMail = ( true ) WarnNonUserMail = ( true ) #!techlabservers:: # NonAlphaNumFiles = ( on ) actionsequence = ( disable copy editfiles files shellcommands directories tidy processes ) ################################################## resolve: # Add these name servers to the /etc/resolv.conf file 210.220.163.82 # local nameserver 210.94.6.67 # backup nameserver ################################################## # 111.112.137 tune intra # 222.239.157 IDC monitor # 66.600.5 IDC intra editfiles: { /etc/crontab AppendIfNoSuchLine "* 0 * * * root /usr/bin/rdate -s time.bora.net && /sbin/hwclock -w" } tuneservers:: { /etc/security/access.conf AppendIfNoSuchLine "-:root:All EXCEPT LOCAL localhost.localdomain 111.112.137. 222.239.157. 66.600.5." } { /etc/pam.d/sshd AppendIfNoSuchLine "account required pam_access.so" } { /etc/vsftpd/vsftpd.conf ReplaceAll "anonymous_enable=YES" With "anonymous_enable=NO" DefineClasses "modified_ftp" } intraservers|intra_ip_range:: { /etc/aliases AppendIfNoSuchLine "root: joon@tunelinux.pe.kr" DefineClasses "modified_aliases" } centosservers:: { /etc/updatedb.conf ReplaceAll "DAILY_UPDATE=no" With "DAILY_UPDATE=yes" } tuneservers.cfengineservers:: { /etc/crontab AppendIfNoSuchLine "* 0 * * * root /usr/sbin/cfexecd -F" } intra_ip_range|testingservers:: { /etc/bashrc AppendIfNoSuchLine "alias ll='ls -alF'" } ################################################## copy: # Get a file from some trusted server, e.g. password sync # To do this, you need to use cfkey to install keys # tune yum repository tuneservers:: $(master_files)/tune.repo dest=/etc/yum.repos.d/tune.repo mode=644 server=$(master_server) # master file copy master_server:: /etc/hosts dest=$(master_files)/hosts backup=true /usr/local/var/cfengine/inputs/update.conf dest=$(html_files)/update.conf mode=644 $(master_files)/tune.repo dest=$(html_files)/tune.repo mode=644 server=$(master_server) # iptables intra_ip_range|intraservers:: $(master_files)/intra-iptables dest=/etc/sysconfig/iptables mode=600 server=$(master_server) backup=true define=modified_iptables testingservers.!master_server:: $(master_files)/hosts dest=/etc/hosts mode=644 server=$(master_server) backup=true ################################################## files: tuneservers:: # file check /tmp mode=ugo-x recurse=inf action=fixall syslog=true inform=true /var/tmp mode=ugo-x recurse=inf action=fixall syslog=true inform=true /proc mode=700 owner=root action=fixall # password /etc/passwd mode=644 owner=root action=fixall checksum=md5 syslog=true inform=true /etc/shadow mode=600 owner=root action=fixall checksum=md5 syslog=true inform=true /etc/group mode=644 owner=root action=fixall checksum=md5 syslog=true inform=true #cfengine program file cfengineservers:: /usr/sbin mode=700 owner=root action=fixall include=cf* recurse=inf ################################################## shellcommands: # security check # "/usr/bin/find /tmp/ '(' -nouser -o -nogroup ')' " tuneservers.yumservers:: "/bin/rm -f /etc/yum.repos.d/CentOS-*" tuneservers.yumservers.Sunday.Hr00:: "/usr/bin/yum clean all" modified_ftp:: "/etc/init.d/vsftpd restart" modified_iptables:: "/etc/init.d/iptables restart" modified_aliases:: "/usr/bin/newaliases && /etc/init.d/sendmail restart && /sbin/chkconfig --level 345 sendmail on" any.Hr07:: "/usr/bin/rdate -s time.bora.net && /sbin/hwclock -w" timeout=30 ################################################## directories: # /tmp mode=1777 owner=root group=root syslog=true inform=true tidy: #tuneservers.intra_ip_range:: tuneservers:: /tmp recurse=inf pattern=* age=7 rmdirs=sub syslog=true inform=true /var/tmp recurse=inf pattern=* age=7 rmdirs=sub syslog=true inform=true /home recurse=inf pat=core pat=a.out pat=*.o age=1 rmdirs=sub syslog=true inform=true # pat=*% # pat=#* disable: tuneservers:: /root/.rhosts syslog=true inform=true /etc/hosts.equiv syslog=true inform=true ################################################## processes: # "xinetd" signal=hup # "httpd" signal=kill # "cfservd" signal=hup # "cexecd" signal=hup tuneservers.cfengineservers:: "cfexecd" restart "/usr/sbin/cfexecd" "cfservd" restart "/usr/sbin/cfservd" ### # # END cfagent.conf # ### }}} control ¿¡´Â Àüü ¼³Á¤°ú °ü·ÃµÈ ³»¿ëÀÌ µé¾î°£´Ù. smtpserver, sysadm ´Â cfexecd µîÀ¸·Î ½ÇÇàÇÒ °æ¿ìÀÇ ½ÇÇà³»¿ëÀ» ¸ÞÀÏ·Î º¸³»ÁÖµµ·Ï ÇÏ´Â ¼³Á¤ÀÌ´Ù. smtp ¼­¹ö¿Í ¹ÞÀ» »ç¿ëÀÚ¸¦ ÁöÁ¤ÇÏ¸é µÈ´Ù. IfElapsed ´Â cfagent ÀÇ ½ÇÇà°ú °ü°è°¡ ÀÖÀ¸¸ç ¾Æ·¡¿¡¼­ µð¹ö±ë ºÎºÐÀ» ÂüÁ¶ÇÑ´Ù. schedule : cfexecd¸¦ ¶ç¿üÀ» °æ¿ì (cfagent¸¦ ÁÖ±âÀûÀ¸·Î ½ÇÇàÇÏ´Â ¿ªÇÒÀ» ÇÏ´Â ÇÁ·Î±×·¥ÀÓ) schedule ¿¡ ¼³Á¤µÈ ³»¿ë¿¡ µû¶ó ÁÖ±âÀûÀ¸·Î cfexecd ¸¦ ½ÇÇàÇÑ´Ù. cfexecd´Â º°µµÀÇ ¼³Á¤ÆÄÀÏÀÌ ¾øÀ¸¸ç cfagent.confÀÇ schedule ¼³Á¤À» º¸°í ½ÇÇàÀ» ÇÑ´Ù. cfexecd¸¦ ¶ç¿ö¼­ »ç¿ëÇÒ ¼öµµ ÀÖ°í cronÀ» ÀÌ¿ëÇÏ¿© ½ÇÇàÇϵµ·Ï ÇÒ¼öµµ ÀÖ´Ù. class¸¦ ÀÌ¿ëÇÏ¿© Á¤Ã¥À» ±×·ìº°·Î Àû¿ëÇÒ ¼ö ÀÖ´Ù. ¿©±â¼­ ( ) ¾ÈÀÇ È£½ºÆ®´Â /etc/hosts ÆÄÀÏÀ» ÂüÁ¶ÇÑ´Ù. ƯÁ¤ ¸í·ÉÀ» ½ÇÇàÇÑ °á°ú¸¦ °¡Áö°í ±×·ì(Ŭ·¡½º)¸¦ ³ª´­ ¼öµµ ÀÖ´Ù. /etc/hosts ÆÄÀÏ·Î ºÐ·ùÇϱâ Èûµç °æ¿ì »ç¿ëÇϸé ÁÁÀ» °ÍÀÌ´Ù. Ŭ·¡½º¾È¿¡ ´Ù¸¥ Ŭ·¡½º¸¦ ³ÖÀ» ¼öµµ ÀÖ´Ù. {{{ChecksumUpdates}}} ´Â files ¿¡ ÁöÁ¤ÇÑ ÆÄÀÏÀÇ Ã¼Å©¼¶À» üũÇÏ¿© ´Ù¸¦ °æ¿ì °æ°í¸¦ º¸¿©ÁØ´Ù. {{{NonAlphaNumFiles}}} ´Â ".. ." µî ÀÏ¹Ý ¹®ÀÚ¿¡¼­ ¹þ¾î³­ µð·ºÅ丮¸¦ üũÇÑ´Ù. (?) ¿©±â¼­ master_server ´Â ÀÓÀÇÀÇ º¯¼ö¸¦ ÁöÁ¤ÇÑ °ÍÀ¸·Î ÀÌ·¯ÇÑ ÇüÅ·Π°¢ÀÚ º¯¼ö¸¦ ¸¸µé¾î »ç¿ëÇÒ ¼ö ÀÖ´Ù. files µî¿¡¼­ syslog ´Â syslog¿¡ ÇØ´ç º¯È­³»¿ëÀ» ±â·ÏÇÏ´Â °ÍÀÌ°í inform Àº ½ºÅ©¸°À̶ó À̸ÞÀÏ·Î Á¤º¸¸¦ ¾Ë·ÁÁØ´Ù. true¿Í onÀÇ Â÷ÀÌÁ¡Àº ¸Å´º¾óÀ» ºÁµµ Àß ¸ð¸£°Ú´Ù. ==== cfservd.conf ==== {{{ ######################################################### # # This is a cfd config file # # The access control here follows after any tcpd # control in /etc/hosts.allow and /etc/hosts.deny # ######################################################### # # Could import cf.groups here and use a structure like # in cfengine.conf, cf.main, cf.groups # control: domain = ( tunelinux.pe.kr ) AllowUsers = ( root ) linux:: cfrunCommand = ( "/var/cfengine/bin/cfagent" ) any:: # ChecksumDatabase = ( /tmp/testDATABASEcache ) IfElapsed = ( 1 ) MaxConnections = ( 30 ) # access control Split = ( " " ) hostlist = ( "111.112.137 222.239.157 66.600.5" ) # hostlist = ( "111.112.137.162" ) dirs = ( "inputs tune" ) base = ( /usr/local/var/cfengine ) ######################################################### admit: # or grant: $(base)/$(dirs) $(hostlist) # /usr/local/var/cfengine/inputs * # /usr/local/var/cfengine/tune * }}} cfservd.conf´Â cfservd¿¡ ÇÊ¿äÇϸç Á¢±ÙÇÒ ¼ö ÀÖ´Â ±ÇÇÑÀ» ¼³Á¤ÇÑ´Ù. AllowUsers ºÎºÐÀÌ ¾÷À¸¸é cfrun ÀÌ ½ÇÇàÀÌ µÇÁö ¾Ê¾Ò´Ù. admit Àº Á¢±Ù±ÇÇѼ³Á¤À» ÇÏ´Â ºÎºÐÀÌ´Ù. ==== update.conf ==== {{{ ####################################################### # # cf.update - for iu.hio.no # ####################################################### ### # # BEGIN cf.update # ### ####################################################################### # # This script distributes the configuration, a simple file so that, # if there are syntax errors in the main config, we can still # distribute a correct configuration to the machines afterwards, even # though the main config won't parse. It is read and run just before the # main configuration is parsed. # ####################################################################### control: actionsequence = ( copy processes tidy ) # Keep this simple and constant domain = ( tunelinux.pe.kr ) # Needed for remote copy # # Which host/dir is the master for configuration roll-outs? # policyhost = ( cfengine.tunelinux.pe.kr ) master_cfinput = ( /usr/local/var/cfengine/inputs ) AddInstallable = ( new_cfenvd new_cfservd ) # # Some convenient variables # workdir = ( /var/cfengine ) linux:: cf_install_dir = ( /usr/local/cfengine/sbin ) ################################################################### # # Spread the load, make sure the servers get done first though # ################################################################### !AllBinaryServers:: SplayTime = ( 1 ) ############################################################################ # # Make sure there is a local copy of the configuration and # the most important binaries in case we have no connectivity # e.g. for mobile stations or during DOS attacks # copy: $(master_cfinput) dest=$(workdir)/inputs r=inf mode=700 type=binary exclude=*.lst exclude=*~ exclude=#* server=$(policyhost) trustkey=true ##################################################################### tidy: # # Cfexecd stores output in this directory. # Make sure we don't build up files and choke on our own words! # $(workdir)/outputs pattern=* age=7 ##################################################################### processes: new_cfservd:: "cfservd" signal=term restart /usr/sbin/cfservd new_cfenvd:: "cfenvd" signal=kill restart "/usr/sbin/cfenvd -H" ### # # END cf.update # ### }}} update.conf´Â cfagent ¿¡¼­ ¸¶½ºÅͼ­¹ö¿¡ Á¢±ÙÇϱâ À§Çؼ­ ÇÊ¿äÇÑ ¼³Á¤ÀÌ´Ù. ¿©±â¼­ ÁöÁ¤ÇÑ ¼­¹ö¿Í µð·ºÅ丮¿¡¼­ ÇÊ¿äÇÑ ÆÄÀÏÀ» °¡Á®¿Â´Ù. === Ŭ¶óÀ̾ðÆ® ±¸¼º === * ÀÌÁ¦ Ŭ¶óÀ̾ðÆ®¿¡ ÇÁ·Î±×·¥À» ¼³Ä¡ÇؾßÇϴµ¥ µ¿ÀÏÇÑ OS¿¡ µ¿ÀÏÇÑ ¹öÀüÀÌ¸é ¾Õ¿¡¼­ ÄÄÆÄÀÏÇÑ ÇÁ·Î±×·¥À» »ç¿ëÇÏ¿©µµ µÈ´Ù. /usr/local/cfengine/sbin µð·ºÅ丮ÀÇ ÆÄÀÏÀ» /var/cfengine/bin À¸·Î º¹»çÇÏ¸é µÈ´Ù. * /var/cfengine µð·ºÅ丮¿¡ ¸ðµç ¼³Á¤ÆÄÀÏ°ú ¹ÙÀ̳ʸ® ÆÄÀÏÀ» ³õ´Â´Ù. ¼³Á¤ÆÄÀÏÀº inputs, ¹ÙÀ̳ʸ®ÆÄÀÏÀº bin µð·ºÅ丮¿¡ ³ÖÀ¸¸é µÉ °ÍÀÌ´Ù. ´Ù¸¥ ¼³Á¤ÆÄÀÏÀº ÀÚµ¿À¸·Î °¡Á®¿À¸é µÇ¹Ç·Î /var/cfengine/inputs/update.conf ÆÄÀϸ¸ ¸ÕÀú º¹»ç¸¦ ÇÏ°í cfkey¸¦ ÀÌ¿ëÇÏ¿© Å° »ý¼ºÈÄ °ø°³Å°¸¦ ¸¶½ºÅͼ­¹ö¿¡ º¹»çÇÏ¿©³õ´Â´Ù. * rpmÀ¸·Î ¼³Ä¡ÇÏ´Â °æ¿ì¿¡´Â ÇÁ·Î±×·¥À» ¼³Ä¡ÇÏ°í ÀÚµ¿À¸·Î cfkey¸¦ ÀÌ¿ëÇÏ¿© Å°±îÁö »ý¼ºÇÑ´Ù. Å°º¹»ç ¹× update.conf ¸¦ ¸¶½ºÅͼ­¹ö¿¡ º¹»ç¸¸ ÇÏ¸é µÈ´Ù. {{{ [root@localhost cfengine]# mkdir -p /var/cfgneine/inputs [root@localhost cfengine]# mkdir -p /var/cfengine/bin [root@localhost cfengine]# cd /var/cfengine/bin [root@localhost cfengine]# scp cent.tunelinux.pe.kr:/usr/local/cfengine/sbin/* . [root@localhost cfengine]# scp cent.tunelinux.pe.kr:/usr/local/var/cfengine/inputs/update.conf /var/cfgneine/inputs }}} * cfkey ÇÁ·Î±×·¥À» ÀÌ¿ëÇÏ¿© Å°¸¦ »ý¼ºÇÑ´Ù. {{{ [root@localhost cfengine]# cfkey Making a key pair for cfengine, please wait, this could take a minute... Writing private key to /var/cfengine/ppkeys/localhost.priv Writing public key to /var/cfengine/ppkeys/localhost.pub }}} * Ŭ¶óÀ̾ðÆ®ÀÇ Å°¸¦ ¼­¹öÀÇ /var/cfengine/ppkeys/root-ip.pub ÀÇ ÇüÅ·Πº¹»çÇسִ´Ù. cfservd ÀÇ ¼³Á¤ÆÄÀÏ¿¡¼­ AllowUsers = ( root ) ¶ó´Â Ç׸ñÀÌ ÀÖ¾î¾ß ³ªÁß¿¡ cfrunÀÌ ½ÇÇà°¡´ÉÇÏ´Ù. À̶§¹®¿¡ ¾à°£ÀÇ ½Ã°£À» ¼Ò¸ðÇÏ¿´´Ù. ¶ÇÇÑ cfservd ¼³Á¤¿¡¼­ admin ¼³Á¤µîÀÌ Á¦´ë·Î µÇ¾î ÀÖ¾î¾ß ÇÑ´Ù. {{{ [root@localhost cfengine]# scp /var/cfengine/ppkeys/localhost.pub cent.tunelinux.pe.kr:/var/cfengine/ppkeys/root-111.112.137.140.pub [root@mytest inputs]# ll /var/cfengine/ppkeys/ ÇÕ°è 24 drwx------ 2 root root 4096 10¿ù 10 16:05 ./ drwxr-xr-x 9 root root 4096 10¿ù 19 13:58 ../ -rw------- 1 root root 1743 10¿ù 10 15:15 localhost.priv -rw------- 1 root root 426 10¿ù 10 15:15 localhost.pub -rw------- 1 root root 426 10¿ù 19 14:39 root-111.112.137.140.pub -rw------- 1 root root 426 10¿ù 10 15:28 root-111.112.137.162.pub }}} * ÀÌÁ¦ client ¿¡¼­ cfagent ¸¦ ½ÇÇàÇÏ¸é ¸¶½ºÅÍ ¼­¹ö¿¡¼­ cfagent.conf cfrun.hosts cfservd.conf ÆÄÀÏÀ» ÀÚµ¿À¸·Î °¡Á®¿Í ÇÊ¿äÇÑ ÀÛ¾÷À» ¼öÇàÇÑ´Ù. {{{ [root@mytest inputs]# cfagent -q -v (-q ¿É¼ÇÀº µô·¹À̾øÀÌ ¹Ù·Î ½ÇÇà¿É¼Ç) }}} * cfservd ´Â À§¿¡¼­´Â ¸¶½ºÅÍ¿¡¸¸ ¶ç¿üÁö¸¸ ¸¶½ºÅÍ ¼­¹ö¿¡¼­ °¢ Ŭ¶óÀ̾ðÆ®¿¡ Á¢¼ÓÇÏ¿© cfagent ¸¦ ½ÇÇàÇÏ·Á¸é °¢ Ŭ¶óÀ̾ðÆ®¿¡µµ ¶ç¿öÁ® ÀÖ¾î¾ß ÇÑ´Ù. cfservd´Â µÎ°¡Áö ±â´ÉÀ» ÇÏ´Â °ÍÀÌ´Ù. ¸¶½ºÅͼ­¹ö¿¡¼­ ÆÄÀϼ­¹ö±â´É, Ŭ¶óÀ̾ðÆ®¿¡¼­ ¿ø°ÝÁ¢¼Ó ½ÇÇà±â´É. * Æí¸®ÇÏ°Ô »ç¿ëÀ» ÇÏ·Á¸é óÀ½ °¢ Ŭ¶óÀ̾ðÆ®¿¡ ¼³Ä¡½Ã ÀÚµ¿À¸·Î /var/cfengine µð·ºÅ丮¸¦ ¸¸µé°í ¸¶½ºÅͼ­¹ö¿¡¼­ update.conf ÆÄÀÏÀ» °¡Á®¿Àµµ·Ï ÇÏ°í Ŭ¶óÀ̾ðÆ®¿¡¼­ cfkey¸¦ »ý¼ºÇÏ¿© ¸¶½ºÅͼ­¹ö·Î º¹»çÇØÁÖ´Â ½ºÅ©¸³Æ®¸¦ Â¥³õÀ¸¸é ÀÚµ¿È­°¡ °¡´ÉÇÏ´Ù. === µð¹ö±ëÇϱâ === * cfservd ¿¡ -d2 ¿É¼ÇÀ» ÁÖ¸é µð¹ö±ë ¸ðµå·Î ¿î¿µÀÌ µÈ´Ù. ¿©±â¼­ ³ª¿À´Â »ó¼¼ÇÑ ¸Þ½ÃÁö¸¦ Âü°íÇÑ´Ù. * cfagent ¸¦ ½ÇÇàÇÒ ¶§ --dry-run (¶Ç´Â -n) ¿É¼ÇÀ» ÁÖ¸é ½ÇÁ¦ ½ÇÇàÀÌ µÇÁö ¾Ê°í ¾î¶°ÇÑ ÀÛµ¿À» ÇÏ´ÂÁö º¸¿©ÁØ´Ù. -v ¿É¼ÇÀ» ÁÖ¸é »ó¼¼ÇÑ ³»¿ëÀ» º¸¿©ÁØ´Ù. cfengineÀº ±âº»ÀûÀ¸·Î´Â 1ºÐ¿¡ Çѹø ÀÌ»ó ½ÇÇàÇÏÁö ¾Êµµ·Ï µÇ¾îÀÖÀ¸¸ç Ãʱâ Å×½ºÆÃÀ» ÇÒ¶§´Â ºÒÆíÇÑ ±â´ÉÀÌ´Ù. ÀÌ°æ¿ì cfagent.conf ¿¡¼­ IfElapsed ¸¦ 0À¸·Î ÇØÁØ´Ù. -q ¿É¼ÇÀº ½ÇÇàÇϱâ Àü¿¡ ¾à°£ÀÇ ½Ã°£À» ±â´Ù¸®´Â °ÍÀ» ÇÏÁö¸»¶ó´Â °ÍÀÌ´Ù. Ãß°¡¿É¼ÇÀ¸·Î´Â -K ¶ôÆÄÀÏÀ» ¹«½Ã, -DInit ´Â ³×Æ®¿öÅ© ÀÎÅÍÆäÀ̽º¸¦ Àá½Ã off, on Çϸç ÆÄÀ̾î¿ùÀ» ¼¼ÆÃÇÏ°í Áö³­ ¼³Á¤Á¤º¸¸¦ Áö¿ì´Â ¿É¼ÇÀÌ´Ù. === µð·ºÅ丮 ±¸Á¶ === * ¸¶½ºÅͼ­¹ö /usr/local/var/cfengine/inputs : °¢ Ŭ¶óÀ̾ðÆ®¿¡¼­ °øÀ¯ÇÒ ¼³Á¤ÆÄÀÏ. cfservd.conf ¿¡¼­ ÁöÁ¤ÇÏ¸ç ´Ù¸¥ µð·ºÅ丮·Î ¹Ù²Ù¾îµµ »ó°ü¾ø´Ù. /usr/local/cfengine : Ãʱ⠼³Ä¡½Ã ¹ÙÀ̳ʸ® ÆÄÀÏ. ¼Ò½º·Î ¼³Ä¡ÇÒ °æ¿ì¿¡´Â °¢ÀÚ ´Ù¸¦ °ÍÀ̸ç rpmÀ¸·Î ¼³Ä¡ÇÏ´Â °æ¿ì¿¡´Â rpm À§Ä¡¿¡ µû¶ó ´Ù¸¦ °ÍÀÌ´Ù. * Ŭ¶óÀ̾ðÆ® /var/cfengine/bin : ¹ÙÀ̳ʸ® ÆÄÀÏ /var/cfengine/inputs : °¢ ¼³Á¤ÆÄÀÏ ¹× ¹ÙÀ̳ʸ® ÇÁ·Î±×·¥ /var/cfengine/ppkeys : Å°ÆÄÀÏ µð·ºÅ丮 ³ª¸ÓÁö µð·ºÅ丮´Â ÀÚµ¿À¸·Î »ý±â´Â °ÍÀÓ {{{ [root@localhost cfengine]# tree -d /var/cfengine/ /var/cfengine/ |-- bin |-- inputs |-- modules |-- ppkeys |-- ppkeys1 |-- rpc_in |-- rpc_out `-- state }}} === cfrun === ¸¶½ºÅͼ­¹ö¿¡¼­ ¿ø°ÝÀ¸·Î ¿©·¯°¡Áö ¸í·ÉÀ» ½ÇÇàÇÏ´Â °ÍÀÌ´Ù. ¸¶½ºÅÍ¿¡¼­ °¢ ¼­¹ö·Î ½ÇÇàÀ» ÇÏ´Â push ¹æ½ÄÀÌ´Ù. ÀÌ ÇÁ·Î±×·¥À» ½ÇÇàÇÏ·Á¸é cfrun.hosts ÆÄÀÏÀÌ ÇÊ¿äÇϸç /var/cfengine/inputs ¿¡ ³Ö¾îµÎ¸é µÈ´Ù. ¶ÇÇÑ °¢ È£½ºÆ®¿¡´Â cfservd°¡ ¶° ÀÖ¾î¾ßÇÑ´Ù. cfservd°¡ ¸¶½ºÅÍ¿¡ ¶° ÀÖÀ»¶§´Â °¢ Ŭ¶óÀ̾ðÆ®¿¡¼­ Á¢¼ÓÀ» ÇÒ ¼ö ÀÖµµ·Ï ÇÏ´Â ¿ªÇÒÀÌÁö¸¸ cfrunÀ» ÀÌ¿ëÇÒ °æ¿ì¿¡´Â °¢ ´ë»ó ÄÄÇ»ÅÍ¿¡ ´ë¸óÀÌ ¶° ÀÖ¾î¾ß ÇÑ´Ù. {{{ # cat cfrun.hosts domain=tunelinux.pe.kr cent.tunelinux.pe.kr cent2.tunelinux.pe.kr }}} ¾Æ¹« ÀÎÀÚ¾øÀÌ cfrun À» ½ÇÇàÇϸé ÀÚµ¿À¸·Î cfrun.hosts ÆÄÀÏÀ» Àоîµé¿© °¢ ½Ã½ºÅÛ¸¶´Ù cfagent¸¦ ½ÇÇàÇÑ´Ù. È­¸é¿¡¼­´Â ½ÇÁ¦ Àû¿ëµÈ ºÎºÐ¸¸ °£´ÜÇÏ°Ô º¸¿©ÁØ´Ù. ¾Æ·¡´Â ÀϺη¯ cent2 ÀÇ /etc/crontab, /etc/security/access.conf ÆÄÀÏÀ» ¼öÁ¤ÇÑ °ÍÀÌ´Ù. {{{ # cfrun cfrun(0): .......... [ Hailing cent.tunelinux.pe.kr ] .......... cfrun(0): .......... [ Hailing cent2.tunelinux.pe.kr ] .......... - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - cfengine:cent2: Saving edit changes to file /etc/crontab cfengine:cent2: Saving edit changes to file /etc/security/access.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - }}} == Âü°í»çÇ× == === Ŭ·¡½º === * Ŭ·¡½º¸¦ Àß È°¿ëÇÏ¿© ±×·ìº°·Î Á¤Ã¥À» Àû¿ëÇÒ ¼ö ÀÖ´Ù. * ±âÁ¸ ³»ÀåµÈ Ŭ·¡½º°¡ ÀÖÀ¸¸ç architecture, hostname, ip, os, date, time µîÀÌ ÀÖÀ½. * Ŭ·¡½ºÈ®ÀÎÇϱâ : cfagent -p -v | grep -i define ¸í·ÉÀ» ÀÌ¿ëÇÑ´Ù. * ÀÌ¹Ì ¼³Á¤µÈ Ŭ·¡½º´Â ¸î°¡Áö Ä«Å×°í¸®·Î ³ª´©¾îÁø´Ù. Operating System, Kernel, Architecture, Hostname, IP Address, Date/Time * ¸ðµç ½Ã½ºÅÛÀº any Ŭ·¡½ºÀÇ È¸¿øÀÌ´Ù. {{{ # cfagent -p -v | grep -i define Additional hard class defined as: 32_bit Additional hard class defined as: linux_2_6_9_42_0_3_EL Additional hard class defined as: linux_i686 Additional hard class defined as: linux_i686_2_6_9_42_0_3_EL Additional hard class defined as: linux_i686_2_6_9_42_0_3_EL__1_Fri_Oct_6_05_59_54_CDT_2006 Defined Classes = ( 222_112_137 222_112_137_162 32_bit DNSservers Day3 Friday Hr18 Hr18_Q2 INTRAservers MAILservers Min25_30 Min27 November Q2 WWWservers Yr2006 addr_ allservers any c1 call cent cent_tunelinux_pe_kr centos centos_4 centos_4_4 cfengine_2 cfengine_2_1 cfengine_2_1_21 cfengineservers compiled_on_linux_gnu dnsservers fe80__20c_29ff_fe14_2f08 i686 ipv4_222 ipv4_222_112 ipv4_222_112_137 ipv4_222_112_137_162 kr linux linux_2_6_9_42_0_3_EL linux_i686 linux_i686_2_6_9_42_0_3_EL linux_i686_2_6_9_42_0_3_EL__1_Fri_Oct_6_05_59_54_CDT_2006 net_iface_eth0 net_iface_lo pe_kr redhat tunelinux_pe_kr ) }}} * »ç¿ëÀÚ°¡ ÁöÁ¤Çϴ Ŭ·¡½ºÀÇ ¸î°¡Áö ¿¹Á¦ {{{ c1 = ( cent.tunelinux.pe.kr ) mailservers = ( '/usr/bin/test -d /var/qmail' ) dnsservers = ( '/usr/bin/test -f /etc/named.conf' ) cfengineservers = ( '/usr/bin/test -f /usr/sbin/cfagent' ) yumservers = ( '/usr/bin/test -f /etc/yum.repos.d/CentOS-Base.repo' ) allservers = ( c1 c2 mailservers dnsservers cfengineservers yumservers ) }}} === ÁÖÀÇ»çÇ×, »ç¿ëÇϸ鼭 À̽´°¡ µÇ¾ú´ø »çÇ× === * reverse dns ÁúÀÇ : ƯÁ¤¼­¹ö¿¡ DNS¿¡ µî·ÏµÇ¾îÀÖÁö ¾ÊÀº °æ¿ì class¿¡ ip¸¦ ³ÖÀ¸¸é Àû¿ëÀÌ µÇÁö ¾Ê¾ÒÀ½. ÇØ´ç ¼­¹ö¿¡ µµ¸ÞÀθíÀ» ¼³Á¤ÇØÁÖ°í Ŭ·¡½º¿¡¼­µµ È£½ºÆ®¸íÀ» ³Ö¾îÁØ ´ÙÀ½ cfengine Áß¾Ó ¸¶½ºÅͼ­¹ö¿¡¼­ /etc/hosts¿¡ ÇØ´ç µµ¸ÞÀÎÀ» Ãß°¡ÇØÁÖ´Ï Å¬·¡½º ±¸ºÐÀÌ ÀÛµ¿À» ÇÏ¿´À½. °¡±ÞÀû DNSµî·ÏÇÏ´Â°Ô °¡Àå Æí¸®ÇÏ°ÚÁö¸¸ DNSµî·ÏÀ» ÇÏÁö ¾Ê´Â °æ¿ì ÀÓÀÇÀÇ È£½ºÆ®¸íÀ» ¼³Á¤ÇØÁÖ°í cfengine ¼­¹ö¿¡¼­ /etc/hosts ÆÄÀÏ¿¡ ³Ö¾îÁÖ´Â°Ô ÁÁÀ»°ÍÀÓ. ¾Æ·¡´Â DNS¿¡ µî·ÏµÇÁö ¾ÊÀº È£½ºÆ®³×ÀÓÀ¸·Î cfengine ¼­¹ö¿¡ Á¢¼ÓÇÑ °æ¿ìÀÓ. {{{ Nov 10 11:33:15 mirrot cfservd[9610]: Unable to lookup hostname (techlab.tunelinux.pe.kr) or cfengine service: Name or service not known }}} {*} ÀÌ·² °æ¿ì IPRange ¸¦ ÀÌ¿ëÇϸé Æí¸®ÇÔ. ip´ë¿ªÀ» ÁöÁ¤ÇÏ¸é µÊ. ÀÌ°æ¿ì¿¡´Â dns µî·ÏÀ» ÇÏÁö ¾Ê¾Æµµ ±¦Âú¾ÒÀ½. * Á¢±Ù±ÇÇÑ°ü¸® : cfservd.conf ¿¡¼­ admit À¸·Î Á¢±ÙÇÒ ¼ö ÀÖ´Â ip¸¦ Á¦ÇÑÇÔ. SkipVerify, /etc/hosts ÆÄÀÏ µî·Ï°ú´Â »ó°üÀÌ ¾øÀ½. * cfservd ¿¡¼­ split ¸¦ ÀÌ¿ëÇÏ¿© Á¢±Ù±ÇÇÑÀ» ½±°Ô ¼³Á¤ÇÒ ¼ö ÀÖÀ½ * ÆÄÀϺ¹»ç : ¼­¹öÀÇ ÆÄÀÏ°ú ŸÀÓ½ºÅÆÇÁ ºñ±³ÇÏ¿© º¹»ç¸¦ ÇÔ. Ŭ¶óÀ̾ðÆ®¿¡¼­ ¼öÁ¤Çß´Ù°í ÇÏ´õ¶óµµ ¼­¹ö¿¡¼­ ¼öÁ¤ÇÏÁö ¾Ê¾ÒÀ¸¸é º¹»ç°¡ µÇÁö ¾ÊÀ½ * cfservd, cfexecd ´Â cfagent.conf ¿¡¼­ ÁöÁ¤ÇÏ¿© °è¼Ó ¶°ÀÖµµ·Ï ÇÔ * cfagent ¸¦ cron¿¡ µî·ÏÇÏ¿© ÀÏÁ¤½Ã°£ °£°ÝÀ¸·Î(¿¹: 1ȸ/1½Ã°£) ½ÇÇàÇϵµ·Ï ÇÏ¿© cfservd/cfexecd ÇÁ·Î¼¼½º¸¦ üũÇÔ * rpm À¸·Î ¼³Ä¡ÇÑ °æ¿ì¿¡´Â ¹ÙÀ̳ʸ® ÆÄÀÏÀÌ /usr/bin Àΰ¡ À§Ä¡Çؼ­ /var/cfengine/bin µð·ºÅ丮·Î ½Éº¼¸¯ ¸µÅ©(¹Ýµå½Ã ÇÊ¿äÇÑ °ÍÀº ¾Æ´Ô) * cfagent.conf ¿¡¼­ smtp ¼­¹ö¸¦ ÀÌ¿ëÇÏ¿© cfexecd ¿¡¼­ ½ÇÇàÇÑ °æ¿ì ¸ÞÀÏ·Î º¸³»µµ·Ï ÇÒ ¼ö ÀÖÀ½. º¸°í±â´É * cfagent.conf ÀÇ control ¿¡¼­ ChecksumUpdates ¸¦ ÁöÁ¤Çسõ°í files ¿¡¼­ checksum ¸¦ ÁöÁ¤ÇسõÀ¸¸é üũ¼¶ °Ë»çÇÔ. * /tmp µð·ºÅ丮¿¡¼­´Â /etc/fstab ¿¡ noexec¸¦ »ç¿ëÇÏ´Â ´ë½Å »ç¿ëÀÚ, ±×·ì, others ¿¡°Ô ½ÇÇà±ÇÇÑÀÌ ÀÖ´Â ÆÄÀÏÀ» ÀÚµ¿À¸·Î ½ÇÇà±ÇÇÑÀ» ¾ø¾Öµµ·Ï ÇÏ¿´À½. /tmp ¿¡¼­ ½ÇÇà±ÇÇÑÀÌ ÀÖ´Â ÇÁ·Î±×·¥Àº Å©·¡Å·ÀÇ °¡´É¼ºÀÌ ³ôÀ½ * files, tidy, copy µî¿¡¼­ ÁöÁ¤ÇÑ µð·ºÅ丮´Â ÀϹÝÆÄÀϸíÀÌ ¾Æ´Ñ .. µîÀ¸·Î ½ÃÀÛÇÏ´Â ÆÄÀÏÀ» °Ë»çÇÔ. control ¿¡¼­ NonAlphaNumFiles ¸¦ ÇسõÁö ¾Ê¾Æµµ µÇ¸ç NonAlphaNumFiles ¸¦ Çϸé ÀÚµ¿À¸·Î ¾ËÆĺªÀÌ ¾Æ´Ñ ÆÄÀÏÀ» º¯°æÇعö¸®±â ¶§¹®¿¡ {*} Çѱۿ¡¼­ ¹®Á¦°¡ »ý±è. * files ¿¡¼­´Â ÇÏÀ§µð·ºÅ丮¸¦ ÁöÁ¤Çصµ ÆÄÀÏ¿¡¸¸ ¿µÇâÀ» ÁÜ. directories ¿ÍÀÇ Â÷ÀÌÁ¡Àº directories ´Â µð·ºÅ丮 »ý¼º¿¡ »ç¿ëÇÔ. == Âü°íÀÚ·á == * http://www.cfengine.org/ cfengine »çÀÌÆ® * °ü·Ã¸Å´º¾ó : À§ÀÇ »çÀÌÆ®¿¡¼­ Æ©Å͸®¾óÀº ¼¼ÆÃÇÏ´Â ¹æ¹ý ¹× »ç¿ë¹ý¿¡ ´ëÇÏ¿© ·¹ÆÛ·±½º´Â °³º° ÇÁ·Î±×·¥ÀÇ »ó¼¼ÇÑ »ç¿ë¹ý¿¡ ´ëÇؼ­ ³ª¿ÍÀÖ´Ù. ·¹ÆÛ·±½º ¸Å´º¾ó¿¡¼­ ¼³Á¤ÆÄÀÏ ¿¹Á¦°¡ ÀÖÀ¸¸ç À̸¦ Âü°íÇÏÀÚ. ¿©±âÀÇ ¼³Á¤ÆÄÀÏ ¿¹Á¦´Â Ãʱâ ÇÁ·Î±×·¥ ¼³Ä¡½Ã share/ µð·ºÅ丮¿¡µµ »ý¼ºÀÌ µÈ´Ù. * Automating UNIX and Linux Administration ¼­Àû http://tunelinux.pe.kr/gboard/bbs/board.php?bo_table=link_book&wr_id=59 * ½Ã½ºÅÛ°ü¸®ÀÇ ÇÙ½É °³Á¤ 3ÆÇ 14Àå °ü¸® ÀÛ¾÷ ÀÚµ¿È­ (ÇѺû³×Æ®¿öÅ©¿¡ °£´ÜÇÑ ³»¿ëÀÌ ÀÖÀ¸³ª Ã¥¿¡ ÀÖ´Â ³»¿ëÀÓ) * http://network.hanbitbook.co.kr/view.php?bi_id=644 ÇѺû³×Æ®¿öÅ© °­Á ½Ã½ºÅÛ °ü¸®¿ë ¿ÀÇ ¼Ò½º ÆÐÅ°Áö Åé 5: Á¦5Æí Cfengine * À©µµ¿ìÁî¿¡¼­µµ È°¿ëÀÌ °¡´ÉÇϸç http://www.cfengine.org/confdir/nt-howto.html ³»¿ëÀ» Âü°í·Î ÇÏ¿© ¼³Ä¡ÇÑ´Ù. ¸ÕÀú cygwin À» ¼³Ä¡ÇؾßÇÑ´Ù. ---- Contributor: ¹®ÅÂÁØ (http://tunelinux.pe.kr http://database.sarang.net)