*

cfagent.conf

#
# Simple cfengine configuration file
#

control:

   actionsequence = ( checktimezone files )

   domain         = ( example.com )
   timezone       = ( MET )

   smtpserver     = ( smtphost.example.org )  # used by cfexecd
   sysadm         = ( me@example.com )        # where to mail output

######################################################################

files:

   # Check some important files

   /etc/passwd mode=644 owner=root action=fixall
   /etc/shadow mode=600 owner=root action=fixall

   # Do a tripwire check on binaries!

   /usr                 # Scan /usr dir

     owner=root,daemon  # all files must be owned by root or daemon
     checksum=md5       # use md5 or sha
     recurse=inf        # all subdirs
     ignore=tmp         # skip /usr/tmp
     action=fixall