# # Simple cfengine configuration file # control: actionsequence = ( checktimezone files ) domain = ( example.com ) timezone = ( MET ) smtpserver = ( smtphost.example.org ) # used by cfexecd sysadm = ( me@example.com ) # where to mail output ###################################################################### files: # Check some important files /etc/passwd mode=644 owner=root action=fixall /etc/shadow mode=600 owner=root action=fixall # Do a tripwire check on binaries! /usr # Scan /usr dir owner=root,daemon # all files must be owned by root or daemon checksum=md5 # use md5 or sha recurse=inf # all subdirs ignore=tmp # skip /usr/tmp action=fixall