Integrating CFEngine with PagerDuty

In this How To tutorial we will show you can integrate with PagerDuty using the CFEngine notification dashboard.

We will create a policy that ensures file integrity, and have CFEngine notify PagerDuty whenever there is a change in the file we manage.

System requirements:  CFEngine Mission Portal – Active PagerDuty Account

1. Create the file we want to manage

Run the following command on your policy server to create the file we want to manage.

# touch /tmp/file-integrity

2. Create a new policy to manage the file

# vi /tmp/file_example.cf

Insert the following policy into /tmp/file_example.cf

bundle agent file_integrity{

files:
 any::
 "/tmp/test-integrity" -> {"PCI-DSS-2", "SOX-nightmare"}
 handle => "ensure-test-file-integrity",
 changes => change_detection;
}

body changes change_detection
{
 hash => "md5";
 update_hashes => "true";
 report_changes => "all";
 report_diffs => "true";
}

3. Ensure the policy always runs

Normally, to ensure your policy file is put into action, you would need to follow these three steps:

1) Move the policy file to your masterfiles directory (/var/cfengine/masterfiles):

Normally, to ensure your policy file is put into action, you would need to follow these three steps:

# mv /tmp/file_example.cf /var/cfengine/masterfiles/

2) Modify promises.cf to include your policy

Unless you use version control system, or has a non-standard CFEngine setup, modify your promises.cf file by adding the new bundlename and policy-file so it will be picked up by CFEngine to be included in all future runs.

#  vi /var/cfengine/masterfiles/promises.cf

a) Under the body common control, add file_integrity to your bundlesequence

bundlesequence

b) Under body common control, add file_example.cf to your inputs section.

inputs

Now, any change you manually make to the /tmp/file_integrity file will be picked up by CFEngine!

Next we need to a new service in PagerDuty which we will notify whenever a change is detected by CFEngine.

4. Create a new Service in PagerDuty

a) Go to PagerDuty.com. In your account, under Services tab, click “Add New Service”

Services_-_PagerDuty

b) Enter a name for the service and select an escalation policy. Select “Integrate via email.” Copy the integration email provided for use in CFEngine.

CFEngine-Service-Setup in PagerDuty
c) Click “Add Service”-button. Copy the integration email which we will use in CFEngine.

5. Create a new Alert in CFEngine Mission Portal

a) Go to the the CFEngine Dashboard and click “Add” button to create a new alert.

Add new Alert in CFEngine Mission Portal

b) Fill out a new alert name (File integrity demo), severity level (High) and name for the condition (File integrity demo).

New PagerDuty alert details

c) Select “Policy” under type

Different alert types

d) Select “Bundle”, type in the bundle name which is file_integrity, and finally select Repaired as the promise status. This means that whenever CFEngine needs to repair the bundle, it will create an alert notification.

Alert conditions

e) Type in the integration email defined in step 3 above in the Notifications section. Press “Save” to active the alert. Choose any name you like for the New widget. In our demo we name the widget “PagerDuty”.

Integration complete!

Send CFEngine email notification

 

5. Test it!

Now we have a made a policy to monitor the /tmp/file-integrity file. Whenever there is a change to this file, whether it be permissions or content, this will be detected by CFEngine which will send a notification to PagerDuty.

a) Make a change to the /tmp/file_integrity file on your policy server:

# vi /tmp/file_integrity

Done!

The next time CFEngine runs, it will detect the change and send an notification to PagerDuty. Go to PagerDuty and wait for an alert to be triggered.

New PagerDuty alert triggered by CFengine change detection