Show posts tagged:

Show notes: The agent is in - Episode 24 - Pretty printer (cffmt) demo with Miek Gieben

Tired of hand crafting policy and arguing with people about spacing and alignment? Longing for regularity and easier scanning of your policy no matter who wrote it? Cody, Craig and Nick wrap up the second year of The agent is in with Miek Gieben, CFEngine Community user and author of cffmt, a formatted written in go for CFEngine policy files. Check out the discussion about opinionated formatting, possible future developments and other tooling to improve qualify of life as a CFEngineer.

Posted by Nick Anderson
April 27, 2023

Show notes: The agent is in - Episode 22 - Hackathon: Termux Services

Have a burning desire to run sshd or another service on your VR headset? Cody, Craig and Nick do time-boxed live hackathon working on developing CFEngine services promise type support for Termux. Watch Nick and Craig race to implement basic services support before the timer buzzes. Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees.

Posted by Nick Anderson
February 23, 2023

Guest blog post: Don't use your distro's package manager

I have stopped using my Linux distro’s package manager, and you should, too. Maybe I should clarify that. I don’t install software with my distro’s package manager any more. I still upgrade my system. I became influenced by a few different factors. Top among these is something required in certain industries called a change advisory board or committee. This requirement says that changes to production computers have to be reviewed and approved by all stakeholders in that computer’s operations.

Posted by Jeff Carlson
January 23, 2023

5 security hardening CFEngine policy examples

Throughout the security holiday calendar, we’ve looked at modules for enforcing security requirements. Writing the policy to achieve these security hardening goals is easy. By learning how, you can write policy (or modules) for any requirements, including those specific to your organization. In this blog post, we’ll take a look at five beginner-level examples to get you started, focusing on the most common resources to manage with CFEngine; files and packages.

December 19, 2022

Change in behavior: Directories are now created with 700 instead of 755

In the upcoming release of CFEngine 3.21.0 there is a change in behavior with respect to default permissions of created directories. From 3.21.0 and later directories will be created with read, write, execute permissions only for the file owner. No permissions are granted for group or other. This change improves the default security posture to make sure that only the user executing CFEngine (typically root) will have access to content in newly created directories.

Posted by Nick Anderson
December 16, 2022

Show notes: The agent is in - Episode 18 - Policy examples

Do you know how to use every function available in CFEngine? Join Cody, Craig, Herman to see how Nick uses org-mode, org-roam, and ob-cfengine3 to manage his personal collection of CFEngine Function Examples. Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion. Notes Live coded examples for the following functions:

Posted by Nick Anderson
October 27, 2022

Extending autorun

What’s autorun? Autorun is a feature of the Masterfiles Policy Framework (MPF)1 that simplifies the process of adding and executing new policy. We have talked about Modular policies with autorun and the Augments before. This time, we dig into autorun a bit deeper to explore some of its current features and look at how to implement your own as we did during The agent is in, Episode 15 - Extending autorun

Posted by Nick Anderson
August 11, 2022

Show notes: The agent is in - Episode 15 - Extending autorun

How can I run my own bundles automatically, like autorun from the MPF (Masterfiles Policy Framework), but with different logic? Cody Valle (Head of community), Criag Comstock (Digger), Ole Herman Elgesem (Product Manager) and Nick Anderson (Doer of Things) review the existing capabilities and limitations of autorun in the MPF. After reaching the limits offered by the stock framework they explore implementing a custom autorun, for example recursively finding policy files or only including policy files with associated enablement classes.

Posted by Nick Anderson
July 28, 2022

The agent is in - Episode 12 - Spacemacs for CFEngine

Looking to be more efficient writing CFEngine policy? Nick Anderson (Doer of Things) walks us through setting up Spacemacs for CFEngine. Get syntax highlighting, on the fly error checking, function prototypes, integration with the venerable org-mode and more! Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion.

Posted by Nick Anderson
April 28, 2022

Change in behavior: Creating files by default

In the upcoming CFEngine 3.20 release we are making a change in the behaviour of the create attribute for the files promises that manage the entire content of a file. This includes promises with the template methods mustache, inline_mustache and cfengine; as well as promises with the content attribute. The motivation behind these new changes is two-fold; make it easier to learn CFEngine policy language and understand what policy is doing, and to prevent CFEngine from creating empty configuration files.

Posted by Lars Erik Wik
April 22, 2022
Get in touch with us
to discuss how we can help!
Contact us
Sign up for
our newsletter
By signing up, you agree to your email address being stored and used to receive newsletters about CFEngine. We use tracking in our newsletter emails to improve our marketing content.