CFEngine: new classesmatching() function

Get an slist of defined classes matching a given unanchored regular expression.

Example reproduced below:

body common control { bundlesequence => { run }; } bundle agent run { vars: "c" slist => classesmatching(".*"); reports: cfengine:: "Classes matching = $(c)"; }

Will output all classes matching “.*” pattern, so all of them:

Running full policy integrity checks
R: Classes matching = Sunday
R: Classes matching = compiled_on_linux_gnu
R: Classes matching = cpu_high_normal
R: Classes matching = cfengine_3_5_0b2
R: Classes matching = linux_2_6_32_358_el6_x86_64
R: Classes matching = ssh_in_high
R: Classes matching = 192_168_2_104
R: Classes matching = ipv4_192_168_2_104
R: Classes matching = redhat

In addition to handle custom classes, it may be used to spot abnormal node behavior thanks to classes defined by cf-monitord.

The following example is dumb and will report any level above normality, but “normality” is very system specific, and the regular expression must be modified accordingly to avoid noise.

body common control { bundlesequence => { foo }; } bundle agent foo { vars: "anomalies" slist => classesmatching("dev1|dev2|anomaly"); reports: cfengine:: "Possible anomaly: $(anomalies)"; }


Running full policy integrity checks
R: Possible anomaly: cpu_high_dev1
R: Possible anomaly: cpu0_high_dev1