Actions
User story #12613
open
Ensure file content without specifying the content
Pull Request:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:
Description
A Generic Method or a Technique could check if the content of a file is not changing from a initial state that we could set manually. That permit to not know exactly the content of a file but simply ensure that the current file don't change after.
Simple scenario :- Create a directive that monitor the content of a specific file, eg. /etc/hosts. By default, the content set is "blank" (but maybe we can copy/paste the content or pre-accept for the 1st run ?)
- Apply the directive to a node throug a rule
- The node show a non compliance for the directive
- We manually accept the change of state of the directive
Updated by Alexis Mousset over 6 years ago
- Target version set to Ideas (not version specific)
This can be done today with the technique editor, using a separate file to hold a hash:
- If a given (manually defined) reset condition is there, write the hash of the file into the hash file
- (optionally, allows auto-acceptation of the first state of the file) If the hash file is not there, write the hash of the file into the hash file
- Compare the hash of the file with the hash stored in the hash file with a command execution, which will report an error continuously if the file changed. To accept the new content, call a remote run through the API passing the reset condition defined in a remote run call, or locally with "rudder agent run -Dmy_reset_condition".
Updated by Nicolas CHARLES over 5 years ago
This is the Technique: "Monitor a file or directory content"
Actions