delete-files

Allows you to specify a list of files you want deleted on hosts in your infrastructure. When this module is deployed as part of your policy set, every time CFEngine runs, it will check if those files exist, and delete them if they do.

Maintainer

Nick Anderson

Module stats

Total Downloads: 67
Updated: Jun 30, 2023

Installation version

Version
Released on Jun 30, 2023

Tags

Installation

                    
cfbs add delete-files
Description
Dependencies
Comments

A simple module to delete specific files.

It allows you to specify a list of files you want deleted on hosts in your infrastructure. When this module is deployed as part of your policy set, every time CFEngine runs, it will check if those files exist, and delete them if they do.

Recommendation: Enforce the removal of files known to be malicious or indicating insecure configuration. Examples of such files are `~/.shosts` files, `/etc/cron.deny`, etc.

Configuration

Module input

This module accepts input. Both the cfbs CLI and Mission Portal (3.21 and beyond) allow you to specify the files you want deleted. Here is an example of what it looks like in Mission Portal:

https://raw.githubusercontent.com/nickanderson/cfengine-delete-files/main/delete-files-example-input-mp.png

Variables

delete_files:delete_files.files

Array of dicts having path and why keys.

  • path must be a regular expression matching the fully qualified path to a file
  • why should explain why the file being absent is important
   {
     "variables": {
       "delete_files:delete_files.files": {
         "comment": "Files and their required permissions",
         "value": [
           {
             "why": "The file lists remote hosts and users that are trusted by the local system when using the rshd daemon and can allow unauthenticated access to the system. Reccomended by CIS  CCE-84145-2.",
             "path": "/etc/hosts.equiv"
           },
           {
             "why": "The file lists remote hosts and users that are trusted by the local system when using the rshd daemon and can allow unauthenticated access to the system. Reccomended by CIS  CCE-84145-2.",
             "path": "/home/.*/.rhosts"
           },
           {
             "why": "The file lists remote hosts and users that are trusted by the local system when using the rshd daemon and can allow unauthenticated access to the system. Reccomended by CIS  CCE-84145-2.",
             "path": "/root/.rhosts"
           }
         ]
       }
     }
   }
Example Augments configuration

Notes:

  • Running with class delete_files:DEBUG or default:DEBUG define results in DEBUG reports from policy.
  • A list or array of files is also supported.
  • An array with filenames and dicts having path and why keys is supported.
  • Absence of why key is supported.
  • A simple string is supported (but as indicated by DEBUG reports, likely a mis-configuration).
  • Directories are not deleted.

History

  • DEBUG reports added in version 2.0.0.
  • Support for simple list specification added in version 2.0.0.
  • Support for mixed data array specification added in version 2.0.0.
  • Support for absence of why key added in version 2.0.0.

Dependencies

This module has no dependencies

comments powered by Disqus