This series of blogs, Monthly Module Mondays, started on April Fool’s Day 2024 discussing how to Inventory and remediate Red Hat Enterprise Linux with Security Technical Implementation Guides (STIGs) has now reached the 10th installment showcasing a couple of modules to take stock of what services are running on your systems.

Today, we are pleased to announce the release of CFEngine 3.25.0! The code word for this release is auditability. Being a non-LTS (not supported) release, this release allows users to test the new functionality we’ve been working on before it arrives in an LTS release ~1 year from now.

For the final post in the Feature Friday series I am here to tell you about something I use nearly hourly, ob-cfengine3 which extends Emacs Org Babel for executing CFEngine policy. ob-cfengine3 has been around for a little over seven years now and it has saved me countless hours, seconds at a time. At it’s core it let’s you type a snippet of policy and execute it directly in your document, sort of like Jupyter.

Join Cody and Nick for a Christmas Special showcasing the new Audit Log in Mission Portal for CFEngine 3.25. Nick walked through the new Audit Log demonstrating how actions in Mission Portal are tracked and available for review. He also took a quick look at changes to the global search and taking some questions of air from a few attendees.

Do you enjoy escaping quotes inside strings? I sure don’t, and I really appreciate the flexibility CFEngine provides with 3 different quoting characters (", ', ` ). Let’s take a look. This came up in the post show discussion for The agent is in, episode 39.

CFEngine works by defining a desired state for a given context and converging towards that goal. Given there is no fixed starting point and that the current context might change wildly it can be challenging to succinctly answer the question “What would CFEngine do?”. In Feature Friday: Don’t fix, just warn we saw how an individual promise could be made to warn instead of trying to automatically converge towards the desired state, a granular --dry-run mode.

Implicit list iteration in CFEngine is quite a unique and novel feature. Today we look at a practice example showing how lists can improve the readability and maintainability of your policy. A novel feature in CFEngine is how a list variable is iterated when referenced as a scalar ($(variable)). Let’s take a look at a contrived example.

CFEngine build modules are great for quickly integrating 3rd party policy into your policy set. Module input (not to be confused with inputs in body common control or body file control which are the list of policy files to load) allows you to define values that apply for a particular module as it’s integrated into your policy set. Let’s take a look at a case of extending a module to support input.

Ever need to make a decision based on the version of something? The version_compare() function might be useful for you.1 Over time, software changes and features are added and removed. Sometimes, we need to make a decision based on versions. For example, the Include directive in ssh_config was introduced in OpenSSH 7.3.2 Let’s take a look at how we could possibly use it. This example illustrates the basic use of version_compare()