crans_bcfg2/Rules/rules.xml

<Rules priority="1">
  <Action name="generate-locales" timing="post" when="modified" status="check"
	  command="/usr/sbin/update-locale"/>

  <Service type="deb" name="postfix" status="on"/>
  <Action name="generate-locales"
	  timing="post" when="modified" status="check"
	  command="/usr/sbin/update-locale"/>
  <Action name="update-postfix-aliases"
	  timing="post" when="modified" status="check"
	  command="/usr/bin/newaliases"/>
  <Action name="update-postfix-canonical"
	  timing="post" when="modified" status="check"
	  command="/usr/sbin/postmap /etc/postfix/canonical"/>
  <Action name="update-postfix-mime_header_checks"
	  timing="post" when="modified" status="check"
	  command="/usr/sbin/postmap /etc/postfix/mime_header_checks"/>
  <Action name="update-postfix-transport"
	  timing="post" when="modified" status="check"
	  command="/usr/sbin/postmap /etc/postfix/transport"/>
  <Action name="update-postfix-virtual"
	  timing="post" when="modified" status="check"
	  command="/usr/sbin/postmap /etc/postfix/virtual"/>

  <Action name="apt-key-add"
	  timing="post" when="modified" status="check"
	  command="cat /etc/crans/apt-keys/*.asc | apt-key add -"/>

  <Group name="users">
    <Path name="/etc/crans/secrets" type="directory" owner="respbats" group="adm" perms="0550"/>
  </Group>

  <Group name="vo">
    <Path name="/etc/crans/secrets" type="directory" owner="respbats" group="adm" perms="0550"/>
  </Group>

  <!-- XXX: kludge pour facture.py -->
  <Group name="rouge">
    <Path name="/etc/crans/secrets" type="directory" owner="intranet" group="adm" perms="0550"/>
  </Group>

  <Group name="mail-mx-main">
    <Action name="postfix-to-sasl" timing="post" when="modified" status="check" command="adduser postfix sasl"/>
    <Action name="postfix-link-sasl" timing="post" when="modified" status="check" command="ln -sf /var/spool/postfix/var/run/saslauthd /var/run/saslauthd"/>
  </Group>

  <Group name="users" negate="true">
    <Group name="rouge" negate="true">
      <Group name="vo" negate="true">
        <Path name="/etc/crans/secrets" type="directory" owner="root" group="adm" perms="0550"/>
      </Group>
    </Group>
  </Group>

  <Group name="rsyslog-server">
    <Path name="/var/spool/rsyslog" type="directory" owner="root" group="adm" perms="0750"/>
  </Group>

  <Group name="rsyslog-client">
    <Group name="rsyslog-server" negate="true">
      <Path name="/var/log/spool" type="directory" owner="root" group="adm" perms="750"/>
    </Group>
  </Group>

  <Service type="deb" name="bcfg2-server" status="on"/>

  <Service type="deb" name="bind9" status="on"/>

  <Path name="/mirror/apt-mirror" type="directory"  owner="apt-mirror" group="apt-mirror" perms="0755"/>
  <Path name="/mirror/apt-mirror/var" type="directory" owner="apt-mirror" group="apt-mirror" perms="0755"/>
  <Path name="/mirror/apt-mirror/skel" type="directory" owner="apt-mirror" group="apt-mirror" perms="0755"/>
  <Path name="/mirror/apt-mirror/mirror" type="directory" owner="apt-mirror" group="apt-mirror" perms="0755"/>


  <Path name="/usr/scripts" type="directory" owner="root" group="adm" perms="775"/>

  <Service type="deb" name="proftpd" status="on"/>

  <Service type="deb" name="rsync" status="on"/>

  <Service type="deb" name="ntp" status="on"/>

  <Service type="deb" name="openntpd" status="on"/>

  <Service type="deb" name="ssh" status="on"/>

  <Service type="deb" name="sqlgrey" status="on"/>

  <Service type="deb" name="autofs" status="on"/>

  <Service type="deb" name="nscd" status="on"/>

  <Service type="deb" name="openvpn" status="on"/>

  <Service type="deb" name="mumudvb" status="on"/>

  <!-- Suppression du groupe adm de /etc/group pour forcer sudo à regarder dans la base -->
  <Action name="del-adm"
	  timing="post" when="modified" status="check"
	  command="! grep -q '^adm:' /etc/group ||
		   { a=$(mktemp) &amp;&amp;
		   awk -F':' '$1 != &quot;adm&quot;' /etc/group > $a &amp;&amp;
		   mv $a /etc/group &amp;&amp;
		   rm -f $a &amp;&amp;
		   grpconv; }"/>
  
  <Service type="deb" name="monit" status="on"/>

  <Service type="deb" name="nut" status="on"/>

  <Service type="deb" name="jabber" status="on"/>

  <Service type="deb" name="ejabberd" status="on"/>
  
  <Group name="squeeze">
      <Service type="deb" name="portmap" status="on"/>
  </Group>

  <Group name="wheezy">
      <Service type="deb" name="rpcbind" status="on"/>
  </Group>

  <Action name="ln-attendre-vert" timing="post" when="modified" status="check"
      command="ln -s /etc/init.d/attendre-vert /etc/rcS.d/S41attendre-vert" /> 

  <Service type="deb" name="nfs-kernel-server" status="on"/>
  <Service type="deb" name="quota" status="on"/>
  <Service type="deb" name="quotarpc" status="on"/>
  <Service type="deb" name="rsyslog" status="on"/>
  <Service type="deb" name="slapd" status="on"/>
  <Service type="deb" name="nslcd" status="on"/>
  <Service type="deb" name="munin-node" status="on"/>
  <Service type="deb" name="nagios-nrpe-server" status="on"/>

  <Service type="deb" name="arpwatch" status="on"/>

  <Action name="link-munin-plugins" timing="post" when="modified" status="check"
	  command="python /usr/scripts/munin/scripts/link_plugins.py -f" />

  <Path name="/etc/logcheck/cracking.ignore.d/local-crans" type="symlink" to="/etc/logcheck/ignore.d.server/local-crans"/>
  <Path name="/etc/logcheck/cracking.ignore.d/local-ignore" type="symlink" to="/etc/logcheck/ignore.d.server/local-ignore"/>
  <Path name="/etc/logcheck/violations.ignore.d/local-crans" type="symlink" to="/etc/logcheck/ignore.d.server/local-crans"/>
  <Path name="/etc/logcheck/violations.ignore.d/local-ignore" type="symlink" to="/etc/logcheck/ignore.d.server/local-ignore"/>
  
  <Action name="link-firewall" timing="post" when="modified" status="check"
      command="update-rc.d firewall defaults 45"/>
  <Action name="link-firewall6" timing="post" when="modified" status="check"
      command="update-rc.d firewall6 defaults 45"/>
</Rules>