Operations | Monitoring | ITSM | DevOps | Cloud

The latest release of cfbs (4.4.0 released April 4th, 2025) introduces the analyze command. Last time I used this (Show notes: The agent is in - Episode 47 - Preview of cfbs analyze) I had installed it from a git clone, now I want to go back to regular install command output Now, cfbs help should have our new cfbs analyze option: command output Let’s grab oldest version of the Masterfiles Policy Framework that cf-remote knows about and test it out.

The MPF or Masterfiles Policy Framework is intended to provide a stable base policy for installations and upgrades, and is used by both CFEngine Enterprise and CFEngine community. When you create a new cfbs project with cfbs init one of the questions is related to the MPF: Of particular interest to policy writers is the lib sub-directory: Let’s look through some of the helpful bits you can re-use in your policy!

When writing CFEngine policy we create files ending in the.cf extension but this alone won’t cause the policy to be parsed and evaluated. By default cf-agent runs ${sys.inputdir}/promises.cf. For a non-privileged user running cf-agent this will be in their $HOME directory.

This series of blogs, Monthly Module Mondays, started on April Fool’s Day 2024 discussing how to Inventory and remediate Red Hat Enterprise Linux with Security Technical Implementation Guides (STIGs) has now reached the 10th installment showcasing a couple of modules to take stock of what services are running on your systems.

Today, we are pleased to announce the release of CFEngine 3.25.0! The code word for this release is auditability. Being a non-LTS (not supported) release, this release allows users to test the new functionality we’ve been working on before it arrives in an LTS release ~1 year from now.

With another year behind us, we take a look back at what happened with CFEngine in 2024.

For the final post in the Feature Friday series I am here to tell you about something I use nearly hourly, ob-cfengine3 which extends Emacs Org Babel for executing CFEngine policy. ob-cfengine3 has been around for a little over seven years now and it has saved me countless hours, seconds at a time. At it’s core it let’s you type a snippet of policy and execute it directly in your document, sort of like Jupyter.