Operations | Monitoring | ITSM | DevOps | Cloud

Three notable dnf related improvements making it easier to manage packages on modern Enterprise Linux based systems (Red Hat, Rocky Linux, Alama Linux, etc …) have been merged recently.

CFEngine 3.24.4+, 3.27.1+, and 3.28.0+ include a change to how findfiles() handles trailing slashes on directory paths. This change restores trailing slashes to directory results, but with improved consistency compared to earlier versions. The new behavior ensures that directory paths always include a trailing slash, making them reliably distinguishable from file paths regardless of the glob pattern used.

Today, we are pleased to announce the release of CFEngine 3.27.0! The code word for this release is exploration. This release also marks an important event, the beginning of the 3.27 LTS series, which will be supported for 3 years. Several new features have been added since the release of CFEngine 3.24 LTS, in the form of non-LTS releases.

Here comes a profoundly belated blog post on a behavior change. Better late than never. Due to various bugs with the glob engine on Windows, we decided to rewrite it in CFEngine 3.24.0. Not only does the new glob engine resolve these bugs on Windows, but it also adds support for brace expansion on all platforms. E.g. findfiles.cf command output.

Today, we are pleased to announce the release of CFEngine 3.26.0! Being a non-LTS (not supported) release, this release allows users to test the new functionality we’ve been working on before it arrives in an LTS release later this year. The codename for this release is a bit different, as it is named after a new feature introduced, and what it eliminates - the admin user.

Disclaimer: This post focuses on Debian-based and Fedora\/RHEL-based distributions and packaging. Everybody using a GNU/Linux distribution most likely knows that packages used by the given distribution are somehow signed and such signatures are somehow verified. Usually, this knowledge comes with the first requirement to import some key when an extra package repository is being added to the system (the standard repositories of a distribution use keys that are present and trusted by default).

The latest release of cfbs (4.4.0 released April 4th, 2025) introduces the analyze command. Last time I used this (Show notes: The agent is in - Episode 47 - Preview of cfbs analyze) I had installed it from a git clone, now I want to go back to regular install command output Now, cfbs help should have our new cfbs analyze option: command output Let’s grab oldest version of the Masterfiles Policy Framework that cf-remote knows about and test it out.

The MPF or Masterfiles Policy Framework is intended to provide a stable base policy for installations and upgrades, and is used by both CFEngine Enterprise and CFEngine community. When you create a new cfbs project with cfbs init one of the questions is related to the MPF: Of particular interest to policy writers is the lib sub-directory: Let’s look through some of the helpful bits you can re-use in your policy!

When writing CFEngine policy we create files ending in the.cf extension but this alone won’t cause the policy to be parsed and evaluated. By default cf-agent runs ${sys.inputdir}/promises.cf. For a non-privileged user running cf-agent this will be in their $HOME directory.

This series of blogs, Monthly Module Mondays, started on April Fool’s Day 2024 discussing how to Inventory and remediate Red Hat Enterprise Linux with Security Technical Implementation Guides (STIGs) has now reached the 10th installment showcasing a couple of modules to take stock of what services are running on your systems.