1######################################################## 2# 3# Simple process example 4# 5# Define a class if a process has been running for more 6# than one day 7# 8# For 3.6- run with cf-agent -KIf ./processes_define_class_based_on_process_runtime.cf -b main 9# For 3.7+ run with cf-agent -KIf ./processes_define_class_based_on_process_runtime.cf 10# - main is the default bundle executed if no bundlesequence is defined in 11# 3.7+ 12######################################################## 13 14bundle agent main 15 16{ 17 processes: 18 19 "init" 20 process_count => any_count("booted_over_1_day_ago"), 21 process_select => days_older_than(1), 22 comment => "Define a class indicating we found an init process running 23 for more than 1 day."; 24 25 reports: 26 27 booted_over_1_day_ago:: 28 29 "This system was booted over 1 days ago since there is an init process 30 that is older than 1 day."; 31 32 !booted_over_1_day_ago:: 33 "This system has been rebooted recently as the init process has been 34 running for less than a day"; 35} 36 37######################################################## 38 39######################################################## 40# NOTE: These bundles were copied from the stdlib in 41# order to make this a standalone policy that requires 42# no external files. Because the standard library is 43# constantly evolving their definition may change 44######################################################## 45 46body process_count any_count(cl) 47# @brief Define class `cl` if one or more process is running 48# @param cl Name of the class to be defined 49{ 50 match_range => "0,0"; 51 out_of_range_define => { "$(cl)" }; 52} 53 54######################################################## 55 56body process_select days_older_than(d) 57# @brief Select all processes that are older than `d` days 58# @param d Days that processes need to be old to be selected 59{ 60 stime_range => irange(ago(0,0,"$(d)",0,0,0),now); 61 process_result => "!stime"; 62} 63 64