The CFEngine application is fully contained within the /var/cfengine directory tree. Here is a quick breakdown of the directory structure and some of the files and functions associated with each subdirectory.

/var/cfengine/bin

Agents

Daemons

See Also: [CFEngine Component Applications and Daemons][Introduction and System Overview#CFEngine Component Applications and Daemons]

Directories for Policy Files

/var/cfengine/modules

Location of scripts used in commands promises.

/var/cfengine/inputs

Cached policy repository on each CFEngine client. When cf-agent is invoked by cf-execd, it reads only from this directory.

/var/cfengine/masterfiles

Policy repository which grants access to local or bootstrapped CFEngine clients when they need to update their policies. Policies obtained from /var/cfengine/masterfiles are then cached in /var/cfengine/inputs for local policy execution. The cf-agent executable does not execute policies directly from this repository.

Output Directories

/var/cfengine/outputs

Directory where cf-agent creates its output files. The outputs directory is a record of spooled run-reports. These are often mailed to the administrator by cf-execd, or can be copied to another central location and viewed in an alternative browser. However, not all hosts have an email capability or are online, so the reports are kept here.

/var/cfengine/reports

Directory used to store reports. Reports are not tidied automatically, so you should delete these files after a time to avoid a build up.

/var/cfengine/state

State data such as current process identifiers of running processes, persistent classes and other cached data.

/var/cfengine/lastseen

Log data for incoming and outgoing connections.

/var/cfengine/cfapache

/var/cfengine/config

/var/cfengine/httpd

/var/cfengine/lib

Directory to store shared objects and dependencies that are in the bundled packages.

/var/cfengine/lib-twin

/var/cfengine/master_software_updates

/var/cfengine/plugins

/var/cfengine/ppkeys

Directory used to store encrypted public/private keys for CFEngine client/server network communications.

/var/cfengine/share

/var/cfengine/software_updates

/var/cfengine/ssl

Log Files in /var/cfengine

On hosts, CFEngine writes numerous logs and records to its private workspace.

[CFEngine Enterprise][] provides solutions for centralization and network-wide reporting at an arbitrary scale.

A time-stamped log of when each lock was released. This shows the last time each individual promise was verified.

Although ambiguously named (for historical reasons) this log contains the current list of setuid/setgid programs observed on the system. CFEngine warns about new additions to this list. This log has been deprecated.

In CFEngine Enterprise, a list of promises, with handles and comments, that were not kept.

In CFEngine Enterprise, a list of promises, with handles and comments, that were repaired.

A time-stamped log of the percentage fraction of promises kept after each run.

Database Files in /var/cfengine

A database of classes that have been defined on the current host, including their relative frequencies, scaled like a probability.

A database of hosts that last contacted this host, or were contacted by this host, and includes the times at which they were last observed.

The database of hash values used in CFEngine’s change management functions.

A database of last, average and deviation times of jobs recorded by cf-agent. Most promises take an immeasurably short time to check, but longer tasks such as command execution and file copying are measured by default. Other checks can be instrumented by setting a measurement_class in the action body of a promise.

Process (AKA PID) Files in /var/cfengine

The CFEngine components keep their current process identifier number in `pid files’ in the work directory.

Sockets in /var/cfengine

Datafiles in /var/cfengine

IP address of the policy server

Binary Files in /var/cfengine

git in /var/cfengine/bin

Misc. in /var/cfengine/bin

Postgres in /var/cfengine/bin

Not Verified

A database of active and inactive locks and their expiry times. Deleting this database will reset all lock protections in CFEngine.

CFEngine Enterprise maintains this long-term trend database.

This database contains the current state of the observational history of the host as recorded by cf-monitord.

A database of persistent classes active on this current host.

CFEngine Enterprise database of custom measurements.

CFEngine Enterprise database of static system discovery data.

A time-stamped log of which files have experienced content changes since the last observation, as determined by the hashing algorithms in CFEngine.

CFEngine Enterprise maintains user-defined logs based on specifically promised observations of the system.

This file contains a list of currently discovered classes and variable values that characterize the anomaly alert environment. They are altered by the monitor daemon.

This file contains logs related to the CFEngine package installation.