Removes nagios sudo privilege definition from evolix-users

The nagios-nrpe role will define those privileges instead.
This commit is contained in:
Patrick Marchand 2019-05-28 23:06:40 +02:00
parent c28e15231f
commit 965bde878f
3 changed files with 10 additions and 12 deletions

View File

@ -3,11 +3,5 @@ Defaults umask=0077
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts/listupgrade.sh, /usr/bin/apt, /bin/mount
User_Alias ADMINS = {{ user.name }}
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_haproxy_stats
nagios ALL = NOPASSWD: /usr/sbin/bkctld check
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
ADMINS ALL = (ALL:ALL) ALL
ADMINS ALL = NOPASSWD: MAINT

View File

@ -2,11 +2,5 @@ Defaults umask=0077
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts/listupgrade.sh, /usr/bin/apt, /bin/mount
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_haproxy_stats
nagios ALL = NOPASSWD: /usr/sbin/bkctld check
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
%{{ evolinux_sudo_group }} ALL=(ALL:ALL) ALL
%{{ evolinux_sudo_group }} ALL = NOPASSWD: MAINT

View File

@ -72,3 +72,13 @@
notify: restart nagios-nrpe-server
tags:
- nagios-nrpe
- name: Nagios user has proper sudo privileges
copy:
src: nagios_sudoers
dest: /etc/sudoers.d/nagios
mode: "0440"
validate: '/usr/sbin/visudo -cf %s'
tags:
- nagios-nrpe
- nagios-plugins