From 5227b44c620f33a2171c07da379bad64815ba297 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Sun, 30 Jul 2017 15:01:52 +0100 Subject: [PATCH] fixed permissions on command.cfg file --- README.md | 9 ++++----- manifests/main/files.pp | 15 +++++++++++++++ manifests/params.pp | 5 ++++- templates/sudo_rule.erb | 5 +++++ 4 files changed, 28 insertions(+), 6 deletions(-) create mode 100644 templates/sudo_rule.erb diff --git a/README.md b/README.md index e5e899b..fe95115 100644 --- a/README.md +++ b/README.md @@ -83,11 +83,10 @@ There are currently no mandatory parameters, i.e. the module will function right ### Optional Parameters -* `$ne_manage_cmds` : Whether to manage check command definitions dynamically through a define, i.e. from other Puppet modules or profiles. Defaults to `true`. -* `$ne_incl_fw` : Whether to manage relevant firewall rules through this modules. Defaults to `true`. -* `$ne_include_selinux` : Whether to manage selinux exception rules. Defaults to `true`. -* `$ne_enable_ssl` : Whether to allow SSL settings. See [known problems](#konwn-problems) for more details. - +* `$ne_manage_cmds` : Whether to manage check command definitions dynamically through a define, i.e. from other Puppet modules or profiles. Defaults to `true`. +* `$ne_incl_fw` : Whether to manage relevant firewall rules through this modules. Defaults to `true`. +* `$ne_include_selinux` : Whether to manage selinux exception rules. Defaults to `true`. +* `$ne_enable_ssl` : Whether to allow SSL settings. See [known problems](#konwn-problems) for more details. ### Managing Check Commands In order to connect a Nagios monitoring server to clients through NRPE, you must define commands and the desired argument strings on the clients. The default NRPE installation comes with a few examples of such commands, which are also included in this module. However, every environment is very different in their requirements and Nagios via Puppet is all about the ability to dynamicically set command arguments based on default variables / overrides. For that reason no hard-coded commands are included, but instead all commands are set via argument strings, where possible. diff --git a/manifests/main/files.pp b/manifests/main/files.pp index 5b3c305..89f3d36 100644 --- a/manifests/main/files.pp +++ b/manifests/main/files.pp @@ -58,4 +58,19 @@ class cd_nrpe::main::files ( notify => Service[$ne_service], } + if $ne_allow_sudo == true { + + file { $ne_sudo_file: + ensure => file, + path => $ne_sudo_file, + owner => 'root', + group => 'root', + mode => '0440', + selrange => s0, + selrole => object_r, + seltype => etc_t, + seluser => system_u, + content => template($ne_sudo_rule_erb), + } + } } diff --git a/manifests/params.pp b/manifests/params.pp index 06d7c29..b87607e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -104,7 +104,7 @@ $pkg_ensure = 'latest', $ne_manage_cmds = true, -# user settings +# NRPE user settings $ne_user = 'nrpe', $ne_user_comment = 'NRPE service user', $ne_user_uid = '1005', @@ -112,6 +112,7 @@ $ne_user_home = '/var/run/nrpe', $ne_user_groups = undef, $ne_user_shell = '/sbin/nologin', + # nrpe.cfg $ne_log_facility = 'daemon', $ne_log_file = '', @@ -173,6 +174,8 @@ $ne_nrpe_conf_erb = 'cd_nrpe/nrpe_conf.erb' $ne_cmd_file = "${ne_main_conf_d_dir}/commands.cfg" $ne_cmd_head_erb = 'cd_nrpe/cmd_head.erb' $ne_cmd_rule_erb = 'cd_nrpe/cmd_rule.erb' +$ne_sudo_file = '/etc/sudoers.d/nagios_sudo' +$ne_sudo_rule_erb = 'cd_nrpe/sudo_rule.erb' # includes must be last diff --git a/templates/sudo_rule.erb b/templates/sudo_rule.erb new file mode 100644 index 0000000..9e9b2d3 --- /dev/null +++ b/templates/sudo_rule.erb @@ -0,0 +1,5 @@ +################################################################################ +##### sudo_rule managed by Puppet | manual changes will be overwritten ##### +################################################################################ + +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/