confdroid/confdroid_nrpe
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fixed permissions on command.cfg file

Browse Source
This commit is contained in:
Arne Teuke
2017-07-30 15:01:52 +01:00
parent 6ae7e881a9
commit 5227b44c62
4 changed files with 28 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -88,7 +88,6 @@ There are currently no mandatory parameters, i.e. the module will function right
* `$ne_include_selinux` : Whether to manage selinux exception rules. Defaults to `true`. * `$ne_include_selinux` : Whether to manage selinux exception rules. Defaults to `true`.
* `$ne_enable_ssl` : Whether to allow SSL settings. See [known problems](#konwn-problems) for more details. * `$ne_enable_ssl` : Whether to allow SSL settings. See [known problems](#konwn-problems) for more details.
### Managing Check Commands ### Managing Check Commands
In order to connect a Nagios monitoring server to clients through NRPE, you must define commands and the desired argument strings on the clients. The default NRPE installation comes with a few examples of such commands, which are also included in this module. However, every environment is very different in their requirements and Nagios via Puppet is all about the ability to dynamicically set command arguments based on default variables / overrides. For that reason no hard-coded commands are included, but instead all commands are set via argument strings, where possible. In order to connect a Nagios monitoring server to clients through NRPE, you must define commands and the desired argument strings on the clients. The default NRPE installation comes with a few examples of such commands, which are also included in this module. However, every environment is very different in their requirements and Nagios via Puppet is all about the ability to dynamicically set command arguments based on default variables / overrides. For that reason no hard-coded commands are included, but instead all commands are set via argument strings, where possible.

15
manifests/main/files.pp
View File

@@ -58,4 +58,19 @@ class cd_nrpe::main::files (
notify => Service[$ne_service], notify => Service[$ne_service],
} }
if $ne_allow_sudo == true {
file { $ne_sudo_file:
ensure => file,
path => $ne_sudo_file,
owner => 'root',
group => 'root',
mode => '0440',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
content => template($ne_sudo_rule_erb),
}
}
} }

5
manifests/params.pp
View File

@@ -104,7 +104,7 @@ $pkg_ensure = 'latest',
$ne_manage_cmds = true, $ne_manage_cmds = true,
# user settings # NRPE user settings
$ne_user = 'nrpe', $ne_user = 'nrpe',
$ne_user_comment = 'NRPE service user', $ne_user_comment = 'NRPE service user',
$ne_user_uid = '1005', $ne_user_uid = '1005',
@@ -112,6 +112,7 @@ $ne_user_home = '/var/run/nrpe',
$ne_user_groups = undef, $ne_user_groups = undef,
$ne_user_shell = '/sbin/nologin', $ne_user_shell = '/sbin/nologin',
# nrpe.cfg # nrpe.cfg
$ne_log_facility = 'daemon', $ne_log_facility = 'daemon',
$ne_log_file = '', $ne_log_file = '',
@@ -173,6 +174,8 @@ $ne_nrpe_conf_erb = 'cd_nrpe/nrpe_conf.erb'
$ne_cmd_file = "${ne_main_conf_d_dir}/commands.cfg" $ne_cmd_file = "${ne_main_conf_d_dir}/commands.cfg"
$ne_cmd_head_erb = 'cd_nrpe/cmd_head.erb' $ne_cmd_head_erb = 'cd_nrpe/cmd_head.erb'
$ne_cmd_rule_erb = 'cd_nrpe/cmd_rule.erb' $ne_cmd_rule_erb = 'cd_nrpe/cmd_rule.erb'
$ne_sudo_file = '/etc/sudoers.d/nagios_sudo'
$ne_sudo_rule_erb = 'cd_nrpe/sudo_rule.erb'
# includes must be last # includes must be last

5
templates/sudo_rule.erb Normal file
View File

@@ -0,0 +1,5 @@
################################################################################
##### sudo_rule managed by Puppet | manual changes will be overwritten #####
################################################################################
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/