fixed permissions on command.cfg file

2017-07-30 15:01:52 +01:00
parent 6ae7e881a9
commit 5227b44c62
4 changed files with 28 additions and 6 deletions
--- a/README.md
+++ b/README.md
@@ -83,11 +83,10 @@ There are currently no mandatory parameters, i.e. the module will function right
 ### Optional Parameters
-* `$ne_manage_cmds`     : Whether to manage check command definitions dynamically through a define, i.e. from other Puppet modules or profiles. Defaults to `true`.
+* `$ne_manage_cmds`       : Whether to manage check command definitions dynamically through a define, i.e. from other Puppet modules or profiles. Defaults to `true`.
-* `$ne_incl_fw`         : Whether to manage relevant firewall rules through this modules. Defaults to `true`.
+* `$ne_incl_fw`           : Whether to manage relevant firewall rules through this modules. Defaults to `true`.
-* `$ne_include_selinux` : Whether to manage selinux exception rules. Defaults to `true`.
+* `$ne_include_selinux`   : Whether to manage selinux exception rules. Defaults to `true`.
-* `$ne_enable_ssl`      : Whether to allow SSL settings. See [known problems](#konwn-problems) for more details.
+* `$ne_enable_ssl`        : Whether to allow SSL settings. See [known problems](#konwn-problems) for more details.
 ### Managing Check Commands
 In order to connect a Nagios monitoring server to clients through NRPE, you must define commands and the desired argument strings on the clients. The default NRPE installation comes with a few examples of such commands, which are also included in this module.  However, every environment is very different in their requirements and Nagios via Puppet is all about the ability to dynamicically set command arguments based on default variables / overrides. For that reason no hard-coded commands are included, but instead all commands are set via argument strings, where possible.
--- a/manifests/main/files.pp
+++ b/manifests/main/files.pp
@@ -58,4 +58,19 @@ class cd_nrpe::main::files (
    notify    =>  Service[$ne_service],
  }
  if $ne_allow_sudo == true {
    file { $ne_sudo_file:
      ensure    =>  file,
      path      =>  $ne_sudo_file,
      owner     =>  'root',
      group     =>  'root',
      mode      =>  '0440',
      selrange  =>  s0,
      selrole   =>  object_r,
      seltype   =>  etc_t,
      seluser   =>  system_u,
      content   =>  template($ne_sudo_rule_erb),
    }
  }
 }
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -104,7 +104,7 @@ $pkg_ensure                 = 'latest',
 $ne_manage_cmds             = true,
-# user settings
+# NRPE user settings
 $ne_user                    = 'nrpe',
 $ne_user_comment            = 'NRPE service user',
 $ne_user_uid                = '1005',
@@ -112,6 +112,7 @@ $ne_user_home               = '/var/run/nrpe',
 $ne_user_groups             = undef,
 $ne_user_shell              = '/sbin/nologin',
 # nrpe.cfg
 $ne_log_facility            = 'daemon',
 $ne_log_file                = '',
@@ -173,6 +174,8 @@ $ne_nrpe_conf_erb           = 'cd_nrpe/nrpe_conf.erb'
 $ne_cmd_file                = "${ne_main_conf_d_dir}/commands.cfg"
 $ne_cmd_head_erb            = 'cd_nrpe/cmd_head.erb'
 $ne_cmd_rule_erb            = 'cd_nrpe/cmd_rule.erb'
 $ne_sudo_file               = '/etc/sudoers.d/nagios_sudo'
 $ne_sudo_rule_erb           = 'cd_nrpe/sudo_rule.erb'
 # includes must be last
--- a/templates/sudo_rule.erb
+++ b/templates/sudo_rule.erb
@@ -0,0 +1,5 @@
 ################################################################################
 #####   sudo_rule managed by Puppet | manual changes will be overwritten   #####
 ################################################################################
 nagios          ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/