diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e75469..3912976 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,16 @@ Changelog of Git Changelog.

No issue

+aaaa1589020220e Arne Teuke 2017-07-30 15:22:49 +

+

fixed sudo rule

+ +

+803a084de9e91ee Jenkins Server 2017-07-30 15:22:44 +

+

recommit for updates in build 53

+ +

4ea243c21706dd4 Arne Teuke 2017-07-30 14:55:05

adding nrpe user to sudo rule

diff --git a/REPOSTRUCTURE.md b/REPOSTRUCTURE.md index 2c32000..71ffdbf 100644 --- a/REPOSTRUCTURE.md +++ b/REPOSTRUCTURE.md @@ -44,6 +44,8 @@ | | |-- install.pp | | |-- service.pp | | `-- user.pp +| |-- selinux +| | `-- config.pp | |-- init.pp | `-- params.pp |-- templates @@ -62,4 +64,4 @@ |-- README.md `-- REPOSTRUCTURE.md -11 directories, 51 files +12 directories, 52 files diff --git a/doc/_index.html b/doc/_index.html index 33509d2..c811995 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -118,6 +118,11 @@ +
  • + cd_nrpe::selinux::config + +
    • + @@ -171,7 +176,7 @@ diff --git a/doc/file.README.html b/doc/file.README.html index 4c729b1..89ef340 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -220,6 +220,11 @@ rules. Defaults to true.

  • $ne_enable_ssl : Whether to allow SSL settings. See known problems for more details.

    +
  • +

    $ne_allow_sudo : Whether to allow the nagios / nrpe user to +use sudo by default. Controls both the +settingcommand_prefixand application of a sudo rule. Defaults +tofalse` as it usually is not required for most of the checks.

    • Managing Check Commands

    @@ -325,7 +330,7 @@ environments.

    diff --git a/doc/index.html b/doc/index.html index 2e35b74..2ed5f17 100644 --- a/doc/index.html +++ b/doc/index.html @@ -220,6 +220,11 @@ rules. Defaults to true.

  • $ne_enable_ssl : Whether to allow SSL settings. See known problems for more details.

    +
  • +

    $ne_allow_sudo : Whether to allow the nagios / nrpe user to +use sudo by default. Controls both the +settingcommand_prefixand application of a sudo rule. Defaults +tofalse` as it usually is not required for most of the checks.

    • Managing Check Commands

    @@ -325,7 +330,7 @@ environments.

    diff --git a/doc/puppet_class_list.html b/doc/puppet_class_list.html index 5c81160..fdfed85 100644 --- a/doc/puppet_class_list.html +++ b/doc/puppet_class_list.html @@ -110,6 +110,13 @@ +
  • +
    + cd_nrpe::selinux::config +
    +
    • + + diff --git a/doc/puppet_classes/cd_nrpe.html b/doc/puppet_classes/cd_nrpe.html index 3665f1d..a222903 100644 --- a/doc/puppet_classes/cd_nrpe.html +++ b/doc/puppet_classes/cd_nrpe.html @@ -140,7 +140,7 @@ class cd_nrpe { diff --git a/doc/puppet_classes/cd_nrpe_3A_3Acommands_3A_3Adefinition_rules.html b/doc/puppet_classes/cd_nrpe_3A_3Acommands_3A_3Adefinition_rules.html index 20fec2f..57d1eb0 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Acommands_3A_3Adefinition_rules.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Acommands_3A_3Adefinition_rules.html @@ -267,7 +267,7 @@ class cd_nrpe::commands::definition_rules ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html index 30e2d6c..6b9bddb 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Afirewall_3A_3Aiptables.html @@ -165,7 +165,7 @@ class cd_nrpe::firewall::iptables ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html index a8326dd..a5a8cbf 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aconfig.html @@ -154,7 +154,7 @@ class cd_nrpe::main::config ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html index 12d95ab..66b1be3 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Adirs.html @@ -205,7 +205,7 @@ class cd_nrpe::main::dirs ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html index 6125780..3f5186c 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Afiles.html @@ -247,7 +247,7 @@ class cd_nrpe::main::files ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html index 6eac1d5..f498a14 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Ainstall.html @@ -160,7 +160,7 @@ class cd_nrpe::main::install ( diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html index 9b698b7..de667cc 100644 --- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html +++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Aservice.html @@ -149,7 +149,11 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses/.

    41 42 43 -44 +44 +45 +46 +47 +48 
    # File 'manifests/main/service.pp', line 23
@@ -168,6 +172,10 @@ class cd_nrpe::main::service (
     require cd_nrpe::commands::definition_rules
   }
 
+  if $ne_include_selinux == true {
+    require cd_nrpe::selinux::config
+  }
+
   service { $ne_service:
     ensure      => running,
     hasstatus   => true,
@@ -183,7 +191,7 @@ class cd_nrpe::main::service (
 
 
       
diff --git a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html
index 9d48101..b0c4862 100644
--- a/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html
+++ b/doc/puppet_classes/cd_nrpe_3A_3Amain_3A_3Auser.html
@@ -193,7 +193,7 @@ class cd_nrpe::main::user (
 
 
       
diff --git a/doc/puppet_classes/cd_nrpe_3A_3Aparams.html b/doc/puppet_classes/cd_nrpe_3A_3Aparams.html
index 4074e9c..e94b408 100644
--- a/doc/puppet_classes/cd_nrpe_3A_3Aparams.html
+++ b/doc/puppet_classes/cd_nrpe_3A_3Aparams.html
@@ -79,6 +79,8 @@
       
       cd_nrpe::main::service
    
       
+      cd_nrpe::selinux::config
    
+      
       cd_nrpe::firewall::iptables
    
       
       cd_nrpe::commands::definition_rules
    
@@ -328,7 +330,7 @@ of the form $(...).
    
         (boolean)
       
       
-        (defaults to: true)
+        (defaults to: false)
       
       
         —
@@ -999,7 +1001,7 @@ $ne_listen_queue_size       = '5',
 $ne_nagios_server           = $::nagios_server,
 $ne_dont_blame_nrpe         = '1',
 $ne_allow_bash_cmd_subst    = '1',
-$ne_allow_sudo              = true,
+$ne_allow_sudo              = false,
 $ne_command_prefix          = '/usr/bin/sudo',
 $ne_command_timeout         = '60',
 $ne_connection_timeout      = '300',
@@ -1065,7 +1067,7 @@ $ne_sudo_rule_erb           = 'cd_nrpe/sudo_rule.erb'
 
 
       
diff --git a/doc/puppet_classes/cd_nrpe_3A_3Aselinux_3A_3Aconfig.html b/doc/puppet_classes/cd_nrpe_3A_3Aselinux_3A_3Aconfig.html
new file mode 100644
index 0000000..00690fd
--- /dev/null
+++ b/doc/puppet_classes/cd_nrpe_3A_3Aselinux_3A_3Aconfig.html
@@ -0,0 +1,180 @@
+
+
+  
+    
+
+
+  Puppet Class: cd_nrpe::selinux::config
+  
+    — Documentation by YARD 0.9.9
+  
+
+
+  
+
+  
+
+
+
+
+  
+
+  
+
+
+  
+  
+    
    
+      
+      
    
+    
    
+
+    
    
+      
+
+      
    Puppet Class: cd_nrpe::selinux::config
    
+
    
+  
+  
    
+    
    Inherits:
    
+    
    cd_nrpe::params
    
+  
    
+  
+  
+  
    
+    
    Defined in:
    
+    
    
+      manifests/selinux/config.pp
+    
    
+  
    
+
    
+
+  
    Summary
    
+  Class manages all aspects of configuring selinux for NRPE.
+
+
    Overview
    
+
    
+  
    
+    
+
    cd_nrpe::selinux::config.pp # Module name: cd_nrpe
+Author: Arne Teuke
+(arne_teuke@ConfDroid.com)
    
+
+
    License:
    
+
+
    This file is part of cd_nrpe.
    
+
+
    cd_nrpe is used for providing automatic configuration of NRPE
+ Copyright
+(C) 2016 ConfDroid (copyright@ConfDroid.com)
+ This program is free
+software: you can redistribute it and/or modify
+ it under the terms of the
+GNU General Public License as published by
+ the Free Software Foundation,
+either version 3 of the License, or
+ (at your option) any later version.
    
+
+
    This program is distributed in the hope that it will be useful,
+ but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License
+for more details.
    
+
+
    You should have received a copy of the GNU General Public License
+ along
+with this program. If not, see www.gnu.org/licenses/.
    
+
+  
    
+
    
+
    
+  
+
+
    
+  
+    
+      
+      
+    
+  
    
+        
    +
+
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
    
+          		
+        
    # File 'manifests/selinux/config.pp', line 22
+
+class cd_nrpe::selinux::config (
+
+) inherits cd_nrpe::params {
+
+  if $ne_include_selinux == true {
+
+    #  manage allow nagios sudo
+
+    exec { 'nagios_run_sudo':
+      command =>  'setsebool -P nagios_run_sudo 1',
+      path    =>  ['/usr/bin','/usr/sbin'],
+      cwd     =>  '/tmp',
+      unless  =>  'getsebool nagios_run_sudo | awk \'{print$3}\' | grep -ic "on"'
+    }
+  }
+}
    
+      
    
+
    
+
    
+
+      
+
+    
    
+  
+
\ No newline at end of file
diff --git a/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html b/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html
index 1d5391e..4227fdf 100644
--- a/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html
+++ b/doc/puppet_defined_types/cd_nrpe_3A_3Acommands_3A_3Adefinitions.html
@@ -259,7 +259,7 @@ $ne_manage_cmds   = $::cd_nrpe::params::ne_manage_cmds
 
 
       
diff --git a/doc/top-level-namespace.html b/doc/top-level-namespace.html
index b3d393c..7e2f8e7 100644
--- a/doc/top-level-namespace.html
+++ b/doc/top-level-namespace.html
@@ -90,7 +90,7 @@