fix: no log nagios authentifications mistakes

5b949164 · Théo - Le Filament · 91ee7273 · 5b949164 · 5b949164 · 5b949164
--- a/templates/pam-sudo
+++ b/templates/pam-sudo
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -202,6 +202,14 @@
    validate: /usr/sbin/visudo -cf %s
  tags: sudoers

+- name: quiet nagios authentification
+  ansible.builtin.copy:
+    src: 'pam-sudo'
+    dest: '/etc/pam.d/sudo'
+    owner: root
+    group: root
+    mode: '0644'
+
 - name: add public key to authorized keys for {{ host_user }}
  authorized_key:
    key: "{{ default_ssh_public_keys }}"

--- a/templates/sudoers.j2
+++ b/templates/sudoers.j2
@@ -12,15 +12,15 @@ root    ALL=(ALL:ALL) ALL
 {% if host_user2 is defined %}{{ host_user2 }} ALL=(ALL) ALL{% endif %}

 Cmnd_Alias NAGIOS_FAIL2BAN = /usr/bin/fail2ban-client ping, /usr/bin/fail2ban-client banned       
-Defaults!NAGIOS_FAIL2BAN !syslog
+Defaults!NAGIOS_FAIL2BAN !log_allowed
 nagios ALL = (root) NOPASSWD: NAGIOS_FAIL2BAN

-Cmnd_Alias NAGIOS_DOCKER = /usr/bin/docker ps --format {{.Names}} --filter name=* --no-trunc --quiet --all, /usr/bin/docker ps --format {{.Names}} --filter name=* --no-trunc --quiet, /usr/bin>
-Defaults!NAGIOS_DOCKER !syslog
+Cmnd_Alias NAGIOS_DOCKER = /usr/bin/docker ps --format {{ '{{' }}.Names{{ '}}' }} --filter name=* --no-trunc --quiet --all, /usr/bin/docker ps --format {{ '{{' }}.Names{{ '}}' }} --filter name=* --no-trunc --quiet, /usr/bin/docker stats --format {{ '{{' }}.Name{{ '}}' }}\:{{ '{{' }}.CPUPerc{{ '}}' }}\:{{ '{{' }}.MemPerc{{ '}}' }} --no-stream
+Defaults!NAGIOS_DOCKER !log_allowed
 nagios ALL = (root) NOPASSWD: NAGIOS_DOCKER

 {% if inventory_hostname in groups.gitlab %}
 Cmnd_Alias NAGIOS_GITLAB = /opt/gitlab/bin/gitlab-ctl status
-Defaults!NAGIOS_GITLAB !syslog
+Defaults!NAGIOS_GITLAB !log_allowed
 nagios ALL = (root) NOPASSWD: NAGIOS_GITLAB
 {% endif %}