diff --git a/templates/pam-sudo b/files/pam-sudo similarity index 100% rename from templates/pam-sudo rename to files/pam-sudo diff --git a/tasks/main.yml b/tasks/main.yml index 7e94fae3ccdc9af027e27cad9d55508cc99169f6..d512d455af50a215792d3b3da9da984e817cf88a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -202,6 +202,14 @@ validate: /usr/sbin/visudo -cf %s tags: sudoers +- name: quiet nagios authentification + ansible.builtin.copy: + src: 'pam-sudo' + dest: '/etc/pam.d/sudo' + owner: root + group: root + mode: '0644' + - name: add public key to authorized keys for {{ host_user }} authorized_key: key: "{{ default_ssh_public_keys }}" diff --git a/templates/sudoers.j2 b/templates/sudoers.j2 index 1b08686989ae58bd83ffbc399ec58e5f9dd2fc11..c8ba703b4d735d2a05c64e0ddb4886da83be59e6 100644 --- a/templates/sudoers.j2 +++ b/templates/sudoers.j2 @@ -12,15 +12,15 @@ root ALL=(ALL:ALL) ALL {% if host_user2 is defined %}{{ host_user2 }} ALL=(ALL) ALL{% endif %} Cmnd_Alias NAGIOS_FAIL2BAN = /usr/bin/fail2ban-client ping, /usr/bin/fail2ban-client banned -Defaults!NAGIOS_FAIL2BAN !syslog +Defaults!NAGIOS_FAIL2BAN !log_allowed nagios ALL = (root) NOPASSWD: NAGIOS_FAIL2BAN -Cmnd_Alias NAGIOS_DOCKER = /usr/bin/docker ps --format {{.Names}} --filter name=* --no-trunc --quiet --all, /usr/bin/docker ps --format {{.Names}} --filter name=* --no-trunc --quiet, /usr/bin> -Defaults!NAGIOS_DOCKER !syslog +Cmnd_Alias NAGIOS_DOCKER = /usr/bin/docker ps --format {{ '{{' }}.Names{{ '}}' }} --filter name=* --no-trunc --quiet --all, /usr/bin/docker ps --format {{ '{{' }}.Names{{ '}}' }} --filter name=* --no-trunc --quiet, /usr/bin/docker stats --format {{ '{{' }}.Name{{ '}}' }}\:{{ '{{' }}.CPUPerc{{ '}}' }}\:{{ '{{' }}.MemPerc{{ '}}' }} --no-stream +Defaults!NAGIOS_DOCKER !log_allowed nagios ALL = (root) NOPASSWD: NAGIOS_DOCKER {% if inventory_hostname in groups.gitlab %} Cmnd_Alias NAGIOS_GITLAB = /opt/gitlab/bin/gitlab-ctl status -Defaults!NAGIOS_GITLAB !syslog +Defaults!NAGIOS_GITLAB !log_allowed nagios ALL = (root) NOPASSWD: NAGIOS_GITLAB {% endif %}