diff --git a/templates/pam-sudo b/templates/pam-sudo
new file mode 100644
index 0000000000000000000000000000000000000000..1baa5c82565164b6cfc23ab53ae721ce24d99fc5
--- /dev/null
+++ b/templates/pam-sudo
@@ -0,0 +1,12 @@
+#%PAM-1.0
+
+# Set up user limits from /etc/security/limits.conf.
+session    required   pam_limits.so
+
+session    required   pam_env.so readenv=1 user_readenv=0
+session    required   pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0
+session [success=done default=ignore] pam_succeed_if.so quiet uid = 0 ruser = nagios
+
+@include common-auth
+@include common-account
+@include common-session-noninteractive
diff --git a/templates/sudoers.j2 b/templates/sudoers.j2
index 802f0ee1d6503ce28b00bd564cc9ce217c0909ae..1b08686989ae58bd83ffbc399ec58e5f9dd2fc11 100644
--- a/templates/sudoers.j2
+++ b/templates/sudoers.j2
@@ -11,9 +11,16 @@ root    ALL=(ALL:ALL) ALL
 {{ host_user }} ALL=(ALL) ALL
 {% if host_user2 is defined %}{{ host_user2 }} ALL=(ALL) ALL{% endif %}
 
-nagios ALL=NOPASSWD: /usr/bin/fail2ban-client banned
-nagios ALL=NOPASSWD: /usr/bin/fail2ban-client ping
-nagios ALL=NOPASSWD: /usr/bin/docker ps --format {{ '{{' }}.Names{{ '}}' }} --filter name=* --no-trunc --quiet --all
-nagios ALL=NOPASSWD: /usr/bin/docker ps --format {{ '{{' }}.Names{{ '}}' }} --filter name=* --no-trunc --quiet
-nagios ALL=NOPASSWD: /usr/bin/docker stats --format {{ '{{' }}.Name{{ '}}' }}\:{{ '{{' }}.CPUPerc{{ '}}' }}\:{{ '{{' }}.MemPerc{{ '}}' }} --no-stream
-{% if inventory_hostname in groups.gitlab %}nagios ALL=NOPASSWD: /opt/gitlab/bin/gitlab-ctl status{% endif %}
+Cmnd_Alias NAGIOS_FAIL2BAN = /usr/bin/fail2ban-client ping, /usr/bin/fail2ban-client banned       
+Defaults!NAGIOS_FAIL2BAN !syslog
+nagios ALL = (root) NOPASSWD: NAGIOS_FAIL2BAN
+
+Cmnd_Alias NAGIOS_DOCKER = /usr/bin/docker ps --format {{.Names}} --filter name=* --no-trunc --quiet --all, /usr/bin/docker ps --format {{.Names}} --filter name=* --no-trunc --quiet, /usr/bin>
+Defaults!NAGIOS_DOCKER !syslog
+nagios ALL = (root) NOPASSWD: NAGIOS_DOCKER
+
+{% if inventory_hostname in groups.gitlab %}
+Cmnd_Alias NAGIOS_GITLAB = /opt/gitlab/bin/gitlab-ctl status
+Defaults!NAGIOS_GITLAB !syslog
+nagios ALL = (root) NOPASSWD: NAGIOS_GITLAB
+{% endif %}