diff options
| author | Matthieu Saulnier <fantom@fedoraproject.org> | 2018-08-25 11:02:51 +0200 |
|---|---|---|
| committer | Matthieu Saulnier <fantom@fedoraproject.org> | 2018-08-25 11:02:51 +0200 |
| commit | 19a23ab85485210301ecd4e9dfbca4363573a8db (patch) | |
| tree | 0fd1ed87d96b36f5ce9e46a9aab3bc75815dca79 | |
| parent | fd2842be65e59876f259abbabcfff079a03cd0f2 (diff) | |
| download | playbooks-ansible-19a23ab85485210301ecd4e9dfbca4363573a8db.tar.gz playbooks-ansible-19a23ab85485210301ecd4e9dfbca4363573a8db.tar.xz playbooks-ansible-19a23ab85485210301ecd4e9dfbca4363573a8db.zip | |
Update sudoers and rkhunter config files
| -rw-r--r-- | roles/clients/files/sudo | 3 | ||||
| -rw-r--r-- | roles/clients/tasks/pkgs.yml | 2 | ||||
| -rw-r--r-- | roles/common/tasks/rkhunter.yml | 13 |
3 files changed, 17 insertions, 1 deletions
diff --git a/roles/clients/files/sudo b/roles/clients/files/sudo index caa94ad..4d0f852 100644 --- a/roles/clients/files/sudo +++ b/roles/clients/files/sudo @@ -1,4 +1,5 @@ User_Alias MOI = casper, matthieusaulnier, msaulnier +User_Alias DAYR = dayr Cmnd_Alias CLI = /usr/bin/yum, /usr/bin/dnf, /usr/bin/touch /.autorelabel, /usr/bin/journalctl Cmnd_Alias DESKTOP = /usr/sbin/i7z, /usr/sbin/iftop, /usr/sbin/iotop -o @@ -7,6 +8,7 @@ Cmnd_Alias POWEROFF = /usr/sbin/poweroff Cmnd_Alias SHINT = /usr/sbin/sgdisk -Z Cmnd_Alias RUNLEVEL = /usr/bin/systemctl isolate multi-user, /usr/bin/systemctl isolate graphical Cmnd_Alias DBUS = /usr/bin/systemctl stop dbus.socket dbus.service +Cmnd_Alias VIEWER = /usr/bin/virt-viewer -c qemu\:///system -w -r -f dayr-windows-2012 MOI ALL = NOPASSWD: CLI MOI ALL = NOPASSWD: DESKTOP @@ -15,4 +17,5 @@ MOI ALL = NOPASSWD: POWEROFF MOI ALL = NOPASSWD: SHINT MOI ALL = NOPASSWD: RUNLEVEL MOI ALL = NOPASSWD: DBUS +DAYR ALL = NOPASSWD: VIEWER diff --git a/roles/clients/tasks/pkgs.yml b/roles/clients/tasks/pkgs.yml index f8799e2..36966a6 100644 --- a/roles/clients/tasks/pkgs.yml +++ b/roles/clients/tasks/pkgs.yml @@ -115,6 +115,7 @@ - srm - unhide - httping + - httpry - lbd - nikto - ratproxy @@ -175,6 +176,7 @@ - tortoisehg - officeparser - icecat + - virt-viewer - name: Installation des paquets codecs dnf: name={{ item }} state=present diff --git a/roles/common/tasks/rkhunter.yml b/roles/common/tasks/rkhunter.yml index a773421..460073a 100644 --- a/roles/common/tasks/rkhunter.yml +++ b/roles/common/tasks/rkhunter.yml @@ -5,9 +5,20 @@ - name: Activation de tests rkhunter lineinfile: dest=/etc/rkhunter.conf state=present backrefs=yes regexp="^DISABLE_TESTS=suspscan hidden_ports deleted_files packet_cap_apps apps" - line="DISABLE_TESTS=suspscan deleted_files" + line="DISABLE_TESTS=deleted_files" - name: Ajout de process en liste blanche lineinfile: path: /etc/rkhunter.conf line: 'ALLOWPROCLISTEN=/usr/sbin/wpa_supplicant' + +- name: Ajout de process en liste blanche + lineinfile: + path: /etc/rkhunter.conf + line: 'ALLOWPROCLISTEN=/usr/sbin/arpwatch' + +- name: Ajout de fichier en liste blanche + lineinfile: + path: /etc/rkhunter.conf + insertafter: '^ALLOWDEVFILE=/dev/shm/squid-ssl_session_cache.shm' + line: 'ALLOWDEVFILE=/dev/shm/squid-tls_session_cache.shm' |