diff options
| author | Matthieu Saulnier <fantom@fedoraproject.org> | 2018-09-29 09:04:49 +0200 |
|---|---|---|
| committer | Matthieu Saulnier <fantom@fedoraproject.org> | 2018-09-29 09:04:49 +0200 |
| commit | 67d9ca2de2f0c5fec723ad535238d8bb02f057a3 (patch) | |
| tree | 758edb506fbab2ff3f92f6785edcddb451d17d59 | |
| parent | 9fd464b0b7695a4ce1440608f038e8a10dc07acc (diff) | |
| download | playbooks-ansible-67d9ca2de2f0c5fec723ad535238d8bb02f057a3.tar.gz playbooks-ansible-67d9ca2de2f0c5fec723ad535238d8bb02f057a3.tar.xz playbooks-ansible-67d9ca2de2f0c5fec723ad535238d8bb02f057a3.zip | |
Update sudoers file and add playbook for rkhunter udpate database task
| -rw-r--r-- | playbooks/rkhunter-propupd.yml | 7 | ||||
| -rw-r--r-- | roles/dnsserver/files/sudo | 21 |
2 files changed, 28 insertions, 0 deletions
diff --git a/playbooks/rkhunter-propupd.yml b/playbooks/rkhunter-propupd.yml new file mode 100644 index 0000000..414b15c --- /dev/null +++ b/playbooks/rkhunter-propupd.yml @@ -0,0 +1,7 @@ +--- +- hosts: all + remote_user: root + tasks: + - name: rkhunter internal database update + command: /usr/bin/rkhunter --propupd + when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" diff --git a/roles/dnsserver/files/sudo b/roles/dnsserver/files/sudo index 657797e..0b7f8cd 100644 --- a/roles/dnsserver/files/sudo +++ b/roles/dnsserver/files/sudo @@ -1,4 +1,5 @@ User_Alias MOI = backup, casper +User_Alias VINC = vincent Cmnd_Alias CRYPTOPEN = /usr/sbin/cryptsetup luksOpen virtual-disk1-200Gio --key-file - virtual-disk1-200Gio Cmnd_Alias MOUNT = /usr/bin/mount /dev/mapper/virtual-disk1-200Gio mnt/virtual-disk1/ @@ -11,6 +12,16 @@ Cmnd_Alias UMOUNT2 = /usr/bin/umount mnt/virtual-disk2/ Cmnd_Alias CRYPTCLOSE2 = /usr/sbin/cryptsetup luksClose virtual-disk2-200Gio +Cmnd_Alias CRYPTOPEN3 = /usr/sbin/cryptsetup luksOpen virtual-disk1-40Gio +Cmnd_Alias MOUNT3 = /usr/bin/mount /dev/mapper/virtual-disk1-40Gio mnt/virtual-disk1/ +Cmnd_Alias UMOUNT3 = /usr/bin/umount mnt/virtual-disk1/ +Cmnd_Alias CRYPTCLOSE3 = /usr/sbin/cryptsetup luksClose virtual-disk1-40Gio +Cmnd_Alias LUKSINIT3 = /usr/sbin/cryptsetup luksFormat virtual-disk1-40Gio +Cmnd_Alias LUKSADDKEY3 = /usr/sbin/cryptsetup luksAddKey virtual-disk1-40Gio +Cmnd_Alias LUKSDELKEY3 = /usr/sbin/cryptsetup luksRemoveKey virtual-disk1-40Gio +Cmnd_Alias MKFS3 = /usr/sbin/mkfs.ext4 /dev/mapper/virtual-disk1-40Gio + + MOI ALL = NOPASSWD: CRYPTOPEN MOI ALL = NOPASSWD: MOUNT MOI ALL = NOPASSWD: UMOUNT @@ -20,3 +31,13 @@ MOI ALL = NOPASSWD: CRYPTOPEN2 MOI ALL = NOPASSWD: MOUNT2 MOI ALL = NOPASSWD: UMOUNT2 MOI ALL = NOPASSWD: CRYPTCLOSE2 + + +VINC ALL = NOPASSWD: CRYPTOPEN3 +VINC ALL = NOPASSWD: MOUNT3 +VINC ALL = NOPASSWD: UMOUNT3 +VINC ALL = NOPASSWD: CRYPTCLOSE3 +VINC ALL = NOPASSWD: LUKSINIT3 +VINC ALL = NOPASSWD: LUKSADDKEY3 +VINC ALL = NOPASSWD: LUKSDELKEY3 +VINC ALL = NOPASSWD: MKFS3 |