diff --git a/plugins/inputs/fail2ban/README.md b/plugins/inputs/fail2ban/README.md index b0f6666bb..0b0e65414 100644 --- a/plugins/inputs/fail2ban/README.md +++ b/plugins/inputs/fail2ban/README.md @@ -10,15 +10,24 @@ Acquiring the required permissions can be done using several methods: ### Using sudo -You may edit your sudo configuration with the following: +You will need the following in your telegraf config: +```toml +[[inputs.fail2ban]] + use_sudo = true +``` -``` sudo -telegraf ALL=(root) NOEXEC: NOPASSWD: /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status * +You will also need to update your sudoers file: +```bash +$ visudo +# Add the following line: +Cmnd_Alias FAIL2BAN = /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status * +telegraf ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN +Defaults!FAIL2BAN !logfile, !syslog, !pam_session ``` ### Configuration: -``` toml +```toml # Read metrics from fail2ban. [[inputs.fail2ban]] ## Use sudo to run fail2ban-client diff --git a/plugins/inputs/ipset/README.md b/plugins/inputs/ipset/README.md index 2209de911..ae66ccfc0 100644 --- a/plugins/inputs/ipset/README.md +++ b/plugins/inputs/ipset/README.md @@ -25,10 +25,19 @@ AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN ### Using sudo -You may edit your sudo configuration with the following: +You will need the following in your telegraf config: +```toml +[[inputs.ipset]] + use_sudo = true +``` -```sudo -telegraf ALL=(root) NOPASSWD: /sbin/ipset save +You will also need to update your sudoers file: +```bash +$ visudo +# Add the following line: +Cmnd_Alias IPSETSAVE = /sbin/ipset save +telegraf ALL=(root) NOPASSWD: IPSETSAVE +Defaults!IPSETSAVE !logfile, !syslog, !pam_session ``` ### Configuration diff --git a/plugins/inputs/iptables/README.md b/plugins/inputs/iptables/README.md index 03bf784e6..6b56febba 100644 --- a/plugins/inputs/iptables/README.md +++ b/plugins/inputs/iptables/README.md @@ -28,10 +28,20 @@ Since telegraf will fork a process to run iptables, `AmbientCapabilities` is req ### Using sudo -You may edit your sudo configuration with the following: +You will need the following in your telegraf config: +```toml +[[inputs.iptables]] + use_sudo = true +``` -```sudo -telegraf ALL=(root) NOPASSWD: /usr/bin/iptables -nvL * +You will also need to update your sudoers file: + +```bash +$ visudo +# Add the following line: +Cmnd_Alias IPTABLESSHOW = /usr/bin/iptables -nvL * +telegraf ALL=(root) NOPASSWD: IPTABLESSHOW +Defaults!IPTABLESSHOW !logfile, !syslog, !pam_session ``` ### Using IPtables lock feature diff --git a/plugins/inputs/opensmtpd/README.md b/plugins/inputs/opensmtpd/README.md index ba73ed024..4c1949869 100644 --- a/plugins/inputs/opensmtpd/README.md +++ b/plugins/inputs/opensmtpd/README.md @@ -86,7 +86,9 @@ You will also need to update your sudoers file: ```bash $ visudo # Add the following line: -telegraf ALL=(ALL) NOPASSWD: /usr/sbin/smtpctl +Cmnd_Alias SMTPCTL = /usr/sbin/smtpctl +telegraf ALL=(ALL) NOPASSWD: SMTPCTL +Defaults!SMTPCTL !logfile, !syslog, !pam_session ``` Please use the solution you see as most appropriate. diff --git a/plugins/inputs/smart/README.md b/plugins/inputs/smart/README.md index 4826edbc6..c60e11e35 100644 --- a/plugins/inputs/smart/README.md +++ b/plugins/inputs/smart/README.md @@ -61,6 +61,27 @@ smartctl -s on # devices = [ "/dev/ada0 -d atacam" ] ``` +### Permissions: + +It's important to note that this plugin references smartctl, which may require additional permissions to execute successfully. +Depending on the user/group permissions of the telegraf user executing this plugin, you may need to use sudo. + + +You will need the following in your telegraf config: +```toml +[[inputs.smart]] + use_sudo = true +``` + +You will also need to update your sudoers file: +```bash +$ visudo +# Add the following line: +Cmnd_Alias SMARTCTL = /usr/bin/smartctl +telegraf ALL=(ALL) NOPASSWD: SMARTCTL +Defaults!SMARTCTL !logfile, !syslog, !pam_session +``` + ### Metrics: - smart_device: diff --git a/plugins/inputs/unbound/README.md b/plugins/inputs/unbound/README.md index 2163bd375..36c9aa47d 100644 --- a/plugins/inputs/unbound/README.md +++ b/plugins/inputs/unbound/README.md @@ -56,7 +56,9 @@ You will also need to update your sudoers file: ```bash $ visudo # Add the following line: -telegraf ALL=(ALL) NOPASSWD: /usr/sbin/unbound-control +Cmnd_Alias UNBOUNDCTL = /usr/sbin/unbound-control +telegraf ALL=(ALL) NOPASSWD: UNBOUNDCTL +Defaults!UNBOUNDCTL !logfile, !syslog, !pam_session ``` Please use the solution you see as most appropriate. diff --git a/plugins/inputs/varnish/README.md b/plugins/inputs/varnish/README.md index 380d1c75b..3609b12e7 100644 --- a/plugins/inputs/varnish/README.md +++ b/plugins/inputs/varnish/README.md @@ -391,7 +391,9 @@ You will also need to update your sudoers file: ```bash $ visudo # Add the following line: -telegraf ALL=(ALL) NOPASSWD: /usr/bin/varnishstat +Cmnd_Alias VARNISHSTAT = /usr/bin/varnishstat +telegraf ALL=(ALL) NOPASSWD: VARNISHSTAT +Defaults!VARNISHSTAT !logfile, !syslog, !pam_session ``` Please use the solution you see as most appropriate.