dom
/
telegraf
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update sudo config recommendation (#5337)

This commit is contained in:
vignemail1 2019-01-24 19:54:25 +01:00 committed by Daniel Nelson
parent 35d18d3fd7
commit 7a229e25a6
7 changed files with 68 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
plugins/inputs/fail2ban/README.md
View File

@ -10,15 +10,24 @@ Acquiring the required permissions can be done using several methods:
### Using sudo ### Using sudo
You may edit your sudo configuration with the following: You will need the following in your telegraf config:
```toml
[[inputs.fail2ban]]
use_sudo = true
```
``` sudo You will also need to update your sudoers file:
telegraf ALL=(root) NOEXEC: NOPASSWD: /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status * ```bash
$ visudo
# Add the following line:
Cmnd_Alias FAIL2BAN = /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *
telegraf ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN
Defaults!FAIL2BAN !logfile, !syslog, !pam_session
``` ```
### Configuration: ### Configuration:
``` toml ```toml
# Read metrics from fail2ban. # Read metrics from fail2ban.
[[inputs.fail2ban]] [[inputs.fail2ban]]
## Use sudo to run fail2ban-client ## Use sudo to run fail2ban-client

15
plugins/inputs/ipset/README.md
View File

@ -25,10 +25,19 @@ AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN
### Using sudo ### Using sudo
You may edit your sudo configuration with the following: You will need the following in your telegraf config:
```toml
[[inputs.ipset]]
use_sudo = true
```
```sudo You will also need to update your sudoers file:
telegraf ALL=(root) NOPASSWD: /sbin/ipset save ```bash
$ visudo
# Add the following line:
Cmnd_Alias IPSETSAVE = /sbin/ipset save
telegraf ALL=(root) NOPASSWD: IPSETSAVE
Defaults!IPSETSAVE !logfile, !syslog, !pam_session
``` ```
### Configuration ### Configuration

16
plugins/inputs/iptables/README.md
View File

@ -28,10 +28,20 @@ Since telegraf will fork a process to run iptables, `AmbientCapabilities` is req
### Using sudo ### Using sudo
You may edit your sudo configuration with the following: You will need the following in your telegraf config:
```toml
[[inputs.iptables]]
use_sudo = true
```
```sudo You will also need to update your sudoers file:
telegraf ALL=(root) NOPASSWD: /usr/bin/iptables -nvL *
```bash
$ visudo
# Add the following line:
Cmnd_Alias IPTABLESSHOW = /usr/bin/iptables -nvL *
telegraf ALL=(root) NOPASSWD: IPTABLESSHOW
Defaults!IPTABLESSHOW !logfile, !syslog, !pam_session
``` ```
### Using IPtables lock feature ### Using IPtables lock feature

4
plugins/inputs/opensmtpd/README.md
View File

@ -86,7 +86,9 @@ You will also need to update your sudoers file:
```bash ```bash
$ visudo $ visudo
# Add the following line: # Add the following line:
telegraf ALL=(ALL) NOPASSWD: /usr/sbin/smtpctl Cmnd_Alias SMTPCTL = /usr/sbin/smtpctl
telegraf ALL=(ALL) NOPASSWD: SMTPCTL
Defaults!SMTPCTL !logfile, !syslog, !pam_session
``` ```
Please use the solution you see as most appropriate. Please use the solution you see as most appropriate.

21
plugins/inputs/smart/README.md
View File

@ -61,6 +61,27 @@ smartctl -s on <device>
# devices = [ "/dev/ada0 -d atacam" ] # devices = [ "/dev/ada0 -d atacam" ]
``` ```
### Permissions:
It's important to note that this plugin references smartctl, which may require additional permissions to execute successfully.
Depending on the user/group permissions of the telegraf user executing this plugin, you may need to use sudo.
You will need the following in your telegraf config:
```toml
[[inputs.smart]]
use_sudo = true
```
You will also need to update your sudoers file:
```bash
$ visudo
# Add the following line:
Cmnd_Alias SMARTCTL = /usr/bin/smartctl
telegraf ALL=(ALL) NOPASSWD: SMARTCTL
Defaults!SMARTCTL !logfile, !syslog, !pam_session
```
### Metrics: ### Metrics:
- smart_device: - smart_device:

4
plugins/inputs/unbound/README.md
View File

@ -56,7 +56,9 @@ You will also need to update your sudoers file:
```bash ```bash
$ visudo $ visudo
# Add the following line: # Add the following line:
telegraf ALL=(ALL) NOPASSWD: /usr/sbin/unbound-control Cmnd_Alias UNBOUNDCTL = /usr/sbin/unbound-control
telegraf ALL=(ALL) NOPASSWD: UNBOUNDCTL
Defaults!UNBOUNDCTL !logfile, !syslog, !pam_session
``` ```
Please use the solution you see as most appropriate. Please use the solution you see as most appropriate.

4
plugins/inputs/varnish/README.md
View File

@ -391,7 +391,9 @@ You will also need to update your sudoers file:
```bash ```bash
$ visudo $ visudo
# Add the following line: # Add the following line:
telegraf ALL=(ALL) NOPASSWD: /usr/bin/varnishstat Cmnd_Alias VARNISHSTAT = /usr/bin/varnishstat
telegraf ALL=(ALL) NOPASSWD: VARNISHSTAT
Defaults!VARNISHSTAT !logfile, !syslog, !pam_session
``` ```
Please use the solution you see as most appropriate. Please use the solution you see as most appropriate.