Update sudo config recommendation (#5337)

This commit is contained in:
vignemail1 2019-01-24 19:54:25 +01:00 committed by Daniel Nelson
parent 35d18d3fd7
commit 7a229e25a6
7 changed files with 68 additions and 13 deletions

View File

@ -10,10 +10,19 @@ Acquiring the required permissions can be done using several methods:
### Using sudo
You may edit your sudo configuration with the following:
You will need the following in your telegraf config:
```toml
[[inputs.fail2ban]]
use_sudo = true
```
``` sudo
telegraf ALL=(root) NOEXEC: NOPASSWD: /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *
You will also need to update your sudoers file:
```bash
$ visudo
# Add the following line:
Cmnd_Alias FAIL2BAN = /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *
telegraf ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN
Defaults!FAIL2BAN !logfile, !syslog, !pam_session
```
### Configuration:

View File

@ -25,10 +25,19 @@ AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN
### Using sudo
You may edit your sudo configuration with the following:
You will need the following in your telegraf config:
```toml
[[inputs.ipset]]
use_sudo = true
```
```sudo
telegraf ALL=(root) NOPASSWD: /sbin/ipset save
You will also need to update your sudoers file:
```bash
$ visudo
# Add the following line:
Cmnd_Alias IPSETSAVE = /sbin/ipset save
telegraf ALL=(root) NOPASSWD: IPSETSAVE
Defaults!IPSETSAVE !logfile, !syslog, !pam_session
```
### Configuration

View File

@ -28,10 +28,20 @@ Since telegraf will fork a process to run iptables, `AmbientCapabilities` is req
### Using sudo
You may edit your sudo configuration with the following:
You will need the following in your telegraf config:
```toml
[[inputs.iptables]]
use_sudo = true
```
```sudo
telegraf ALL=(root) NOPASSWD: /usr/bin/iptables -nvL *
You will also need to update your sudoers file:
```bash
$ visudo
# Add the following line:
Cmnd_Alias IPTABLESSHOW = /usr/bin/iptables -nvL *
telegraf ALL=(root) NOPASSWD: IPTABLESSHOW
Defaults!IPTABLESSHOW !logfile, !syslog, !pam_session
```
### Using IPtables lock feature

View File

@ -86,7 +86,9 @@ You will also need to update your sudoers file:
```bash
$ visudo
# Add the following line:
telegraf ALL=(ALL) NOPASSWD: /usr/sbin/smtpctl
Cmnd_Alias SMTPCTL = /usr/sbin/smtpctl
telegraf ALL=(ALL) NOPASSWD: SMTPCTL
Defaults!SMTPCTL !logfile, !syslog, !pam_session
```
Please use the solution you see as most appropriate.

View File

@ -61,6 +61,27 @@ smartctl -s on <device>
# devices = [ "/dev/ada0 -d atacam" ]
```
### Permissions:
It's important to note that this plugin references smartctl, which may require additional permissions to execute successfully.
Depending on the user/group permissions of the telegraf user executing this plugin, you may need to use sudo.
You will need the following in your telegraf config:
```toml
[[inputs.smart]]
use_sudo = true
```
You will also need to update your sudoers file:
```bash
$ visudo
# Add the following line:
Cmnd_Alias SMARTCTL = /usr/bin/smartctl
telegraf ALL=(ALL) NOPASSWD: SMARTCTL
Defaults!SMARTCTL !logfile, !syslog, !pam_session
```
### Metrics:
- smart_device:

View File

@ -56,7 +56,9 @@ You will also need to update your sudoers file:
```bash
$ visudo
# Add the following line:
telegraf ALL=(ALL) NOPASSWD: /usr/sbin/unbound-control
Cmnd_Alias UNBOUNDCTL = /usr/sbin/unbound-control
telegraf ALL=(ALL) NOPASSWD: UNBOUNDCTL
Defaults!UNBOUNDCTL !logfile, !syslog, !pam_session
```
Please use the solution you see as most appropriate.

View File

@ -391,7 +391,9 @@ You will also need to update your sudoers file:
```bash
$ visudo
# Add the following line:
telegraf ALL=(ALL) NOPASSWD: /usr/bin/varnishstat
Cmnd_Alias VARNISHSTAT = /usr/bin/varnishstat
telegraf ALL=(ALL) NOPASSWD: VARNISHSTAT
Defaults!VARNISHSTAT !logfile, !syslog, !pam_session
```
Please use the solution you see as most appropriate.