Update sudo config recommendation (#5337)
This commit is contained in:
parent
35d18d3fd7
commit
7a229e25a6
|
@ -10,10 +10,19 @@ Acquiring the required permissions can be done using several methods:
|
|||
|
||||
### Using sudo
|
||||
|
||||
You may edit your sudo configuration with the following:
|
||||
You will need the following in your telegraf config:
|
||||
```toml
|
||||
[[inputs.fail2ban]]
|
||||
use_sudo = true
|
||||
```
|
||||
|
||||
``` sudo
|
||||
telegraf ALL=(root) NOEXEC: NOPASSWD: /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *
|
||||
You will also need to update your sudoers file:
|
||||
```bash
|
||||
$ visudo
|
||||
# Add the following line:
|
||||
Cmnd_Alias FAIL2BAN = /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *
|
||||
telegraf ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN
|
||||
Defaults!FAIL2BAN !logfile, !syslog, !pam_session
|
||||
```
|
||||
|
||||
### Configuration:
|
||||
|
|
|
@ -25,10 +25,19 @@ AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN
|
|||
|
||||
### Using sudo
|
||||
|
||||
You may edit your sudo configuration with the following:
|
||||
You will need the following in your telegraf config:
|
||||
```toml
|
||||
[[inputs.ipset]]
|
||||
use_sudo = true
|
||||
```
|
||||
|
||||
```sudo
|
||||
telegraf ALL=(root) NOPASSWD: /sbin/ipset save
|
||||
You will also need to update your sudoers file:
|
||||
```bash
|
||||
$ visudo
|
||||
# Add the following line:
|
||||
Cmnd_Alias IPSETSAVE = /sbin/ipset save
|
||||
telegraf ALL=(root) NOPASSWD: IPSETSAVE
|
||||
Defaults!IPSETSAVE !logfile, !syslog, !pam_session
|
||||
```
|
||||
|
||||
### Configuration
|
||||
|
|
|
@ -28,10 +28,20 @@ Since telegraf will fork a process to run iptables, `AmbientCapabilities` is req
|
|||
|
||||
### Using sudo
|
||||
|
||||
You may edit your sudo configuration with the following:
|
||||
You will need the following in your telegraf config:
|
||||
```toml
|
||||
[[inputs.iptables]]
|
||||
use_sudo = true
|
||||
```
|
||||
|
||||
```sudo
|
||||
telegraf ALL=(root) NOPASSWD: /usr/bin/iptables -nvL *
|
||||
You will also need to update your sudoers file:
|
||||
|
||||
```bash
|
||||
$ visudo
|
||||
# Add the following line:
|
||||
Cmnd_Alias IPTABLESSHOW = /usr/bin/iptables -nvL *
|
||||
telegraf ALL=(root) NOPASSWD: IPTABLESSHOW
|
||||
Defaults!IPTABLESSHOW !logfile, !syslog, !pam_session
|
||||
```
|
||||
|
||||
### Using IPtables lock feature
|
||||
|
|
|
@ -86,7 +86,9 @@ You will also need to update your sudoers file:
|
|||
```bash
|
||||
$ visudo
|
||||
# Add the following line:
|
||||
telegraf ALL=(ALL) NOPASSWD: /usr/sbin/smtpctl
|
||||
Cmnd_Alias SMTPCTL = /usr/sbin/smtpctl
|
||||
telegraf ALL=(ALL) NOPASSWD: SMTPCTL
|
||||
Defaults!SMTPCTL !logfile, !syslog, !pam_session
|
||||
```
|
||||
|
||||
Please use the solution you see as most appropriate.
|
||||
|
|
|
@ -61,6 +61,27 @@ smartctl -s on <device>
|
|||
# devices = [ "/dev/ada0 -d atacam" ]
|
||||
```
|
||||
|
||||
### Permissions:
|
||||
|
||||
It's important to note that this plugin references smartctl, which may require additional permissions to execute successfully.
|
||||
Depending on the user/group permissions of the telegraf user executing this plugin, you may need to use sudo.
|
||||
|
||||
|
||||
You will need the following in your telegraf config:
|
||||
```toml
|
||||
[[inputs.smart]]
|
||||
use_sudo = true
|
||||
```
|
||||
|
||||
You will also need to update your sudoers file:
|
||||
```bash
|
||||
$ visudo
|
||||
# Add the following line:
|
||||
Cmnd_Alias SMARTCTL = /usr/bin/smartctl
|
||||
telegraf ALL=(ALL) NOPASSWD: SMARTCTL
|
||||
Defaults!SMARTCTL !logfile, !syslog, !pam_session
|
||||
```
|
||||
|
||||
### Metrics:
|
||||
|
||||
- smart_device:
|
||||
|
|
|
@ -56,7 +56,9 @@ You will also need to update your sudoers file:
|
|||
```bash
|
||||
$ visudo
|
||||
# Add the following line:
|
||||
telegraf ALL=(ALL) NOPASSWD: /usr/sbin/unbound-control
|
||||
Cmnd_Alias UNBOUNDCTL = /usr/sbin/unbound-control
|
||||
telegraf ALL=(ALL) NOPASSWD: UNBOUNDCTL
|
||||
Defaults!UNBOUNDCTL !logfile, !syslog, !pam_session
|
||||
```
|
||||
|
||||
Please use the solution you see as most appropriate.
|
||||
|
|
|
@ -391,7 +391,9 @@ You will also need to update your sudoers file:
|
|||
```bash
|
||||
$ visudo
|
||||
# Add the following line:
|
||||
telegraf ALL=(ALL) NOPASSWD: /usr/bin/varnishstat
|
||||
Cmnd_Alias VARNISHSTAT = /usr/bin/varnishstat
|
||||
telegraf ALL=(ALL) NOPASSWD: VARNISHSTAT
|
||||
Defaults!VARNISHSTAT !logfile, !syslog, !pam_session
|
||||
```
|
||||
|
||||
Please use the solution you see as most appropriate.
|
||||
|
|
Loading…
Reference in New Issue