Skip to content

Commit

Permalink
Update sudo config recommendation (#5337)
Browse files Browse the repository at this point in the history
  • Loading branch information
@vignemail1 @danielnelson
vignemail1 authored and danielnelson committed Jan 24, 2019
1 parent 35d18d3 commit 7a229e2
Show file tree
Hide file tree
Showing 7 changed files with 68 additions and 13 deletions.
17 changes: 13 additions & 4 deletions plugins/inputs/fail2ban/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,24 @@ Acquiring the required permissions can be done using several methods:

### Using sudo

You may edit your sudo configuration with the following:
You will need the following in your telegraf config:
```toml
[[inputs.fail2ban]]
use_sudo = true
```

``` sudo
telegraf ALL=(root) NOEXEC: NOPASSWD: /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *
You will also need to update your sudoers file:
```bash
$ visudo
# Add the following line:
Cmnd_Alias FAIL2BAN = /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *
telegraf ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN
Defaults!FAIL2BAN !logfile, !syslog, !pam_session
```

### Configuration:

``` toml
```toml
# Read metrics from fail2ban.
[[inputs.fail2ban]]
## Use sudo to run fail2ban-client
Expand Down
15 changes: 12 additions & 3 deletions plugins/inputs/ipset/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,19 @@ AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN

### Using sudo

You may edit your sudo configuration with the following:
You will need the following in your telegraf config:
```toml
[[inputs.ipset]]
use_sudo = true
```

```sudo
telegraf ALL=(root) NOPASSWD: /sbin/ipset save
You will also need to update your sudoers file:
```bash
$ visudo
# Add the following line:
Cmnd_Alias IPSETSAVE = /sbin/ipset save
telegraf ALL=(root) NOPASSWD: IPSETSAVE
Defaults!IPSETSAVE !logfile, !syslog, !pam_session
```

### Configuration
Expand Down
16 changes: 13 additions & 3 deletions plugins/inputs/iptables/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,20 @@ Since telegraf will fork a process to run iptables, `AmbientCapabilities` is req

### Using sudo

You may edit your sudo configuration with the following:
You will need the following in your telegraf config:
```toml
[[inputs.iptables]]
use_sudo = true
```

You will also need to update your sudoers file:

```sudo
telegraf ALL=(root) NOPASSWD: /usr/bin/iptables -nvL *
```bash
$ visudo
# Add the following line:
Cmnd_Alias IPTABLESSHOW = /usr/bin/iptables -nvL *
telegraf ALL=(root) NOPASSWD: IPTABLESSHOW
Defaults!IPTABLESSHOW !logfile, !syslog, !pam_session
```

### Using IPtables lock feature
Expand Down
4 changes: 3 additions & 1 deletion plugins/inputs/opensmtpd/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,9 @@ You will also need to update your sudoers file:
```bash
$ visudo
# Add the following line:
telegraf ALL=(ALL) NOPASSWD: /usr/sbin/smtpctl
Cmnd_Alias SMTPCTL = /usr/sbin/smtpctl
telegraf ALL=(ALL) NOPASSWD: SMTPCTL
Defaults!SMTPCTL !logfile, !syslog, !pam_session
```

Please use the solution you see as most appropriate.
Expand Down
21 changes: 21 additions & 0 deletions plugins/inputs/smart/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,27 @@ smartctl -s on <device>
# devices = [ "/dev/ada0 -d atacam" ]
```

### Permissions:

It's important to note that this plugin references smartctl, which may require additional permissions to execute successfully.
Depending on the user/group permissions of the telegraf user executing this plugin, you may need to use sudo.


You will need the following in your telegraf config:
```toml
[[inputs.smart]]
use_sudo = true
```

You will also need to update your sudoers file:
```bash
$ visudo
# Add the following line:
Cmnd_Alias SMARTCTL = /usr/bin/smartctl
telegraf ALL=(ALL) NOPASSWD: SMARTCTL
Defaults!SMARTCTL !logfile, !syslog, !pam_session
```

### Metrics:

- smart_device:
Expand Down
4 changes: 3 additions & 1 deletion plugins/inputs/unbound/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,9 @@ You will also need to update your sudoers file:
```bash
$ visudo
# Add the following line:
telegraf ALL=(ALL) NOPASSWD: /usr/sbin/unbound-control
Cmnd_Alias UNBOUNDCTL = /usr/sbin/unbound-control
telegraf ALL=(ALL) NOPASSWD: UNBOUNDCTL
Defaults!UNBOUNDCTL !logfile, !syslog, !pam_session
```

Please use the solution you see as most appropriate.
Expand Down
4 changes: 3 additions & 1 deletion plugins/inputs/varnish/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -391,7 +391,9 @@ You will also need to update your sudoers file:
```bash
$ visudo
# Add the following line:
telegraf ALL=(ALL) NOPASSWD: /usr/bin/varnishstat
Cmnd_Alias VARNISHSTAT = /usr/bin/varnishstat
telegraf ALL=(ALL) NOPASSWD: VARNISHSTAT
Defaults!VARNISHSTAT !logfile, !syslog, !pam_session
```

Please use the solution you see as most appropriate.
Expand Down

0 comments on commit 7a229e2

Please sign in to comment.