Subversion Repositories ALCASAR

Rev

Rev 2770 | Rev 2931 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
1 root 1
# sudoers file.
2
#
3
# This file MUST be edited with the 'visudo' command as root.
4
#
5
# See the sudoers man page for the details on how to write a sudoers file.
6
#
7
 
8
# Host alias specification
1349 richard 9
Host_Alias	LAN_ORG=192.168.182.0/255.255.255.0,localhost		#réseau de l'organisme
1 root 10
# User alias specification
1710 richard 11
User_Alias	ADMIN=sysadmin				# local admin account
2631 rexy 12
User_Alias	ADMWEB=apache				# web server owner
13
User_Alias	SMS=gammu_smsd				# gammu-smsd owner
1 root 14
 
15
# Cmnd alias specification
2559 rexy 16
Cmnd_Alias	NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh	# network commands
2324 tom.houday 17
Cmnd_Alias	URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update										# packages managment
18
Cmnd_Alias	BYPASS=/usr/local/bin/alcasar-bypass.sh											# authentication bypass
19
Cmnd_Alias	RADDB=/usr/bin/radwho,/usr/sbin/chilli_query										# to manage users in command line
20
Cmnd_Alias	SQL=/usr/local/bin/alcasar-mysql.sh											# to export users database
21
Cmnd_Alias	SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh										# to create conf backup file
22
Cmnd_Alias	EXPORT=/usr/local/bin/alcasar-archive.sh										# to export/save the log files
2882 rexy 23
Cmnd_Alias	BL=/usr/local/bin/alcasar-bl.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/bin/alcasar-url_filter_wl.sh,/usr/local/bin/alcasar-url_filter_bl.sh	# to manage the filtering system
2324 tom.houday 24
Cmnd_Alias	NF=/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset									# to manage the firewall
25
Cmnd_Alias	LOGOUT=/usr/local/bin/alcasar-logout.sh											# to disconnect the users
26
Cmnd_Alias	UAM=/usr/local/bin/alcasar-uamallowed.sh										# to manage the trusted websites (uamallowed)
27
Cmnd_Alias	SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown										# to manage the linux services
28
Cmnd_Alias	GAMMU=/usr/local/bin/alcasar-sms.sh											# to manage the SMS subsystem
2705 tom.houday 29
Cmnd_Alias	SSL=/usr/local/bin/alcasar-importcert.sh,/usr/local/bin/alcasar-letsencrypt.sh,/usr/local/bin/alcasar-https.sh,/usr/local/bin/alcasar-ldap.sh --import-cert *		# to manage the certificates
2324 tom.houday 30
Cmnd_Alias	HTDIGEST=/usr/local/bin/alcasar-profil.sh										# to manage htdigest groups
31
Cmnd_Alias	LOG_GEN=/usr/local/bin/alcasar-generate_log.sh										# to create log PDF from ACC
2466 richard 32
Cmnd_Alias	LDAP=/usr/local/bin/alcasar-ldap.sh											# to enable/disable LDAP connection
2770 rexy 33
Cmnd_Alias  IOT_CAPTURE=/usr/local/bin/alcasar-iot_capture.sh                           # to enable/disable raw capture of Iot (pcap) --> in activity ACC page
1 root 34
 
35
# Defaults specification
36
# Defaults syslog=auth
37
 
38
# Runas alias specification
39
 
40
# User privilege specification
41
root	ALL=(ALL) ALL
42
 
43
# Uncomment to allow people in group wheel to run all commands
44
# %wheel	ALL=(ALL)	ALL
45
 
46
# Same thing without a password
47
# %wheel	ALL=(ALL)	NOPASSWD: ALL
48
 
49
# Samples
50
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
51
# %users  localhost=/sbin/shutdown -h now
52
 
2770 rexy 53
ADMWEB	LAN_ORG=(root)	NOPASSWD: NET,SYSTEM_BACKUP,SQL,BL,NF,EXPORT,RADDB,LOGOUT,UAM,SERVICE,GAMMU,SSL,HTDIGEST,LOG_GEN,LDAP,IOT_CAPTURE
2304 tom.houday 54
ADMIN	LAN_ORG=(root)	NOPASSWD: NET,URPMI,BYPASS,SYSTEM_BACKUP,SQL,EXPORT,SERVICE,SSL
2633 rexy 55
SMS	LAN_ORG=(root)	NOPASSWD: GAMMU