ASDPLNG-55: Review and test puppet-profile_sudo
Add org_asd & org_irst as defaults for sudo groups Disable sudo for all_disabled_usr group Update profile_sudo to v0.1.1
This commit is contained in:
parent
0e9d96eee7
commit
3476984ba3
@ -18,7 +18,7 @@ mod 'ncsa/profile_allow_ssh_from_bastion', tag: 'v0.2.0', git: 'https://github.c
|
||||
# mod 'ncsa/profile_firewall', tag: 'v1.0.1', git: 'https://github.com/ncsa/puppet-profile_firewall'
|
||||
mod 'ncsa/profile_pam_access', tag: 'v0.0.4', git: 'https://github.com/ncsa/puppet-profile_pam_access'
|
||||
# mod 'ncsa/profile_puppet_master', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_puppet_master'
|
||||
# mod 'ncsa/profile_sudo', tag: 'v0.1.0', git: 'https://github.com/ncsa/profile_sudo'
|
||||
mod 'ncsa/profile_sudo', tag: 'v0.1.1', git: 'https://github.com/ncsa/puppet-profile_sudo'
|
||||
# mod 'ncsa/profile_timezone', tag: 'v0.1.0', git: 'https://github.com/ncsa/puppet-profile_timezone'
|
||||
mod 'ncsa/sshd', tag: 'v0.3.0', git: 'https://github.com/ncsa/puppet-sshd'
|
||||
mod 'ncsa/sssd', tag: 'v3.0.0', git: 'https://github.com/ncsa/puppet-sssd'
|
||||
@ -37,7 +37,7 @@ mod 'puppetlabs/stdlib', '6.3.0'
|
||||
# mod 'puppetlabs/xinetd', '3.3.0'
|
||||
mod 'richardc-datacat', '0.6.2'
|
||||
# mod 'saz/limits', '3.0.4'
|
||||
# mod 'saz/sudo', '6.0.0'
|
||||
mod 'saz/sudo', '6.0.0'
|
||||
# mod 'saz/timezone', '6.0.0'
|
||||
# mod 'sharumpe-tcpwrappers', '1.0.4'
|
||||
#mod 'sharumpe-tcpwrappers', tag: '1.0.7', git: 'https://github.com/sharumpe/puppet-tcpwrappers.git'
|
||||
|
@ -12,6 +12,16 @@ profile_allow_ssh_from_bastion::groups:
|
||||
- org_asd
|
||||
- org_irst
|
||||
|
||||
profile_sudo::configs:
|
||||
common_disabled_users:
|
||||
priority: 1
|
||||
content:
|
||||
- "#deny former NCSA users"
|
||||
- "%all_disabled_usr ALL=(ALL) !ALL"
|
||||
profile_sudo::groups:
|
||||
org_asd: "ALL=(ALL) NOPASSWD: ALL"
|
||||
org_irst: "ALL=(ALL) NOPASSWD: ALL"
|
||||
|
||||
sssd::debug_level: 0
|
||||
sssd::domains:
|
||||
ncsa.illinois.edu:
|
||||
|
@ -6,7 +6,7 @@ class profile::base {
|
||||
include ::profile_allow_ssh_from_bastion
|
||||
# include ::profile_email
|
||||
include ::profile_pam_access
|
||||
# include ::profile_sudo
|
||||
include ::profile_sudo
|
||||
# include ::profile_timezone
|
||||
include ::profile::sssd
|
||||
include ::sshd
|
||||
|
Loading…
Reference in New Issue
Block a user