update_sudo.pl
This script activates SUDO fragments on the client host into the designated repository based on the configuration in the grants, alias and fragments configuration files.
Syntax:
$ pod2text update_sudo.pl
update_sudo.pl [-d|--debug]
[-h|--help]
([-p|--preview] [-g|--global]) | [-r|--remove]
[-v|--verbose]
[-V|--version]
update_sudo.pl requires a correctly configured update_sudo.conf or update_sudo.conf.local in order to work.
this script should only be run on the client hosts (unless the SUDO master is also its own client) and requires root privileges
manage_sudo.sh
This script is the administrative wrapper script and performs basic functions for SUDO controls such as:
- distribute the SUDO controls files (copy)
- trigger a SUDO fragments update locally or remote (apply)
- validate SUDO syntax
- discover SSH host keys
manage_sudo.sh requires a correctly configured manage_sudo.conf or manage_sudo.conf.local in order to work.
Syntax:
$ manage_ssh.sh --help
**** manage_sudo.sh ****
**** (c) KUDOS BVBA - Patrick Van der Veken ****
Performs basic functions for SUDO controls: update SUDOers files locally or
remote, validate SUDO syntax or copy/distribute the SUDO controls files
Syntax: ./manage_sudo.sh [--help] | (--backup | --check-syntax | --check-sudo | --preview-global | --update) |
(--apply [--slave] [--remote-dir=<remote_directory>] [--targets=<host1>,<host2>,...]) |
((--copy|--distribute) [--slave] [--remote-dir=<remote_directory> [--targets=<host1>,<host2>,...]]) |
(--discover [--targets=<host1>,<host2>,...]) |
([--fix-local --fix-dir=<repository_dir> [--fix-user=<unix_account>] [--create-dir]] |
[--fix-remote [--slave] [--create-dir] [--targets=<host1>,<host2>,...]])
[--preview-global] [--local-dir=<local_directory>]
[--no-log] [--log-dir=<log_directory>] [--debug]
Parameters:
--alias : name of the alias to process
--apply|-a : apply SUDO controls remotely (~targets)
--backup|-b : create a backup of the SUDO controls repository (SUDO master)
--check-syntax|-s : do basic syntax checking on SUDO controls configuration
(grants & alias files)
--check-sudo : validate the SUDO fragments in the holding directory
--copy|-c : copy SUDO control files to remote host (~targets)
--create-dir : also create missing directories when fixing the SUDO controls
repository (see also --fix-local/--fix-remote)
--debug : print extra status messages on STDERR
--discover|-d : discover SSH host keys (STDOUT)
--distribute : same as --copy
--fix-dir : location of the local SUDO controls client repository
--fix-local : fix permissions on the local SUDO controls repository
(local SUDO controls repository given by --fix-dir)
--fix-remote : fix permissions on the remote SUDO controls repository
--fix-user : UNIX account to own SUDO controls files [default: current user]
--help|-h : this help text
--local-dir : location of the SUDO control files on the local filesystem.
[default: see LOCAL_DIR setting]
--log-dir : specify a log directory location.
--no-log : do not log any messages to the script log file.
--preview-global|-p : dump the global grants namespace (after alias resolution)
--remote-dir : directory where SUDO control files are/should be
located/copied on/to the target host
[default: see REMOTE_DIR setting]
--resolve-alias|-r : resolve an alias into its individual components
--slave : perform actions in master->slave mode
--targets : comma-separated list of target hosts or @groups to operate on.
Overrides hosts/@groups contained in the 'targets' file.
--update|-u : apply SUDO controls locally
--version|-V : show the script version/release/fix
Note 1: copy and apply actions are run in parallel across a maximum of clients
at the same time [default: see MAX_BACKGROUND_PROCS setting]
Note 2: make sure correct 'sudo' rules are setup on the target systems to allow
the SUDO controls script to run with elevated privileges.
Note 3: only GLOBAL configuration files will be distributed to target hosts.
Comments