Update sudo.yml
1. Has broaden the list of "sudo_coreutils_safe" commands
2. Added access to everything by "rabbitmqcttl"
3. Introduced new groups of commands:
* sudo_networking_base_utilities
* sudo_contrail_utilities
* sudo_storage_utilities
* sudo_openstack_clients
diff --git a/linux/system/sudo.yml b/linux/system/sudo.yml
index 1668c12..d403ba3 100644
--- a/linux/system/sudo.yml
+++ b/linux/system/sudo.yml
@@ -23,7 +23,25 @@
- /usr/sbin/visudo
sudo_coreutils_safe:
- /usr/bin/less
+ - /usr/bin/strace
+ - /usr/bin/ltrace
+ - /usr/bin/grep
+ - /usr/bin/fgrep
+ - /usr/bin/egrep
+ - /usr/bin/zgrep
+ - /usr/bin/tail
+ - /usr/bin/socat
+ - /usr/bin/top
+ - /usr/bin/tail
+ - /usr/bin/mysql*
+ - /usr/bin/lsof
+ - /usr/bin/virsh
+ - /bin/ls
+ - /bin/cp
+ - /bin/netstat
+ - /bin/kill
sudo_rabbitmq_safe:
+ - /usr/sbin/rabbitmqctl
- /usr/sbin/rabbitmqctl status
- /usr/sbin/rabbitmqctl cluster_status
- /usr/sbin/rabbitmqctl list_queues*
@@ -41,3 +59,42 @@
- /usr/bin/salt-call saltutil*
sudo_salt_trusted:
- /usr/bin/salt*
+ sudo_networking_base_utilities:
+ - /sbin/ip
+ - /sbin/ss
+ - /sbin/ifconfig
+ - /sbin/route
+ - /sbin/ethtool
+ - /sbin/tcpdump
+ sudo_contrail_utilities:
+ - /usr/bin/contrail*
+ - /bin/contrail*
+ - /usr/bin/vif
+ - /usr/bin/flow
+ - /usr/bin/vrfstats
+ - /usr/bin/rt
+ - /usr/bin/dropstats
+ - /usr/bin/mpls
+ - /usr/bin/mirror
+ - /usr/bin/vxlan
+ - /usr/bin/nh
+ sudo_storage_utilities:
+ - /usr/bin/ceph*
+ - /usr/bin/rados*
+ - /usr/bin/rbd
+ - /usr/sbin/gluster
+ sudo_openstack_clients:
+ - /usr/bin/openstack
+ - /usr/bin/heat*
+ - /usr/bin/nova*
+ - /usr/bin/neutron*
+ - /usr/bin/keystone*
+ - /usr/bin/glance*
+ - /usr/bin/cinder*
+ - /usr/bin/swift*
+ - /usr/bin/ironic*
+ - /usr/bin/manila*
+ - /usr/bin/barbican*
+ - /usr/bin/ceilometer*
+ - /usr/bin/trove*
+