mirror of
https://github.com/iiab/iiab.git
synced 2025-02-13 11:42:08 +00:00
26 lines
985 B
YAML
26 lines
985 B
YAML
- name: 'Install package: sudo'
|
|
package:
|
|
name: sudo # (1) Should be installed prior to installing IIAB, (2) Can also be installed by roles/1-prep's roles/openvpn/tasks/install.yml, (3) Is definitely installed by 1-prep here, (4) Used to be installed by roles/2-common/tasks/packages.yml (but that's too late!)
|
|
|
|
- name: Temporarily make file /etc/sudoers editable (0640)
|
|
file:
|
|
path: /etc/sudoers
|
|
mode: 0640
|
|
|
|
- name: '/etc/sudoers: Have sudo log all commands to /var/log/sudo.log -- in addition to the lengthier /var/log/auth.log'
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
regexp: logfile
|
|
line: "Defaults logfile = /var/log/sudo.log"
|
|
|
|
# Not nec (heavyhanded removal of customizations+comments) given sudo defaults.
|
|
#- name: Remove all lines that contain 'requiretty'
|
|
# lineinfile:
|
|
# path: /etc/sudoers
|
|
# regexp: requiretty
|
|
# state: absent
|
|
|
|
- name: End editing file /etc/sudoers -- protect it again (0440)
|
|
file:
|
|
path: /etc/sudoers
|
|
mode: 0440
|