Can Foglight restrict sudo rights to the FIND command?
The sudoers config file required NOPASSWD access to /usr/bin/find and /bin/cat in earlier versions of the Infrastructure Cartridge when collecting data from Linux systems with sudo.
The entries can be further restricted in this release by replacing them with following (for user 'foglight'):
{code}
foglight ALL = NOPASSWD: /usr/bin/find /proc -maxdepth 2 -regex ^/proc/\[0-9\]\*/io$ -exec /bin/echo *, /bin/cat /proc/*/io
{code}
* Note that the ethtool and mii-tool entries are still required, and have not been changed. If either tool is present on the host you wish to monitor (check in /sbin or /usr/sbin), please include them in the sudoers file for the appropriate user. "
The edit specified in the release note can only be made to the sudoers file when the customer has installed and is using the *next* release of IC.
The Solaris agent no longer requires the use of /bin/sh/ with sudo access.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Nutzungsbedingungen Datenschutz Cookie Preference Center