sudo basic rules

The ipa_sudo_import.py script (former ipa-sudo-basic-rules.py) can be used in order to install commonly used commands for managing Linux systems. These commands are grouped in JSON catalogs which are updated here and there when I stumble upon commands that are not included yet. Feel free to suggest new commands using Pull requests.

Currently there is one catalog file sudo-basic-rules.json mainly focussing on server systems. Anyhow, I'm also thinking about supplying a dedicated catalog for desktop systems or other use cases - so feel free to suggest new commands.

The script needs to be executed by a user that has administrative permissions in FreeIPA - it does not require root permissions on the FreeIPA server.

Parameters

The following parameters can be used:

Parameter	Description
--version	Show version and quit
-h / --help	Show help and quit
-d / --debug	Enable debugging outputs (default: no)
-n / --dry-run	only simulates what the script would do (default: no)
-i / --info-only	only print catalog version and quits (default: no)
-l / --list-only	only prints definitions and quits (default: no)

Examples

The following command prints the catalog version and amount of commands/command groups:

$ ./ipa_sudo_import.py -i sudo-basic-rules.json
INFO:ipa_sudo_import.py:This definition has version 0.1.9 and consists of 33 command groups and 255 commands.

The following command only simulates importing the catalog:

$ ./ipa_sudo_import.py -n sudo-bsic-rules.json
INFO:ipa_sudo_import.py:I'd like to execute the following command: ipa sudocmd-add '/usr/bin/spacewalk-common-channels' && ipa sudocmdgroup-add-member rhn-server --sudocmds='/usr/bin/spacewalk-common-channels'
INFO:ipa_sudo_import.py:I'd like to execute the following command: ipa sudocmd-add '/usr/bin/spacewalk-data-fsck' && ipa sudocmdgroup-add-member rhn-server --sudocmds='/usr/bin/spacewalk-data-fsck'
...

The following command imports the catalog:

$ ./ipa_sudo_import.py

The following command displays the catalog content:

$ ./ipa_sudo_import.py -l
INFO:ipa_sudo_import.py:Group 'locate' (Managing locate database) has the following commands:
INFO:ipa_sudo_import.py:  /usr/bin/updatedb
INFO:ipa_sudo_import.py:Group 'katello-client' (Managing Katello clients) has the following commands:
INFO:ipa_sudo_import.py:  /usr/bin/subscription-manager, /usr/bin/katello-rhsm-consumer
...

Commands

Currently, the following command groups are part of the basic rule catalog:

Command group	Description
drivers	Managing kernel drivers
editors	Editing files
filemgmt	Managing files
filemgmt-show	Displaying files
filemgmt-find	Searching files
fileperm	Managing file permissions
fileperm-acl	Managing ACLs
locate	Managing locate database
networking	Managing network connections
firewall	Managing firewall configuration
time	Managing time/date configuration
processes	Managing processes
puppet	Master of Puppets
chef-client	Chef client
selinux	Managing SELinux
selinux-files	Managing SELinux file contexts
services	Managing services
shells	Shells and other bad software
software	Managing software
storage-mount	Managing storage mounts
storage-part	Managing storage partitions
storage-lvm	Managing LVM storage
storage-fs	Managing file systems
storage-generic	Generic storage commands
su	Switching user context
usermgmt	Managing users and groups
monitoring	Managing monitoring
ipa-client	Managing IPA clients
ipa-server	Managing IPA servers
rhn-client	Managing Spacewalk clients
rhn-server	Managing Spacewalk servers
katello-client	Managing Katello clients
katello-server	Managing Katello servers
mysql-server	Managing MySQL servers
postfix	Managing Postfix servers
disk-quotas	Managing disk quotas
nfs-server	Managing NFS servers
nfs-client	Managing NFS mounts
power	Managing power
bugs	Managing bug reports
hipster-docker	Managing Docker containers
gitlab	Managing GitLab and GitLab CI installations
fail2ban	Managing fail2ban
system-who	Stalking system's users
samba-server	Managing Samba servers
ipmi-tools	Managing IPMI
cron	Managing cronjobs