From b9f092463d73c44d6bd46e17a9533f11b7a9a18c Mon Sep 17 00:00:00 2001 From: PrincessPi3 Date: Tue, 14 Oct 2025 06:17:09 -0600 Subject: [PATCH] testan a reboold --- reconfig_full.sh | 18 +++++++++++++++- warn-level-conf/visudo | 47 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 warn-level-conf/visudo diff --git a/reconfig_full.sh b/reconfig_full.sh index 0655152..41cfaf6 100644 --- a/reconfig_full.sh +++ b/reconfig_full.sh @@ -16,6 +16,7 @@ influxdb="/etc/influxdb/influxdb.conf" telegraf="/etc/telegraf/telegraf.conf" udev_rule="/etc/udev/rules.d/50-tty.rules" bootfirmwareconfig="/boot/firmware/config.txt" +sudoers="/etc/sudoers" # hwclockset="/lib/udev/hwclock-set" # new conf file paths gpsd_new=""$1/gpsd"" @@ -27,6 +28,7 @@ udev_new="$1/50-tty.rules" bootfirmwareconfig_new="$1/boot-firmware-config.txt" # hwclockset_new="$1/hwclock-set" crontab_new="$1/root-crontab" +sudoers_new="$1/sudoers" # stop da services bash ./services.sh stop @@ -48,7 +50,21 @@ echo -e "\tConfiguring telegraf" sudo bash -c "cat $telegraf_new > $telegraf" echo -e "\tConfiguring udev" sudo bash -c "cat $udev_new > $udev_rule" -echo -e "\tConfiguring hwclockset" + +# setup and install root crontabs +echo -e "\tInstalling crontabs! just save file and exit with no edits" +read -p "Press ENTER to Continue" +(sudo crontab -l 2>/dev/null && sudo cat $crontab_new) | sudo crontab - + +# set up passwordless sudo +## backup first +sudo cp /etc/sudoers /etc/sudoers.bak +## replace sudoers with mine +(sudo cat /etc/sudoers; cat $sudoers) | sudo tee -a /etc/sudoers +## test it +# sudo visudo -c +## config hwclockset +# echo -e "\tConfiguring hwclockset" # sudo bash -c "cat $hwclockset_new > $hwclockset" # check if /boot/firmware/config.txt is configured yet diff --git a/warn-level-conf/visudo b/warn-level-conf/visudo new file mode 100644 index 0000000..c2ad7dc --- /dev/null +++ b/warn-level-conf/visudo @@ -0,0 +1,47 @@ +# +# This file MUST be edited with the 'visudo' command as root. +# +# Please consider adding local content in /etc/sudoers.d/ instead of +# directly modifying this file. +# +# See the man page for details on how to write a sudoers file. +# +Defaults env_reset +Defaults mail_badpass +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +# This fixes CVE-2005-4890 and possibly breaks some versions of kdesu +# (#1011624, https://bugs.kde.org/show_bug.cgi?id=452532) +Defaults use_pty + +# This preserves proxy settings from user environments of root +# equivalent users (group sudo) +#Defaults:%sudo env_keep += "http_proxy https_proxy ftp_proxy all_proxy no_proxy" + +# This allows running arbitrary commands, but so does ALL, and it means +# different sudoers have their choice of editor respected. +#Defaults:%sudo env_keep += "EDITOR" + +# Completely harmless preservation of a user preference. +#Defaults:%sudo env_keep += "GREP_COLOR" + +# While you shouldn't normally run git as root, you need to with etckeeper +#Defaults:%sudo env_keep += "GIT_AUTHOR_* GIT_COMMITTER_*" + +# Per-user preferences; root won't have sensible values for them. +#Defaults:%sudo env_keep += "EMAIL DEBEMAIL DEBFULLNAME" + +# "sudo scp" or "sudo rsync" should be able to use your SSH agent. +#Defaults:%sudo env_keep += "SSH_AGENT_PID SSH_AUTH_SOCK" + +# User privilege specification +root ALL=(ALL:ALL) ALL + +# Allow members of group sudo to execute any command +# %sudo ALL=(ALL:ALL) ALL + +# passwordless sudo for sudo group +%sudo ALL = (ALL) NOPASSWD: ALL + +# See sudoers(5) for more information on "@include" directives: +@includedir /etc/sudoers.d \ No newline at end of file