diff --git a/warn-level-conf/visudo b/debug-level-conf/sudoers similarity index 100% rename from warn-level-conf/visudo rename to debug-level-conf/sudoers diff --git a/info-level-conf-huawaii/sudoers b/info-level-conf-huawaii/sudoers new file mode 100644 index 0000000..c2ad7dc --- /dev/null +++ b/info-level-conf-huawaii/sudoers @@ -0,0 +1,47 @@ +# +# This file MUST be edited with the 'visudo' command as root. +# +# Please consider adding local content in /etc/sudoers.d/ instead of +# directly modifying this file. +# +# See the man page for details on how to write a sudoers file. +# +Defaults env_reset +Defaults mail_badpass +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +# This fixes CVE-2005-4890 and possibly breaks some versions of kdesu +# (#1011624, https://bugs.kde.org/show_bug.cgi?id=452532) +Defaults use_pty + +# This preserves proxy settings from user environments of root +# equivalent users (group sudo) +#Defaults:%sudo env_keep += "http_proxy https_proxy ftp_proxy all_proxy no_proxy" + +# This allows running arbitrary commands, but so does ALL, and it means +# different sudoers have their choice of editor respected. +#Defaults:%sudo env_keep += "EDITOR" + +# Completely harmless preservation of a user preference. +#Defaults:%sudo env_keep += "GREP_COLOR" + +# While you shouldn't normally run git as root, you need to with etckeeper +#Defaults:%sudo env_keep += "GIT_AUTHOR_* GIT_COMMITTER_*" + +# Per-user preferences; root won't have sensible values for them. +#Defaults:%sudo env_keep += "EMAIL DEBEMAIL DEBFULLNAME" + +# "sudo scp" or "sudo rsync" should be able to use your SSH agent. +#Defaults:%sudo env_keep += "SSH_AGENT_PID SSH_AUTH_SOCK" + +# User privilege specification +root ALL=(ALL:ALL) ALL + +# Allow members of group sudo to execute any command +# %sudo ALL=(ALL:ALL) ALL + +# passwordless sudo for sudo group +%sudo ALL = (ALL) NOPASSWD: ALL + +# See sudoers(5) for more information on "@include" directives: +@includedir /etc/sudoers.d \ No newline at end of file diff --git a/info-level-conf/sudoers b/info-level-conf/sudoers new file mode 100644 index 0000000..c2ad7dc --- /dev/null +++ b/info-level-conf/sudoers @@ -0,0 +1,47 @@ +# +# This file MUST be edited with the 'visudo' command as root. +# +# Please consider adding local content in /etc/sudoers.d/ instead of +# directly modifying this file. +# +# See the man page for details on how to write a sudoers file. +# +Defaults env_reset +Defaults mail_badpass +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +# This fixes CVE-2005-4890 and possibly breaks some versions of kdesu +# (#1011624, https://bugs.kde.org/show_bug.cgi?id=452532) +Defaults use_pty + +# This preserves proxy settings from user environments of root +# equivalent users (group sudo) +#Defaults:%sudo env_keep += "http_proxy https_proxy ftp_proxy all_proxy no_proxy" + +# This allows running arbitrary commands, but so does ALL, and it means +# different sudoers have their choice of editor respected. +#Defaults:%sudo env_keep += "EDITOR" + +# Completely harmless preservation of a user preference. +#Defaults:%sudo env_keep += "GREP_COLOR" + +# While you shouldn't normally run git as root, you need to with etckeeper +#Defaults:%sudo env_keep += "GIT_AUTHOR_* GIT_COMMITTER_*" + +# Per-user preferences; root won't have sensible values for them. +#Defaults:%sudo env_keep += "EMAIL DEBEMAIL DEBFULLNAME" + +# "sudo scp" or "sudo rsync" should be able to use your SSH agent. +#Defaults:%sudo env_keep += "SSH_AGENT_PID SSH_AUTH_SOCK" + +# User privilege specification +root ALL=(ALL:ALL) ALL + +# Allow members of group sudo to execute any command +# %sudo ALL=(ALL:ALL) ALL + +# passwordless sudo for sudo group +%sudo ALL = (ALL) NOPASSWD: ALL + +# See sudoers(5) for more information on "@include" directives: +@includedir /etc/sudoers.d \ No newline at end of file diff --git a/reconfig_full.sh b/reconfig_full.sh index ce735d3..c8fb59e 100644 --- a/reconfig_full.sh +++ b/reconfig_full.sh @@ -61,16 +61,18 @@ sudo bash -c "cat $udev_new > $udev_rule" # setup and install root crontabs echo -e "\tInstalling crontabs! just save file and exit with no edits" read -p "Press ENTER to Continue" +sudo crontab -e (sudo crontab -l 2>/dev/null && sudo cat $crontab_new) | sudo crontab - +## test it +# sudo visudo -c # set up passwordless sudo ## backup first sudo cp /etc/sudoers /etc/sudoers.bak ## replace sudoers with mine sudo cat $sudoers_new > $sudoers -## test it -# sudo visudo -c -## config hwclockset + +# config hwclockset # echo -e "\tConfiguring hwclockset" # sudo bash -c "cat $hwclockset_new > $hwclockset" diff --git a/running-warn-level-conf/sudoers b/running-warn-level-conf/sudoers new file mode 100644 index 0000000..c2ad7dc --- /dev/null +++ b/running-warn-level-conf/sudoers @@ -0,0 +1,47 @@ +# +# This file MUST be edited with the 'visudo' command as root. +# +# Please consider adding local content in /etc/sudoers.d/ instead of +# directly modifying this file. +# +# See the man page for details on how to write a sudoers file. +# +Defaults env_reset +Defaults mail_badpass +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +# This fixes CVE-2005-4890 and possibly breaks some versions of kdesu +# (#1011624, https://bugs.kde.org/show_bug.cgi?id=452532) +Defaults use_pty + +# This preserves proxy settings from user environments of root +# equivalent users (group sudo) +#Defaults:%sudo env_keep += "http_proxy https_proxy ftp_proxy all_proxy no_proxy" + +# This allows running arbitrary commands, but so does ALL, and it means +# different sudoers have their choice of editor respected. +#Defaults:%sudo env_keep += "EDITOR" + +# Completely harmless preservation of a user preference. +#Defaults:%sudo env_keep += "GREP_COLOR" + +# While you shouldn't normally run git as root, you need to with etckeeper +#Defaults:%sudo env_keep += "GIT_AUTHOR_* GIT_COMMITTER_*" + +# Per-user preferences; root won't have sensible values for them. +#Defaults:%sudo env_keep += "EMAIL DEBEMAIL DEBFULLNAME" + +# "sudo scp" or "sudo rsync" should be able to use your SSH agent. +#Defaults:%sudo env_keep += "SSH_AGENT_PID SSH_AUTH_SOCK" + +# User privilege specification +root ALL=(ALL:ALL) ALL + +# Allow members of group sudo to execute any command +# %sudo ALL=(ALL:ALL) ALL + +# passwordless sudo for sudo group +%sudo ALL = (ALL) NOPASSWD: ALL + +# See sudoers(5) for more information on "@include" directives: +@includedir /etc/sudoers.d \ No newline at end of file diff --git a/warn-level-conf/sudoers b/warn-level-conf/sudoers new file mode 100644 index 0000000..c2ad7dc --- /dev/null +++ b/warn-level-conf/sudoers @@ -0,0 +1,47 @@ +# +# This file MUST be edited with the 'visudo' command as root. +# +# Please consider adding local content in /etc/sudoers.d/ instead of +# directly modifying this file. +# +# See the man page for details on how to write a sudoers file. +# +Defaults env_reset +Defaults mail_badpass +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +# This fixes CVE-2005-4890 and possibly breaks some versions of kdesu +# (#1011624, https://bugs.kde.org/show_bug.cgi?id=452532) +Defaults use_pty + +# This preserves proxy settings from user environments of root +# equivalent users (group sudo) +#Defaults:%sudo env_keep += "http_proxy https_proxy ftp_proxy all_proxy no_proxy" + +# This allows running arbitrary commands, but so does ALL, and it means +# different sudoers have their choice of editor respected. +#Defaults:%sudo env_keep += "EDITOR" + +# Completely harmless preservation of a user preference. +#Defaults:%sudo env_keep += "GREP_COLOR" + +# While you shouldn't normally run git as root, you need to with etckeeper +#Defaults:%sudo env_keep += "GIT_AUTHOR_* GIT_COMMITTER_*" + +# Per-user preferences; root won't have sensible values for them. +#Defaults:%sudo env_keep += "EMAIL DEBEMAIL DEBFULLNAME" + +# "sudo scp" or "sudo rsync" should be able to use your SSH agent. +#Defaults:%sudo env_keep += "SSH_AGENT_PID SSH_AUTH_SOCK" + +# User privilege specification +root ALL=(ALL:ALL) ALL + +# Allow members of group sudo to execute any command +# %sudo ALL=(ALL:ALL) ALL + +# passwordless sudo for sudo group +%sudo ALL = (ALL) NOPASSWD: ALL + +# See sudoers(5) for more information on "@include" directives: +@includedir /etc/sudoers.d \ No newline at end of file