Ensure sudo with local session logs for Fedora 33

2020-12-28 14:56:37 -06:00
parent fcba030a5b
commit ea082eab65
9 changed files with 386 additions and 1 deletions
--- a/vars/Fedora-33-default.yml
+++ b/vars/Fedora-33-default.yml
@@ -0,0 +1,39 @@
+---
+# vars file for ensure_sudo
+package_list:
+  - name: 'libsss_sudo'
+    state: 'present'
+  - name: 'sudo'
+    state: 'present'
+template_list:
+  - dest: '/etc/dnf/protected.d/sudo.conf'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/dnf/protected.d/sudo.conf'
+  - dest: '/etc/pam.d/sudo'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/pam.d/sudo'
+  - dest: '/etc/pam.d/sudo-i'
+    group: 'root'
+    mode: '0644'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/pam.d/sudo-i'
+  - dest: '/etc/sudo.conf'
+    group: 'root'
+    mode: '0640'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/sudo.conf'
+  - dest: '/etc/sudoers'
+    group: 'root'
+    mode: '0440'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/sudoers'
+  - dest: '/etc/sudoers.d/session_log'
+    group: 'root'
+    mode: '0440'
+    owner: 'root'
+    src: '{{ ansible_distribution }}/{{ ansible_distribution_major_version }}/etc/sudoers.d/session_log.j2'
+
--- a/vars/default.yml
+++ b/vars/default.yml
@@ -0,0 +1,2 @@
+---
+# vars file for ensure_sudo