vars/_defs_Sudoroles.ps1
$SUDO_PASSWD_TYPES=@( "" "-nopasswd" ) $SUDO_ROLE_DEFS = @( @{ name="operate" description="read logs, manage services, adjust networking, Kill processes" sudoCommand=@( "/usr/bin/dmesg", "/usr/bin/journalctl", "/usr/sbin/aureport", "/usr/sbin/ausearch", "/usr/bin/tail /var/log/audit/*" "/usr/bin/systemctl stop *", "/usr/bin/systemctl start *", "/usr/bin/systemctl restart *", "/usr/bin/systemctl reload *", "/usr/bin/systemctl status *" "/usr/bin/nmtui", "/usr/bin/nmcli", "/usr/bin/hostnamectl", "/usr/bin/resolvectl", "/usr/sbin/ip", "/usr/bin/firewall-cmd", "/usr/sbin/dhclient", "/usr/sbin/ifconfig", "/usr/sbin/route" "/usr/bin/nice", "/usr/bin/kill", "/usr/bin/killall" ) } @{ name="software" description="yum/dnf" sudoCommand=@( "/usr/bin/dnf", "/usr/bin/yum", "/usr/bin/rpm" ) } @{ name="full" description="Full Sudo rights: selinux, arbitrary edit, chmod" sudoCommand=@( "ALL" ) } ) |