Advanced Example Sudo Configuration
This is an example configuration for a Linux system that explicitly defines the commands that are permitted to be executed through sudo. It assumes that the user account used for collection is named 'risc'. The commands are specified by their absolute paths, and may differ between OS distributions and/or versions. This example is for illustrative purposes only. It may not contain all commands requiring sudo. For a current list, see the SSH Collection Module Command Reference.
# Each supported OS has a different Cmnd_Alias below, with commands used by multiple operating systems going to RISC_COMMON.
# Note that some commands are duplicated to account for varying paths used in different environments.
# Please let Flexera support know (with details on the OS, distribution, and version) if there are executable paths in your environment that aren't listed here.
Cmnd_Alias RISC_COMMON = \
/bin/true, \
/sbin/ifconfig -a
Cmnd_Alias RISC_LINUX = \
/bin/cat /sys/devices/virtual/dmi/id/chassis_serial, \
/bin/cat /sys/devices/virtual/dmi/id/product_serial, \
/bin/cat /sys/devices/virtual/dmi/id/product_uuid, \
/bin/df -P, \
/usr/sbin/dmidecode --type bios, \
/usr/sbin/dmidecode --type chassis, \
/usr/sbin/dmidecode --type system, \
/sbin/fdisk -l, \
/bin/ip -json address, \
/sbin/ip -json address, \
/bin/mount, \
/bin/netstat --inet --inet6 -n -p -a -t, \
/bin/ss -n -p -t state established state listening, \
/usr/sbin/ss -n -p -t state established state listening
Cmnd_Alias RISC_AIX = \
/usr/bin/df -Pk, \
/usr/bin/getconf DISK_SIZE /dev/*, \
/usr/sbin/lsfs, \
/opt/freeware/sbin/lsof -i -nP
Cmnd_Alias RISC_SOLARIS = \
/usr/sbin/df -k, \
/usr/bin/pfiles /proc/*, \
/sbin/dladm show-dev -p, \
/sbin/dladm show-dev -s
# Remove the TTY restriction for this user - no TTY is allocated to SSH connections from the RN150.
Defaults:risc !requiretty
# Allow specific commands to be executed by the user without prompting for a password.
risc ALL=(root) NOPASSWD: RISC_COMMON, RISC_LINUX, RISC_AIX, RISC_SOLARIS