1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
#
## Example rules and edit checkers, other suggestions welcomed
## Consider putting local *.ini configuration files in /etc/please.d
#
## include *.ini files from the /etc/please.d directory (create it first)
[include_local]
includedir = /etc/please.d
## permit user 'jim' to run anything
#
#[jim_become_root]
#name = jim
#target = root
#rule = .*
#require_pass = false
#
## permit user jim to modify the hosts file
#
#[jim_hosts]
#name = jim
#type = edit
#target = root
#rule = /etc/hosts
#editmode = 644
#require_pass = false
#
## permit user jim to modify the /etc/please.ini and run a check on exit
#
#[jim_please]
#name = jim
#type = edit
#target = root
#rule = ^/etc/please(\.d/[\w.-]+)?\.ini$
#editmode = 600
#require_pass = false
#exitcmd = /usr/bin/please -c %{NEW}
#
## permit all users to view their own ACL
#
#[list_own]
#name=^%{USER}$
#permit=true
#type=list
#target=^%{USER}$
#
## config checkers
#
## check fstab
#
#[fstab]
#name=jim
#type=edit
#exitcmd=/bin/findmnt --verify --tab-file %{NEW}
#target=root
#rule=/etc/fstab
#editmode=644
#
## check openntpd config
#
#[edit_ntpd]
#name=jim
#type=edit
#rule=/etc/openntpd/ntpd.conf
#editmode=644
#exitcmd=/usr/sbin/ntpd -f %{NEW} -n
#
## check squid config
#
#[squid_check]
#name=jim
#type=edit
#rule=/etc/squid/squid.conf
#exitcmd=/usr/sbin/squid -k check -f %{NEW}
#editmode=644
#
## sshd
#
#[sshd]
#name=jim
#type=edit
#exitcmd=/usr/sbin/sshd -t -f %{NEW}
#editmode=644
#rule=/etc/ssh/sshd_config
#
## bind named.conf
#
#[named_conf]
#name=jim
#type=edit
#exitcmd=/usr/sbin/named-checkconf %{NEW}
#editmode=644
#rule=/etc/bind/named.conf
#
## bind zone
## setup /usr/local/bin/my-named-checkzone, like this:
##
## #!/bin/sh
## DOMAIN=`echo "$PLEASE_SOURCE_FILE" | sed -e 's%/etc/bind/db\.%%g'`
## /usr/sbin/named-checkzone "$DOMAIN" "$1"
#
#[named_zone]
#name=jim
#type=edit
#exitcmd=/usr/local/bin/my-named-checkzone %{NEW}
#editmode=644
#rule=/etc/bind/db\.[\w.-]+
#
## nginx config
#
#[nginx_config]
#name=jim
#type=edit
#exitcmd=/usr/sbin/nginx -t -c %{NEW}
#editmode=644
#rule=/etc/nginx/nginx.conf
#
#[varnish]
#name=jim
#type=edit
#rule=/etc/varnish/[^/]+
#last=true
#exitcmd=/usr/sbin/varnishd -j unix,user=vcache -C -f %{NEW}
|
