#
# sudo rules for the zabbix agent
#
#         ________
#        /        \     ____   ___    _   _  ___ _____   _____ ____ ___ _____   _
#       /_ ___ _  _\   |  _ \ / _ \  | \ | |/ _ \_   _| | ____|  _ \_ _|_   _| | |
#      |(_` | / \|_)|  | | | | | | | |  \| | | | || |   |  _| | | | | |  | |   | |
#      |._) | \_/|  |  | |_| | |_| | | |\  | |_| || |   | |___| |_| | |  | |   |_|
#       \          /   |____/ \___/  |_| \_|\___/ |_|   |_____|____/___| |_|   (_)
#        \________/
#            ||
#            ||
#            ||
#            ||
#            ||
#
# This file will be overwritten, do not modify it
# create a new file for any custom/local rules!
#

# General 'no password, no log, no tty' configuration
Defaults:zabbix !requiretty
Defaults:zabbix !authenticate
Defaults:zabbix !syslog

### Used for /usr/libexec/zabbix-agent/setup.d

# Allow zabbix to re-trigger udev rule updates to fix permissions on /dev/ipmi0
zabbix ALL=(root) NOPASSWD: /bin/udevadm trigger /dev/ipmi0

### Used for UserParameters

# Allow zabbix to check the apache config for problems
zabbix ALL=(root) NOPASSWD: /usr/sbin/apachectl configtest

# Allow zabbix to monitor netfilter connection tracking
zabbix ALL=(root) NOPASSWD: /bin/grep --include=??_conntrack -sch * /proc/net/ip_conntrack /proc/net/nf_conntrack
zabbix ALL=(root) NOPASSWD: /sbin/conntrack -L -o labels

# Allow zabbix to run journald to monitor php warning/error messages
zabbix ALL=(root) NOPASSWD:  /usr/libexec/zabbix-agent/php-error-count *

# Allow zabbix to run the requesttimes metric analyzer
zabbix ALL=(root) NOPASSWD:  /usr/libexec/zabbix-agent/oca-requesttimes-metric

# Allow zabbix to kill soffice.bin (ng-ooconvert)
zabbix ALL=(ng-ooconvert) NOPASSWD: /bin/killall soffice.bin

# Issue #51425 - Allow zabbix to find metrics of the the latest mysql backups
zabbix ALL=(root) NOPASSWD: /usr/libexec/zabbix-agent/mysql-backup-metrics --age *
zabbix ALL=(root) NOPASSWD: /usr/libexec/zabbix-agent/mysql-backup-metrics --backup-size *
zabbix ALL=(root) NOPASSWD: /usr/libexec/zabbix-agent/mysql-backup-metrics --raw-size *

# INFRA-706: Monitor smppd status
zabbix ALL=(ngcomms) NOPASSWD: /usr/libexec/zabbix-agent/ngcomms-smppd-discovery *

# INFRA-1090: Commands needed by Docker wrappers (discovery + metrics)
zabbix ALL=(root) NOPASSWD: /bin/docker ps --no-trunc --format\=*
zabbix ALL=(root) NOPASSWD: /bin/curl --silent --unix-socket /var/run/docker.sock http\://localhost/containers/*/stats?stream\=0

# INFRA-????: Monitor DNS dynamic zone sync
zabbix ALL=(named) NOPASSWD: /usr/sbin/named-checkconf -p /etc/named.conf

# INFRA-1697: Data for OCA instance dashboard
zabbix ALL=(root) NOPASSWD: /usr/libexec/zabbix-agent/aggregate-oca-account-status *

# INFRA-1733: OCA instance online status on this host 
zabbix ALL=(oca) NOPASSWD: /home/oca/accounts/*/code/ngsys/bin/is-online.php

# Filesystem certificate discovery
zabbix ALL=(root) NOPASSWD: /usr/libexec/zabbix-agent/glob --files --realpath --null --braces -- *
zabbix ALL=(root) NOPASSWD: /usr/libexec/zabbix-agent/fs-certificate-discovery --readcert *

# IPTable save check
zabbix ALL=(root) NOPASSWD: /usr/sbin/iptables-save
zabbix ALL=(root) NOPASSWD: /usr/bin/cat /etc/sysconfig/iptables

# raid-status-megaraid
zabbix ALL=(root) NOPASSWD: /opt/MegaRAID/MegaCli/MegaCli64 -adpAllInfo    -aALL -NoLog
zabbix ALL=(root) NOPASSWD: /opt/MegaRAID/MegaCli/MegaCli64 -AdpGetPciInfo -aALL -NoLog
zabbix ALL=(root) NOPASSWD: /opt/MegaRAID/MegaCli/MegaCli64 -AdpBbuCmd     -aALL -NoLog
zabbix ALL=(root) NOPASSWD: /opt/MegaRAID/MegaCli/MegaCli64 -EncInfo       -aALL -NoLog
zabbix ALL=(root) NOPASSWD: /opt/MegaRAID/MegaCli/MegaCli64 -PdList        -aALL -NoLog
zabbix ALL=(root) NOPASSWD: /opt/MegaRAID/MegaCli/MegaCli64 -LDInfo -LAll  -aALL -NoLog
zabbix ALL=(root) NOPASSWD: /sbin/smartctl -d megaraid\,[0-9]      -i /dev/sd[a-z]
zabbix ALL=(root) NOPASSWD: /sbin/smartctl -d megaraid\,[0-9][0-9] -i /dev/sd[a-z]
zabbix ALL=(root) NOPASSWD: /sbin/smartctl -d megaraid\,[0-9]      -i /dev/sd[a-z][a-z]
zabbix ALL=(root) NOPASSWD: /sbin/smartctl -d megaraid\,[0-9][0-9] -i /dev/sd[a-z][a-z]

# INFRA-1919: OCA instance version mismatch check
zabbix ALL=(root) NOPASSWD: /usr/libexec/zabbix-agent/oca-instance-check-version-mismatch *

# OCASRV-6406: OCA int table size check
zabbix ALL=(root) NOPASSWD: /usr/libexec/zabbix-agent/oca-monitor-table-ids *

# radius check certificate expiry
zabbix ALL=(root) NOPASSWD:/usr/libexec/zabbix-agent/check-radius-cert-expiry

# NIF instance discovery
zabbix ALL=(root) NOPASSWD: /usr/libexec/zabbix-agent/nif-discovery-mtls
zabbix ALL=(root) NOPASSWD: /usr/libexec/zabbix-agent/nif-mtls-certificate *
