From fe3b4179f8f2a744922bfa464d0c65a568e6ef6a Mon Sep 17 00:00:00 2001
From: dbshah12 <dhruvin.shah@delphix.com>
Date: Mon, 30 Sep 2024 20:46:01 +0530
Subject: [PATCH 1/3] DLPX-86537 CIS: sudoers configuration

PR URL: https://www.github.com/delphix/delphix-platform/pull/498
---
 .../roles/delphix-platform/tasks/main.yml     | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml b/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
index 36f1956a..e2002428 100644
--- a/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
+++ b/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
@@ -738,3 +738,37 @@
     path: /etc/environment
     state: absent
     regexp: '^\s*PATH\s*='
+
+
+#
+# Ensure Defaults use_pty is set in /etc/sudoers
+#
+- lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^Defaults use_pty'
+    line: 'Defaults use_pty'
+
+#
+# Ensure Defaults logfile is set in /etc/sudoers
+#
+- lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^Defaults logfile=/var/log/sudo.log'
+    line: 'Defaults logfile=/var/log/sudo.log'
+
+#
+# Create logrotate configuration for sudo.log
+#
+- copy:
+    dest: /etc/logrotate.d/sudo-log
+    content: |
+      /var/log/sudo.log {
+          weekly
+          rotate 4
+          compress
+          missingok
+          notifempty
+      }
+    mode: '0644'

From 51daad59786a5b054f2ac60ab5353fc79707cacf Mon Sep 17 00:00:00 2001
From: dbshah12 <dhruvin.shah@delphix.com>
Date: Thu, 3 Oct 2024 19:59:18 +0530
Subject: [PATCH 2/3] DLPX-86537 Moved changes to files of etc folder

---
 files/common/etc/logrotate.d/sudo-log         | 10 ++++++
 files/common/etc/sudoers.d/delphix            |  4 ++-
 .../roles/delphix-platform/tasks/main.yml     | 34 -------------------
 3 files changed, 13 insertions(+), 35 deletions(-)
 create mode 100644 files/common/etc/logrotate.d/sudo-log

diff --git a/files/common/etc/logrotate.d/sudo-log b/files/common/etc/logrotate.d/sudo-log
new file mode 100644
index 00000000..d6ec300b
--- /dev/null
+++ b/files/common/etc/logrotate.d/sudo-log
@@ -0,0 +1,10 @@
+#
+# Copyright 2024 Delphix
+#
+/var/log/sudo.log {
+    weekly
+    rotate 4
+    compress
+    missingok
+    notifempty
+}
\ No newline at end of file
diff --git a/files/common/etc/sudoers.d/delphix b/files/common/etc/sudoers.d/delphix
index a350907f..e72248bd 100644
--- a/files/common/etc/sudoers.d/delphix
+++ b/files/common/etc/sudoers.d/delphix
@@ -1,5 +1,5 @@
 #
-# Copyright 2018 Delphix
+# Copyright 2018, 2024 Delphix
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,3 +15,5 @@
 #
 
 delphix ALL=(ALL) NOPASSWD:ALL
+Defaults use_pty
+Defaults logfile=/var/log/sudo.log
diff --git a/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml b/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
index e2002428..36f1956a 100644
--- a/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
+++ b/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
@@ -738,37 +738,3 @@
     path: /etc/environment
     state: absent
     regexp: '^\s*PATH\s*='
-
-
-#
-# Ensure Defaults use_pty is set in /etc/sudoers
-#
-- lineinfile:
-    path: /etc/sudoers
-    state: present
-    regexp: '^Defaults use_pty'
-    line: 'Defaults use_pty'
-
-#
-# Ensure Defaults logfile is set in /etc/sudoers
-#
-- lineinfile:
-    path: /etc/sudoers
-    state: present
-    regexp: '^Defaults logfile=/var/log/sudo.log'
-    line: 'Defaults logfile=/var/log/sudo.log'
-
-#
-# Create logrotate configuration for sudo.log
-#
-- copy:
-    dest: /etc/logrotate.d/sudo-log
-    content: |
-      /var/log/sudo.log {
-          weekly
-          rotate 4
-          compress
-          missingok
-          notifempty
-      }
-    mode: '0644'

From 69ee2b711ed7e1a6d865a2d4f3c3b28c42a301ff Mon Sep 17 00:00:00 2001
From: dbshah12 <dhruvin.shah@delphix.com>
Date: Fri, 4 Oct 2024 20:21:58 +0530
Subject: [PATCH 3/3] DLPX-86537 removed copyrights from the configuration
 files

---
 files/common/etc/logrotate.d/sudo-log | 5 +----
 files/common/etc/sudoers.d/delphix    | 3 ---
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/files/common/etc/logrotate.d/sudo-log b/files/common/etc/logrotate.d/sudo-log
index d6ec300b..b0510844 100644
--- a/files/common/etc/logrotate.d/sudo-log
+++ b/files/common/etc/logrotate.d/sudo-log
@@ -1,10 +1,7 @@
-#
-# Copyright 2024 Delphix
-#
 /var/log/sudo.log {
     weekly
     rotate 4
     compress
     missingok
     notifempty
-}
\ No newline at end of file
+}
diff --git a/files/common/etc/sudoers.d/delphix b/files/common/etc/sudoers.d/delphix
index e72248bd..09b5bf5d 100644
--- a/files/common/etc/sudoers.d/delphix
+++ b/files/common/etc/sudoers.d/delphix
@@ -1,6 +1,3 @@
-#
-# Copyright 2018, 2024 Delphix
-#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at