#
## Example rules and edit checkers, other suggestions welcomed
## Consider putting local *.ini configuration files in /etc/please.d
#
## include *.ini files from the /etc/please.d directory (create it first)

[include_local]
includedir = /etc/please.d

## permit user 'jim' to run anything
#
#[jim_become_root]
#name = jim
#target = root
#rule = .*
#require_pass = false
#
## permit user jim to modify the hosts file
#
#[jim_hosts]
#name = jim
#type = edit
#target = root
#rule = /etc/hosts
#editmode = 644
#require_pass = false
#
## permit user jim to modify the /etc/please.ini and run a check on exit
#
#[jim_please]
#name = jim
#type = edit
#target = root
#rule = ^/etc/please(\.d/[\w.-]+)?\.ini$
#editmode = 600
#require_pass = false
#exitcmd = /usr/bin/please -c %{NEW}
#
## permit all users to view their own ACL
#
#[list_own]
#name=^%{USER}$
#permit=true
#type=list
#target=^%{USER}$
#
## config checkers
#
## check fstab
#
#[fstab]
#name=jim
#type=edit
#exitcmd=/bin/findmnt --verify --tab-file %{NEW}
#target=root
#rule=/etc/fstab
#editmode=644
#
## check openntpd config
#
#[edit_ntpd]
#name=jim
#type=edit
#rule=/etc/openntpd/ntpd.conf
#editmode=644
#exitcmd=/usr/sbin/ntpd -f %{NEW} -n
#
## check squid config
#
#[squid_check]
#name=jim
#type=edit
#rule=/etc/squid/squid.conf
#exitcmd=/usr/sbin/squid -k check -f %{NEW}
#editmode=644
#
## sshd
#
#[sshd]
#name=jim
#type=edit
#exitcmd=/usr/sbin/sshd -t -f %{NEW}
#editmode=644
#rule=/etc/ssh/sshd_config
#
## bind named.conf
#
#[named_conf]
#name=jim
#type=edit
#exitcmd=/usr/sbin/named-checkconf %{NEW}
#editmode=644
#rule=/etc/bind/named.conf
#
## bind zone
## setup /usr/local/bin/my-named-checkzone, like this:
##
## #!/bin/sh
## DOMAIN=`echo "$PLEASE_SOURCE_FILE" | sed -e 's%/etc/bind/db\.%%g'`
## /usr/sbin/named-checkzone "$DOMAIN" "$1"
#
#[named_zone]
#name=jim
#type=edit
#exitcmd=/usr/local/bin/my-named-checkzone %{NEW}
#editmode=644
#rule=/etc/bind/db\.[\w.-]+
#
## nginx config
#
#[nginx_config]
#name=jim
#type=edit
#exitcmd=/usr/sbin/nginx -t -c %{NEW}
#editmode=644
#rule=/etc/nginx/nginx.conf
#
#[varnish]
#name=jim
#type=edit
#rule=/etc/varnish/[^/]+
#last=true
#exitcmd=/usr/sbin/varnishd -j unix,user=vcache -C -f %{NEW}