Problem:
In the Foreman Smart Proxy configuration section it suggests that you must use
Defaults:foreman-proxy !requiretty
in your sudoers conf.
However, the ability to use !requiretty has been removed in recent versions of CentOS and provides a syntax error if used.
The lack of this line, I think, results in the following being logged in audit.log for SELinux (even with SELinux set to permissive):
type=USER_AUTH msg=audit(1538972875.506:406): pid=4230 uid=995 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=PAM:authentication grantors=? acct="foreman-proxy" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=failed'
I’m unsure as to how to make this work on a modern RedHat flavoured linux - but I’m sure someone else must have figured this out.
Foreman and Proxy versions:
OS: redhat
RELEASE: CentOS Linux release 7.4.1708 (Core)
FOREMAN: 1.16.2
RUBY: ruby 2.0.0p648 (2015-12-16) [x86_64-linux]
PUPPET: 5.5.0