sudo-requires-passwords

Ensures that sudo requires password (there are no 'NOPASSWD' in the /etc/sudoers file).

Maintainer

Aleksei Shpakovskii

Module stats

Total Downloads: 458
Updated: Dec 14, 2021

Installation version

Version
Released on Dec 14, 2021

Tags

Installation

                    
cfbs add sudo-requires-passwords
Description
Dependencies
Discussion

module to ensure that sudo requires password

Ensures /etc/sudoers and /etc/sudoers.d/* files don’t allow passwordless sudo:

  • Removes NOPASSWD: entries (changes them to PASSWD:)

  • Removes exempt_group setting (comments it out)

Security notice

While this module tries its best, it can’t guarantee protection against a malicious sysadmin. They can always chomd u+s a copy of bash, or replace sudo binary with their own copy, or configure it to use a different security policy plugin, or to look for config files in a different place.

Dependencies