sudo-requires-passwords

This module ensures that sudo requires password (there are no 'NOPASSWD' in /etc/sudoers)

Maintainer

Aleksei Shpakovskii

Module stats

Total Downloads: 303
Updated: Dec 13, 2021

Installation version

Version
Released on Dec 14, 2021

Tags

Installation

                    
cfbs add sudo-requires-passwords
Description
Dependencies
Comments

module to ensure that sudo requires password

Ensures /etc/sudoers and /etc/sudoers.d/* files don’t allow passwordless sudo:

  • Removes NOPASSWD: entries (changes them to PASSWD:)

  • Removes exempt_group setting (comments it out)

Security notice

While this module tries its best, it can’t guarantee protection against a malicious sysadmin. They can always chomd u+s a copy of bash, or replace sudo binary with their own copy, or configure it to use a different security policy plugin, or to look for config files in a different place.

Dependencies

comments powered by Disqus