openstack/ansible-hardening
Code Issues Proposed changes
Files
0e8feaf9eb5265dcef8682d596e62063f7120a92
ansible-hardening/doc/metadata/rhel7/RHEL-07-010380.rst
Major Hayden f61fc49d6d Require auth for sudo [+Docs] 
This patch implements the following STIG controls:

  - RHEL-07-010380
  - RHEL-07-010381

Changing sudoers configs via automation could lead to serious trouble. This
action is left up to the deployer to adjust and documentation explains the
danger.

Implements: blueprint security-rhel7-stig
Change-Id: I664ad9c8197016522a9f2ecffba438dd8df6b583
2016-11-30 15:49:50 +00:00

13 lines
481 B
ReStructuredText
Raw Blame History

---
id: RHEL-07-010380
status: exception - manual intervention
tag: auth
---
The STIG requires all users to authenticate when using ``sudo``, but this
change can be highly disruptive for automated scripts or applications that
cannot perform interactive authentication. Automated edits from Ansible tasks
might cause authentication disruptions on some hosts, and deployers are urged
to carefully review each use of the ``NOPASSWD`` directive in their ``sudo``
configuration files.
View Git Blame Copy Permalink