-
Notifications
You must be signed in to change notification settings - Fork 673
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #6049 from ggbecker/update-stig-RHEL-07-010340
Add bash and ansible remediation for sudo_remove_nopasswd and sudo_remove_no_authenticate
- Loading branch information
Showing
14 changed files
with
127 additions
and
0 deletions.
There are no files selected for viewing
7 changes: 7 additions & 0 deletions
7
linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/ansible/shared.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# platform = multi_platform_all | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
|
||
{{{ ansible_sudo_remove_config("!authenticate", "!authenticate") }}} |
7 changes: 7 additions & 0 deletions
7
linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/bash/shared.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# platform = multi_platform_all | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
|
||
{{{ bash_sudo_remove_config("!authenticate", "!authenticate") }}} |
6 changes: 6 additions & 0 deletions
6
linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/tests/correct_value.pass.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
#!/bin/bash | ||
# profiles = xccdf_org.ssgproject.content_profile_stig | ||
|
||
rm -f /etc/sudoers | ||
echo "Defaults authenticate" > /etc/sudoers | ||
chmod 440 /etc/sudoers |
9 changes: 9 additions & 0 deletions
9
linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/tests/wrong_value.fail.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
#!/bin/bash | ||
# profiles = xccdf_org.ssgproject.content_profile_stig | ||
|
||
echo "Defaults !authenticate" >> /etc/sudoers | ||
chmod 440 /etc/sudoers | ||
|
||
mkdir /etc/sudoers.d/ | ||
echo "Defaults !authenticate" >> /etc/sudoers.d/sudoers | ||
chmod 440 /etc/sudoers.d/sudoers |
7 changes: 7 additions & 0 deletions
7
linux_os/guide/system/software/sudo/sudo_remove_nopasswd/ansible/shared.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# platform = multi_platform_all | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
|
||
{{{ ansible_sudo_remove_config("NOPASSWD", "NOPASSWD[\s]*\:") }}} |
7 changes: 7 additions & 0 deletions
7
linux_os/guide/system/software/sudo/sudo_remove_nopasswd/bash/shared.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# platform = multi_platform_all | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
|
||
{{{ bash_sudo_remove_config("NOPASSWD", "NOPASSWD[\s]*\:") }}} |
6 changes: 6 additions & 0 deletions
6
linux_os/guide/system/software/sudo/sudo_remove_nopasswd/tests/correct_value.pass.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
#!/bin/bash | ||
# profiles = xccdf_org.ssgproject.content_profile_stig | ||
|
||
rm -f /etc/sudoers | ||
echo "%wheel ALL=(ALL) ALL" > /etc/sudoers | ||
chmod 440 /etc/sudoers |
9 changes: 9 additions & 0 deletions
9
linux_os/guide/system/software/sudo/sudo_remove_nopasswd/tests/wrong_value.fail.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
#!/bin/bash | ||
# profiles = xccdf_org.ssgproject.content_profile_stig | ||
|
||
echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers | ||
chmod 440 /etc/sudoers | ||
|
||
mkdir /etc/sudoers.d/ | ||
echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/sudoers | ||
chmod 440 /etc/sudoers.d/sudoers |
9 changes: 9 additions & 0 deletions
9
linux_os/guide/system/software/sudo/sudo_require_authentication/ansible/shared.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# platform = multi_platform_all | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
|
||
{{{ ansible_sudo_remove_config("NOPASSWD", "NOPASSWD[\s]*\:") }}} | ||
|
||
{{{ ansible_sudo_remove_config("!authenticate", "!authenticate") }}} |
9 changes: 9 additions & 0 deletions
9
linux_os/guide/system/software/sudo/sudo_require_authentication/bash/shared.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# platform = multi_platform_all | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
|
||
{{{ bash_sudo_remove_config("NOPASSWD", "NOPASSWD[\s]*\:") }}} | ||
|
||
{{{ bash_sudo_remove_config("!authenticate", "!authenticate") }}} |
7 changes: 7 additions & 0 deletions
7
linux_os/guide/system/software/sudo/sudo_require_authentication/tests/correct_value.pass.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
#!/bin/bash | ||
# profiles = xccdf_org.ssgproject.content_profile_e8 | ||
|
||
rm -f /etc/sudoers | ||
echo "%wheel ALL=(ALL) ALL" > /etc/sudoers | ||
echo "Defaults authenticate" > /etc/sudoers | ||
chmod 440 /etc/sudoers |
11 changes: 11 additions & 0 deletions
11
linux_os/guide/system/software/sudo/sudo_require_authentication/tests/wrong_value.fail.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
#!/bin/bash | ||
# profiles = xccdf_org.ssgproject.content_profile_e8 | ||
|
||
echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers | ||
echo "Defaults !authenticate" >> /etc/sudoers | ||
chmod 440 /etc/sudoers | ||
|
||
mkdir /etc/sudoers.d/ | ||
echo "%wheel ALL=(ALL) !authenticate ALL" >> /etc/sudoers.d/sudoers | ||
echo "Defaults !authenticate" >> /etc/sudoers.d/sudoers | ||
chmod 440 /etc/sudoers.d/sudoers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters