Add ansible remediation for sudo_remove_nopasswd.

Add test scenarios for sudo_remove_nopasswd.

linux_os/guide/system/software/sudo/sudo_remove_nopasswd/ansible/shared.yml

@@ -0,0 +1,21 @@
+# platform = multi_platform_all
+# reboot = false
+# strategy = restrict
+# complexity = low
+# disruption = low
+
+- name: Find /etc/sudoers.d/ files
+  find:
+    paths:
+      - /etc/sudoers.d/
+  register: sudoers
+
+- name: "Remove lines containing NOPASSWD from sudoers files"
+  lineinfile:
+    regexp: '^(?!#).*[\s]+NOPASSWD[\s]*\:.*$'
+    state: absent
+    path: "{{ item.path }}"
+    validate: /usr/sbin/visudo -cf %s
+  with_items:
+    - { path: /etc/sudoers }
+    - "{{ sudoers.files }}"

linux_os/guide/system/software/sudo/sudo_remove_nopasswd/tests/correct_value.pass.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# profiles = xccdf_org.ssgproject.content_profile_stig
+
+rm -f /etc/sudoers
+echo "%wheel	ALL=(ALL)	ALL" > /etc/sudoers
+chmod 440 /etc/sudoers

linux_os/guide/system/software/sudo/sudo_remove_nopasswd/tests/wrong_value.fail.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+# profiles = xccdf_org.ssgproject.content_profile_stig
+
+echo "%wheel        ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers
+chmod 440 /etc/sudoers
+
+mkdir /etc/sudoers.d/
+echo "%wheel        ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers.d/sudoers
+chmod 440 /etc/sudoers.d/sudoers