New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add bash and ansible remediation for sudo_remove_nopasswd and sudo_remove_no_authenticate #6049
Add bash and ansible remediation for sudo_remove_nopasswd and sudo_remove_no_authenticate #6049
Conversation
Skipping CI for Draft Pull Request. |
Visudo is for manually editing sudoers files. Most scripts modify the sudoers file, so yes, it makes sense. |
Ok, turning PR ready for review. |
a92bd92
to
9fb91ad
Compare
# complexity = low | ||
# disruption = low | ||
|
||
{{{ ansible_sudo_remove_config("not authenticate", "!authenticate") }}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
{{{ ansible_sudo_remove_config("not authenticate", "!authenticate") }}} | |
{{{ ansible_sudo_remove_config("!authenticate", "!authenticate") }}} |
I'd make all instances of "not authenticate" as "!authenticate". The use of quotes in the name tasks should make "!" a string vs something executable by shell.
5a4a2e8
to
b573325
Compare
Add test scenarios for sudo_remove_nopasswd.
b573325
to
bfb6925
Compare
bfb6925
to
e6ebab4
Compare
Changes identified: Recommended tests to execute: |
@ggbecker: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/lgtm |
Description:
The first question is, does it make sense to have remediation for this rule even though the file
/etc/sudoers
is supposed to be read-only? and to be changed only throughvisudo
utilityRationale: