f61fc49d6d
This patch implements the following STIG controls: - RHEL-07-010380 - RHEL-07-010381 Changing sudoers configs via automation could lead to serious trouble. This action is left up to the deployer to adjust and documentation explains the danger. Implements: blueprint security-rhel7-stig Change-Id: I664ad9c8197016522a9f2ecffba438dd8df6b583
481 B
481 B
---id: RHEL-07-010380 status: exception - manual intervention tag: auth ---
The STIG requires all users to authenticate when using
sudo, but this change can be highly disruptive for
automated scripts or applications that cannot perform interactive
authentication. Automated edits from Ansible tasks might cause
authentication disruptions on some hosts, and deployers are urged to
carefully review each use of the NOPASSWD directive in
their sudo configuration files.