1cafaf8cce
This change adds the option `security_sudoers_nopasswd_check_enable` when running check "V-71947". This change allows users to skip this check via ansible extra variable instead of having to skip tags. While this change has a functional benifit in some environments, it is being done with the primary intention of providing a better experience to deploying running clouds where services like cloud-init may be present. Change-Id: I0d0c95534ace0b00fa64c2f243ad91ce5844d85a Closes-Bug: #1741225 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
614 B
614 B
---id: V-71947 status: exception - manual intervention tag: auth ---
The STIG requires all users to authenticate when using
sudo, but this change can be highly disruptive for
automated scripts or applications that cannot perform interactive
authentication. Automated edits from Ansible tasks might cause
authentication disruptions on some hosts, and deployers are urged to
carefully review each use of the NOPASSWD directive in
their sudo configuration files.
Deployers can opt-out of this change by setting an Ansible variable:
security_sudoers_nopasswd_check_enable: no