ec50013f55
This patch takes two commonly failing tasks and configures them to be fixed if a variable is toggled on. This is needed for gate checks to pass for ansible-functional runs. Closes-bug: 1521233 Change-Id: I4f54ef7af30d530f781d60ce232cc6aacda81ce4
984 B
This STIG requires that NOPASSWD and
!authenticate are not used within the sudoers configuration
files. Using these directives reduces the security of the system.
NOPASSWD allows users to run commands as root without
providing a password first. Using !authenticate with the
Defaults directive will disable password usage for any
users which use sudo.
There are two configuration options for handling these changes. By
default, both of these options are set to no, which means
that the sudoers configuration files will not be altered:
sudoers_remove_nopasswd: no
sudoers_remove_authenticate: noSetting sudoers_remove_nopasswd to yes will
cause the Ansible tasks to search for any lines containing
NOPASSWD and comment them out of the configuration. Setting
sudoers_remove_authenticate will do the same actions on
lines containing !authenticate. Lines that are already
commented will be left unaltered.