Skip to content

Commit

Permalink
Need to replace 'NOPASSWD' w/ 'PASSWD'
Browse files Browse the repository at this point in the history
  • Loading branch information
ferricoxide committed Jul 2, 2024
1 parent e0b2102 commit e523a56
Showing 1 changed file with 4 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -94,19 +94,17 @@ notify_{{ stig_id }}-skipSet:
{%- if (
sudoer != "/etc/sudoers.d/90-cloud-init-users" and
sudoer != "/etc/sudoers.d/ssm-agent-users"
) and
salt.file.search(sudoer, '^[a-zA-Z%@].*NOPASSWD') %}
) %}
Nuke NOPASSWD from sudoers ({{ stig_id }}) - {{ sudoer }}:
file.replace:
- name: '{{ sudoer }}'
- backup: False
- pattern: '^([a-zA-Z0-9_-][a-zA-Z0-9._-]*)(\s\s*.*)(NOPASSWD:[A-Za-z/_-]*)'
- repl: '# Set per STIG-ID {{ stig_id }}\n\1\2'
- pattern: '^([a-zA-Z0-9_-][a-zA-Z0-9._-]*)(\s\s*.*)(NOPASSWD)(:[A-Za-z/_-]*)'
- repl: '# Set per STIG-ID {{ stig_id }}\n\1\2PASSWD\4'
{%- elif (
sudoer == "/etc/sudoers.d/90-cloud-init-users" or
sudoer == "/etc/sudoers.d/ssm-agent-users"
)
and salt.file.search(sudoer, '^[a-zA-Z%@].*NOPASSWD') %}
) %}
Why Skip ({{ stig_id }}) - {{ sudoer }}:
test.show_notification:
- text: |
Expand Down

0 comments on commit e523a56

Please sign in to comment.