You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are rules (e.g. sudo_require_reauthentication, but probably others) that check sudo's configuration by scanning /etc/sudoers and all files in /etc/sudoers.d. For example, sudo_require_reauthentication uses the regex ^\/etc\/(sudoers|sudoers\.d\/.*)$.
This is mostly correct, assuming /etc/sudoers actually has an includedir for that directory, but sudo ignores certain filename patterns. From the sudoers man page:
For example, given:
@includedir /etc/sudoers.d
sudo will suspend processing of the current file and read each file in /etc/sudoers.d, skipping file names that end in ‘~’ or contain a ‘.’ character to avoid causing problems with package manager or editor temporary/backup files.
So if /etc/sudoers.d/example.conf contains Defaults timestamp_timeout=1, sudo will ignore it but an oscap run will mark it as passing.
The text was updated successfully, but these errors were encountered:
There are rules (e.g.
sudo_require_reauthentication, but probably others) that checksudo's configuration by scanning/etc/sudoersand all files in/etc/sudoers.d. For example,sudo_require_reauthenticationuses the regex^\/etc\/(sudoers|sudoers\.d\/.*)$.This is mostly correct, assuming
/etc/sudoersactually has an includedir for that directory, butsudoignores certain filename patterns. From thesudoersman page:So if
/etc/sudoers.d/example.confcontainsDefaults timestamp_timeout=1,sudowill ignore it but an oscap run will mark it as passing.The text was updated successfully, but these errors were encountered: