ansible-lockdown/RHEL6-STIG

V-58901 sudo nopasswd too aggressive

jamescassell opened this issue · 1 comments

The remediation removes the sudoers line entirely rather than just removing the NOPASSWD part, contrary to how the fix looks like it's written.

also doesn't use validate with visudo to avoid breakage. Would be better to do something like the RHEL7-STIG: https://github.com/MindPointGroup/RHEL7-STIG/pull/73