614 B
614 B
---id: V-71947 status: exception - manual intervention tag: auth ---
The STIG requires all users to authenticate when using
sudo
, but this change can be highly disruptive for
automated scripts or applications that cannot perform interactive
authentication. Automated edits from Ansible tasks might cause
authentication disruptions on some hosts, and deployers are urged to
carefully review each use of the NOPASSWD
directive in
their sudo
configuration files.
Deployers can opt-out of this change by setting an Ansible variable:
security_sudoers_nopasswd_check_enable: no