984 B
This STIG requires that NOPASSWD and
!authenticate are not used within the sudoers configuration
files. Using these directives reduces the security of the system.
NOPASSWD allows users to run commands as root without
providing a password first. Using !authenticate with the
Defaults directive will disable password usage for any
users which use sudo.
There are two configuration options for handling these changes. By
default, both of these options are set to no, which means
that the sudoers configuration files will not be altered:
sudoers_remove_nopasswd: no
sudoers_remove_authenticate: noSetting sudoers_remove_nopasswd to yes will
cause the Ansible tasks to search for any lines containing
NOPASSWD and comment them out of the configuration. Setting
sudoers_remove_authenticate will do the same actions on
lines containing !authenticate. Lines that are already
commented will be left unaltered.