openstack/ansible-hardening
Code Issues Proposed changes

Merge "Fix grep for sudoers w/o password"

Browse Source
This commit is contained in:
Jenkins 2017-07-21 15:58:51 +00:00 committed by Gerrit Code Review
commit 20b6d668e8
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
tasks/rhel7stig/auth.yml
View File

@ -100,8 +100,15 @@
- V-71943
- V-71945
# NOTE(mhayden): The unusual regex here ensures that we're omitting any lines
# that are commented out. Some commented lines may be preprended with spaces,
# so we need to account for that as well.
#
# First step is to find lines with 'nopasswd' in them and then omit any of
# those lines that have a '#' as the first character or '#' as the first
# character following a space (or series of spaces).
- name: Check for 'nopasswd' in sudoers files
shell: grep -ir nopasswd /etc/sudoers /etc/sudoers.d/ || echo 'not found'
shell: 'grep -ir nopasswd /etc/sudoers /etc/sudoers.d/ | egrep -v "^([[:space:]]*)?(#|$)" || echo "not found"'
register: sudoers_nopasswd_check
changed_when: False
tags: