Add more secure sudo configuration

Also update the sudo cookbook
This commit is contained in:
Greg Karékinian
2017-06-09 16:08:36 +02:00
parent 0acc4e65e9
commit afc07c3192
6 changed files with 21 additions and 5 deletions

View File

@@ -28,6 +28,14 @@ users_manage 'sysadmin' do
action [:remove, :create]
end
node.override['authorization']['sudo']['sudoers_defaults'] = [
# not default on Ubuntu, explicitely enable. Uses a minimal white list of
# environment variables
'env_reset',
# Send emails on unauthorized attempts
'mail_badpass',
'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"',
]
node.override['authorization']['sudo']['passwordless'] = true
include_recipe 'sudo'