Class sudo::sudo
In: /tmp/puppet/modules/sudo/manifests/init.pp
Parent:

Class: sudo

Description:

        sudo ensures the group 'wheel' exists, adds wheel to sudoers file,
        and ensures that only wheel members can su -

Linux Guide:

        2.3.1.2, 2.3.1.3

CCE Reference:

        None

Resources

Resources

Augeas["pamsu"]
   context => "/files/etc/pam.d/"
   changes => ["ins 01 after su/*[last()]", "set su/01/type auth", "set su/01/control required", "set su/01/module pam_wheel.so", "set su/01/argument use_uid"]
   onlyif => "match *[/files/etc/pam.d/su/*[type='auth'][control='required'][module='pam_wheel.so']] size == 0"

GuideSection 2.3.1.2 Limit su access to root account

File["/etc/sudoers"]
   owner => "root"
   group => "root"
   mode => 440
   source => "puppet:///modules/sudo/sudoers"
   require => Package["sudo"]
Group["wheel"]
   ensure => present
Package["sudo"]
   ensure => latest

GuideSection 2.3.1.3 configure sudo to improve root auditing

[Validate]