Multiple issues with CIS 4.3.x sudo #118
Conversation
Signed-off-by: Karl DeBisschop <[email protected]>
| insertafter: '^Defaults' | ||
| regexp: '^\s*Defaults\s+use_pty\s*$' | ||
| line: 'Defaults use_pty' | ||
| insertafter: 'EOF' |
There was a problem hiding this comment.
Should insert at end of file, in particular the inserted directive should take precedence over "Defaults !use_pty" if that appears in an included file or in #includedir.
| line: 'Defaults use_pty' | ||
| insertafter: '^Defaults' | ||
| regexp: '^\s*Defaults\s+use_pty\s*$' | ||
| line: 'Defaults use_pty' |
There was a problem hiding this comment.
If this is spaced to look like the defaults in the distributed sudoers file, it should use a tab like those entries instead of using 8 spaces. For simplicity, since it is not unlikely contributors' editors will replace tabs with spaces, just use a single space.
| regexp: '^Defaults use_' | ||
| line: 'Defaults use_pty' | ||
| insertafter: '^Defaults' | ||
| regexp: '^\s*Defaults\s+use_pty\s*$' |
There was a problem hiding this comment.
Look for a wider range of compatible regexps...in particular, I had a file that mirrored the format of the lines in the distribution file and used a tab to separate. Instead of calling it correct or replacing the line, it added a new line.
Overall Review of Changes:
Several issues were noted with cis_4.3.x.yml
Issue Fixes:
Please list (using linking) any open issues this PR addresses
Enhancements:
Please list any enhancements/features that are not open issue tickets
How has this been tested?:
Please give an overview of how these changes were tested. If they were not please use N/A