Open cliffe opened 5 months ago
Also update to allow any arguments:
content => "ALL ALL=(root) /usr/bin/awk *, /bin/awk *",
Update: it seems the system is still vulnerable, even with the wrong path specified (because the secure_path sudo setting includes /usr/sbin/). Although the fact that the specified path doesn't exist may cause some confusion.
https://github.com/cliffe/SecGen/blob/3135bf46c728baba40646c20cb9db24559ed05e6/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_awk/manifests/config.pp#L12
Update to also include /usr/bin/awk