In Ubuntu, pam_rootok.so can be removed/commented to force a root user has a password prompt if they run su username. I don't know whether this same configuration can be fulfilled in this puppet module.
/etc/pam.d/su
# auth sufficient pam_rootok.so
I know this isn't exactly infallible config, but it does at least do something to slow down people with root access if they are doing malicious actions.
In Ubuntu, pam_rootok.so can be removed/commented to force a root user has a password prompt if they run
su username
. I don't know whether this same configuration can be fulfilled in this puppet module.I know this isn't exactly infallible config, but it does at least do something to slow down people with root access if they are doing malicious actions.
Thanks