Suggestion: Add step for ensuring that a password is required for sudo

imthenachoman / How-To-Secure-A-Linux-Server

An evolving how-to guide for securing a Linux server.

Creative Commons Attribution Share Alike 4.0 International

17.25k stars 1.1k forks source link

Suggestion: Add step for ensuring that a password is required for sudo #39

Closed sbrl closed 3 years ago

sbrl commented 5 years ago

In some distributions such as Raspbian, by default a password is not required to use sudo. Obviously this is no good - so I suggest adding a step to ensure that a password is required.

This can be done like so, at least in Raspbian:

sudoedit /etc/sudoers.d/010_pi-nopasswd

Then remove the NO prefix to NOPASSWD, then save & exit.

imthenachoman commented 5 years ago

Thanks. I will add this when I get a moment.

daxmc99 commented 5 years ago

Also would like this due to the Raspbian default not requiring a password for sudo Might also be useful to mention lastb to show failed login attempts.