Update sudo configuration for access control misconfigurations vulner…

…abilities #319 #316
cliffe · Jun 24, 2024 · 2e17eb2 · 2e17eb2
1 parent 5282e1d
commit 2e17eb2
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 4 deletions.
diff --git a/...lnerabilities/unix/access_control_misconfigurations/sudo_root_apt_get/manifests/config.pp b/...lnerabilities/unix/access_control_misconfigurations/sudo_root_apt_get/manifests/config.pp
@@ -7,9 +7,16 @@
   class { 'sudo':
     config_file_replace => false,
   }
+  # Allow all users to run /usr/bin/apt-get as root without a password
   sudo::conf { 'users_sudo_apt_get':
     ensure  => present,
-    content => "ALL  ALL=(root) /usr/bin/apt-get",
+    content => "ALL  ALL=(root) NOPASSWD: /usr/bin/apt-get *",
+  }
+
+  # Allow all users to run sudo -l without a password
+  sudo::conf { 'users_sudo_list':
+    ensure  => present,
+    content => "ALL  ALL=(root) NOPASSWD: /usr/bin/sudo -l",
   }
   ::secgen_functions::leak_files { 'sudo-root-apt-get-flag-leak':
     storage_directory => '/root',

diff --git a/...s/vulnerabilities/unix/access_control_misconfigurations/sudo_root_awk/manifests/config.pp b/...s/vulnerabilities/unix/access_control_misconfigurations/sudo_root_awk/manifests/config.pp
@@ -7,10 +7,18 @@
   class { 'sudo':
     config_file_replace => false,
   }
+  # Allow all users to run /bin/awk and /usr/bin/awk with any arguments as root without a password
   sudo::conf { 'users_sudo_awk':
     ensure  => present,
-    content => "ALL  ALL=(root) /bin/awk",
+    content => "ALL  ALL=(root) NOPASSWD: /bin/awk *, /usr/bin/awk *",
   }
+
+  # Allow all users to run sudo -l without a password
+  sudo::conf { 'users_sudo_list':
+    ensure  => present,
+    content => "ALL  ALL=(root) NOPASSWD: /usr/bin/sudo -l",
+  }
+
   ::secgen_functions::leak_files { 'sudo-root-awk-flag-leak':
     storage_directory => '/root',
     leaked_filenames  => $leaked_filenames,

diff --git a/.../vulnerabilities/unix/access_control_misconfigurations/sudo_root_more/manifests/config.pp b/.../vulnerabilities/unix/access_control_misconfigurations/sudo_root_more/manifests/config.pp
@@ -11,7 +11,12 @@
   }
   sudo::conf { 'users_sudo_more':
     ensure  => present,
-    content => "ALL  ALL=(root) /bin/more /root/$pre_leak_filename",
+    content => "ALL  ALL=(root) NOPASSWD: /bin/more /root/$pre_leak_filename",
+  }
+  # Allow all users to run sudo -l without a password
+  sudo::conf { 'users_sudo_list':
+    ensure  => present,
+    content => "ALL  ALL=(root) NOPASSWD: /usr/bin/sudo -l",
   }
   ::secgen_functions::leak_files { 'sudo-root-more-pre-leak':
     storage_directory => '/root',

diff --git a/...lnerabilities/unix/access_control_misconfigurations/sudo_root_service/manifests/config.pp b/...lnerabilities/unix/access_control_misconfigurations/sudo_root_service/manifests/config.pp
@@ -7,10 +7,19 @@
   class { 'sudo':
     config_file_replace => false,
   }
+
+  # Allow all users to run sudo -l without a password
+  sudo::conf { 'users_sudo_list':
+    ensure  => present,
+    content => "ALL  ALL=(root) NOPASSWD: /usr/bin/sudo -l",
+  }
+
+  # Allow all users to run the service command without a password
   sudo::conf { 'users_sudo_service':
     ensure  => present,
-    content => "ALL  ALL=(root) /bin/sbin/service",
+    content => "ALL  ALL=(root) NOPASSWD: /usr/sbin/service *",
   }
+
   ::secgen_functions::leak_files { 'sudo-root-service-flag-leak':
     storage_directory => '/root',
     leaked_filenames  => $leaked_filenames,