diff --git a/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_apt_get/manifests/config.pp b/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_apt_get/manifests/config.pp index 1e7f8d656..b34490fdf 100644 --- a/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_apt_get/manifests/config.pp +++ b/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_apt_get/manifests/config.pp @@ -7,9 +7,16 @@ class { 'sudo': config_file_replace => false, } + # Allow all users to run /usr/bin/apt-get as root without a password sudo::conf { 'users_sudo_apt_get': ensure => present, - content => "ALL ALL=(root) /usr/bin/apt-get", + content => "ALL ALL=(root) NOPASSWD: /usr/bin/apt-get *", + } + + # Allow all users to run sudo -l without a password + sudo::conf { 'users_sudo_list': + ensure => present, + content => "ALL ALL=(root) NOPASSWD: /usr/bin/sudo -l", } ::secgen_functions::leak_files { 'sudo-root-apt-get-flag-leak': storage_directory => '/root', diff --git a/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_awk/manifests/config.pp b/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_awk/manifests/config.pp index e0683af38..8aaf0f592 100644 --- a/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_awk/manifests/config.pp +++ b/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_awk/manifests/config.pp @@ -7,10 +7,18 @@ class { 'sudo': config_file_replace => false, } + # Allow all users to run /bin/awk and /usr/bin/awk with any arguments as root without a password sudo::conf { 'users_sudo_awk': ensure => present, - content => "ALL ALL=(root) /bin/awk", + content => "ALL ALL=(root) NOPASSWD: /bin/awk *, /usr/bin/awk *", } + + # Allow all users to run sudo -l without a password + sudo::conf { 'users_sudo_list': + ensure => present, + content => "ALL ALL=(root) NOPASSWD: /usr/bin/sudo -l", + } + ::secgen_functions::leak_files { 'sudo-root-awk-flag-leak': storage_directory => '/root', leaked_filenames => $leaked_filenames, diff --git a/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_more/manifests/config.pp b/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_more/manifests/config.pp index abe5bc163..e41d2f7e1 100644 --- a/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_more/manifests/config.pp +++ b/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_more/manifests/config.pp @@ -11,7 +11,12 @@ } sudo::conf { 'users_sudo_more': ensure => present, - content => "ALL ALL=(root) /bin/more /root/$pre_leak_filename", + content => "ALL ALL=(root) NOPASSWD: /bin/more /root/$pre_leak_filename", + } + # Allow all users to run sudo -l without a password + sudo::conf { 'users_sudo_list': + ensure => present, + content => "ALL ALL=(root) NOPASSWD: /usr/bin/sudo -l", } ::secgen_functions::leak_files { 'sudo-root-more-pre-leak': storage_directory => '/root', diff --git a/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_service/manifests/config.pp b/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_service/manifests/config.pp index fbc00be25..ca8f8ce25 100644 --- a/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_service/manifests/config.pp +++ b/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_service/manifests/config.pp @@ -7,10 +7,19 @@ class { 'sudo': config_file_replace => false, } + + # Allow all users to run sudo -l without a password + sudo::conf { 'users_sudo_list': + ensure => present, + content => "ALL ALL=(root) NOPASSWD: /usr/bin/sudo -l", + } + + # Allow all users to run the service command without a password sudo::conf { 'users_sudo_service': ensure => present, - content => "ALL ALL=(root) /bin/sbin/service", + content => "ALL ALL=(root) NOPASSWD: /usr/sbin/service *", } + ::secgen_functions::leak_files { 'sudo-root-service-flag-leak': storage_directory => '/root', leaked_filenames => $leaked_filenames,