|
 |
306df89 |
# Sudo allows restricted root access for specified users. In other words,
|
|
|
306df89 |
# it is a special package, which requires special permissions on on some
|
|
|
306df89 |
# of the installed files.
|
|
|
306df89 |
addFilter("missing-call-to-setgroups-before-setuid (/usr/bin/sudo|/usr/bin/sudoreplay|/usr/sbin/sudo_logsrvd|/usr/sbin/sudo_sendlog|/usr/libexec/sudo/sudoers.so|)$")
|
|
|
306df89 |
|
|
|
306df89 |
addFilter("non-readable (/etc/sudo.conf|/etc/sudo_logsrvd.conf|/etc/sudoers|/usr/bin/sudoreplay) .*$")
|
|
|
306df89 |
|
|
|
306df89 |
addFilter("non-standard-dir-perm (/etc/sudoers.d|/var/db/sudo|/var/db/sudo/lectured) .*$")
|
|
|
306df89 |
|
|
|
306df89 |
addFilter("setuid-binary /usr/bin/sudo .*$")
|
|
|
306df89 |
|
|
|
306df89 |
addFilter("non-standard-executable-perm (/usr/bin/sudo|/usr/bin/sudoreplay) .*$")
|
|
|
306df89 |
|
|
|
306df89 |
addFilter("wrong-file-end-of-line-encoding /usr/share/doc/sudo/schema.ActiveDirectory$")
|
|
|
306df89 |
|
|
|
306df89 |
addFilter("non-standard-dir-in-var db$")
|