restrict access to su to members of wheel (ansible-lockdown#14)

* restrict access to su to members of wheel
vemund-lonbakken · Feb 27, 2017 · fda7953 · fda7953
1 parent 7642f7b
commit fda7953
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/tasks/section5.yml b/tasks/section5.yml
@@ -435,7 +435,11 @@
       - rule_5.5
 
 - name: "SCORED | 5.6 | PATCH | Ensure access to the su command is restricted"
-  command: /bin/true
+  lineinfile:
+      state: present
+      dest: /etc/pam.d/su
+      regexp: '^#auth\s+required\s+pam_wheel\.so'
+      line: 'auth           required        pam_wheel.so use_uid'
   tags:
       - level1
       - level2