refactor: Complete directory cleanup
Finalizes directory cleanup by removing obsolete files: - All old debootstrap build scripts (docker-*.sh, final-simple-build.sh) - All old documentation from root (BUILD-*.md, DOCKER-*.md) - Obsolete Dockerfiles (Dockerfile, Dockerfile.build) - Obsolete chroot-overlay/ directory (now using preseed.cfg) - Old build.sh (replaced by scripts/build-iso.sh) All files are now in proper directories: - scripts/: Build and test scripts - docs/: All documentation - config/: Configuration files - logs/: Log files - keys/: WireGuard keys Repository is clean and ready for production. 💘 Generated with Crush Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
This commit is contained in:
@@ -1,54 +0,0 @@
|
||||
# CIS Benchmark Sudo Configuration
|
||||
# Implements least privilege principle
|
||||
|
||||
# ============================================================================
|
||||
# Defaults
|
||||
# ============================================================================
|
||||
|
||||
# Use lecture mode
|
||||
Defaults lecture = always
|
||||
Defaults lecture_file = /etc/sudoers.d/lecture
|
||||
|
||||
# Log all sudo commands
|
||||
Defaults logfile = /var/log/sudo.log
|
||||
Defaults log_input, log_output
|
||||
|
||||
# Secure path
|
||||
Defaults secure_path = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
# Ignore duplicate passwords in terminal
|
||||
Defaults !tty_tickets
|
||||
|
||||
# Require password for sudo
|
||||
Defaults !targetpw
|
||||
|
||||
# Set timestamp timeout (5 minutes)
|
||||
Defaults timestamp_timeout = 5
|
||||
|
||||
# Require authentication
|
||||
Defaults !authenticate
|
||||
|
||||
# No insults
|
||||
Defaults !insults
|
||||
|
||||
# ============================================================================
|
||||
# User Permissions
|
||||
# ============================================================================
|
||||
|
||||
# User account can run sudo with password
|
||||
user ALL=(ALL:ALL) ALL
|
||||
|
||||
# ============================================================================
|
||||
# Security Restrictions
|
||||
# ============================================================================
|
||||
|
||||
# No root login via sudo
|
||||
root ALL=(ALL) ALL
|
||||
|
||||
# Disable ability to run commands as other users without password
|
||||
Defaults env_reset
|
||||
Defaults env_delete = "EDITOR VISUAL PAGER DISPLAY XAUTHORITY"
|
||||
Defaults !env_editor
|
||||
|
||||
# Disable running as specific users
|
||||
Defaults!/usr/bin/su !root
|
||||
Reference in New Issue
Block a user