AUTH-9252 describe "safe" permissions #1664
Description
AUTH-9252 throws a warning on my Debian 12 and 13 deployments with an entry in the running console output
[+] Users, Groups and Authentication
------------------------------------
..
- Sudoers file(s) [ FOUND ]
- Permissions for directory: /etc/sudoers.d [ WARNING ]
- Permissions for: /etc/sudoers [ OK ]
- Permissions for: /etc/sudoers.d/README [ OK ]
- Permissions for: /etc/sudoers.d/10-custom [ WARNING ]
..
There is nothing listed in the Suggestions summary at the bottom of the console output. This may be by design as I know sudoers tests got tweaked previously.
Searching detailed log for sudoers does indicate a finding but does not reveal any suggested solution:
# grep sudoers /var/log/lynis.log
..
2025-09-16 10:41:42 Result: sudoers file found (/etc/sudoers)
2025-09-16 10:41:42 Test: checking drop-in directory (/etc/sudoers.d)
2025-09-16 10:41:42 Result: directory /etc/sudoers.d has possibly unsafe permissions
2025-09-16 10:41:42 Result: directory /etc/sudoers.d ownership OK
..
2025-09-16 10:41:42 Test: checking file (/etc/sudoers.d/10-custom)
2025-09-16 10:41:42 Result: file /etc/sudoers.d/10-custom has possibly unsafe permissions
2025-09-16 10:41:42 Result: file /etc/sudoers.d/10-custom ownership OK
..
Without having to decipher include/tests_authentication to discover expected value, could we please get an indication and entry at least in the log that details what are deemed to be minimum "safe permissions", perhaps in the same way as cron* permissions tests... eg
2025-09-16 11:00:20 Outcome: permissions of file /etc/crontab are not matching expected value (640 != 600)
Thank you for Lynis!