On peut remplacer la commande sudo (actuellement il y a le cve-2025-32463) par la commande doas provenant de BSD
Il faut installer le package doas
le fichier de configuration est doas.conf sous Debian il se trouve dans etc (/etc/doas.conf)
Si vous utilisez nagios / icinga, pensez à modifier utils.pm (/usr/lib/nagios/plugin/utils.pm)
| #$PATH_TO_SUDO = "/usr/bin/sudo"; |
C'est l'original |
| $PATH_TO_SUDO = "/usr/bin/doas"; | C'est la modification |
Voici un example de fichier de configuration pour nagios / icinga :
| # Autoriser nagios à exécuter ces commandes sans mot de passe permit nopass nagios as root cmd /usr/sbin/xm permit nopass nagios as root cmd /usr/sbin/invoke-rc.d permit nopass nagios as root cmd /bin/mount permit nopass nagios as root cmd /bin/umount permit nopass nagios as root cmd /bin/netstat # Plugins Nagios spécifiques permit nopass nagios as root cmd /usr/lib/nagios/plugins/check_domain.sh permit nopass nagios as root cmd /usr/local/sbin/nagios/check_mem.sh permit nopass nagios as root cmd /usr/lib/nagios/plugins/check_apt permit nopass nagios as root cmd /usr/lib/nagios/plugins/check_users permit nopass nagios as root cmd /usr/lib/nagios/plugins/check_disk permit nopass nagios as root cmd /usr/lib/nagios/plugins/check_load permit nopass nagios as root cmd /usr/local/sbin/nagios/check_bacu_fd.sh permit nopass nagios as root cmd /usr/lib/nagios/plugins/check_procs permit nopass nagios as root cmd /usr/lib/nagios/plugins/check_mailq # Plugins PostgreSQL permit nopass nagios as root cmd /usr/local/sbin/nagios/check_postgres_bloat permit nopass nagios as root cmd /usr/local/sbin/nagios/check_postgres_connection permit nopass nagios as root cmd /usr/local/sbin/nagios/check_postgres_custom_query permit nopass nagios as root cmd /usr/local/sbin/nagios/check_postgres_sequence permit nopass nagios as root cmd /usr/local/sbin/nagios/check_postgres_lockwait # Plugins HTTP permit nopass nagios as root cmd /usr/lib/nagios/plugins/check_http permit nopass nagios as root cmd /usr/lib/nagios/plugins/check_http_no_ssl # Plugin WireGuard permit nopass nagios as root cmd /usr/lib/nagios/plugins/check_wireguard |