https://bugzilla.suse.com/show_bug.cgi?id=1191671 Bug ID: 1191671 Summary: VUL-0: monitoring-plugins-smart: sudoers config grants the nagios user unfiltered access to smartctl Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other URL: https://smash.suse.de/issue/279235/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: lars.vogdt@suse.com Reporter: wolfgang.frisch@suse.com QA Contact: security-team@suse.de Found By: --- Blocker: --- +++ This bug was initially created as a clone of Bug #1183057 +++ "/etc/sudoers.d/monitoring-plugins-smart" allows the nagios user to execute smartctl unfiltered. This is unnecessarily privileged. It would be safer to only grant access to the check_smart script itself, as it's suggested as an alternative configuration in the upstream README [1]:

nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_smart

[1] https://github.com/Napsty/check_smart/blob/master/README.md -- You are receiving this mail because: You are on the CC list for the bug.