Let Sudo Insult You When You Enter Incorrect Password

[‘

n

Sudoers is the default sudo security policy plugin in Linux, however, experienced system administrators can specify a custom security policy as well as input and output logging plugins. It is driven by the /etc/sudoers file or alternatively in LDAP.

n

You can define sudoers insults option or several others in the file above. It is set under defaults entries section. Read through our last article that explains 10 Useful Sudoers Configurations for Setting ‘sudo’ in Linux.

n

In this article, we will explain a sudoers configuration parameter to enable an individual or system administrator set sudo command to insult system users who enter wrong password.

n

Start by opening the file /etc/sudoers like so:

n

$ sudo visudorn

n

Go to the defaults section and add the following line:

n

Defaults   insultsrn

n

Below is a sample of /etc/sudoers file on my system showing defaults entries.

n

Set sudo Insults Parameter
Set sudo Insults Parameter

n

From the screenshot above, you can see that there are many other defaults defined such as send mail to root when each time a user enters a bad password, set a secure path, configure a custom sudo log file and more.

n

Save the file and close it.

n

Run a command with sudo and enter the wrong password, then observe how insults option works:

n

$ sudo visudorn

n

sudo Insult in Action
sudo Insult in Action

n

Note: When you configure the insults parameter, it disables the badpass_message parameter which prints a specific message on the command line (the default message is “sorry, try again”) in case a user enters a wrong password.

n

To modify the message, add the badpass_message parameter to the /etc/sudoers file as shown below.

n

Defaults  badpass_message="Password is wrong, please try again"  #try to set a message of your ownrn

n

Set sudo badpassword Message
Set sudo badpassword Message

n

Save the file and close it, then invoke sudo and see how it works, the message you set as the value of badpass_message will be printed every time you or any system user types a wrong password.

n

$ sudo visudorn

n

Sudo badpassword Message
Sudo badpassword Message

n

That’s all, in this article we reviewed how to set sudo to print insults when users type a wrong password. Do share your thoughts via the comment section below.

n

‘]