Sudoers is the default sudo security policy plugin in Linux, however, experienced system administrators can specify a custom security policy as well as input and output logging plugins. It is driven by the /etc/sudoers file or alternatively in LDAP.

 

Start by opening the file /etc/sudoers like so:

$ sudo visudo

 

Go to the defaults section and add the following line:

Defaults   insults

 

Defaults defined such as send mail to root when each time a user enters a bad password, set a secure path, configure a custom sudo log file and more.

 

Save the file and close it.

 

Run a command with sudo and enter the wrong password, then observe how insults option works:

$ sudo visudo

 

Note: When you configure the insults parameter, it disables the badpass_message parameter which prints a specific message on the command line (the default message is “sorry, try again”) in case a user enters a wrong password.

 

To modify the message, add the badpass_message parameter to the /etc/sudoers file as shown below.

Defaults  badpass_message="Password is wrong, please try again"  #try to set a message of your own

 

Save the file and close it, then invoke sudo and see how it works, the message you set as the value of badpass_message will be printed every time you or any system user types a wrong password.

$ sudo visudo

 

Was this answer helpful? 0 Users Found This Useful (0 Votes)