Setting the command digest
You can use Digest Settings to specify SHA-2 digests so that sudo can verify the binary's checksum (SHA-2) before sudo executes the binary. The supported digest (hash) types are as follows:
- SHA224
- SHA256
- SHA384
- SHA512
Select a digest type, and then enter a checksum. You can specify multiple digests for a command.
Note that setting a command digest is only supported in the explicit path matches against the command right, and only supported in the hierarchical zone.