Setting the command digest

You can use Digest Settings to specify SHA-2 digests so that sudo can verify the binary's checksum (SHA-2) before sudo executes the binary. The supported digest (hash) types are as follows:

  • SHA224
  • SHA256
  • SHA384
  • SHA512

Select a digest type, and then enter a checksum. You can specify multiple digests for a command.

Note that setting a command digest is only supported in the explicit path matches against the command right, and only supported in the hierarchical zone.