DLPX-86535 CIS: restrict access to su command

PR URL: https://www.github.com/delphix/delphix-platform/pull/469

Author: rupalimatkar

files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml

@@ -329,6 +329,15 @@
     regexp: '^(session[\s]+optional[\s]+pam_motd\.so.*)$'
     replace: '#\1'
 
+#
+# Restricting su access to ensure only authorized users in a specific group
+# can elevate privileges to another user, like the root user
+#
+- replace:
+    dest: /etc/pam.d/su
+    regexp: '^#?[\s]*(auth[\s]+required[\s]+pam_wheel\.so.*)$'
+    replace: '\1'
+
 #
 # Prevent sshd from offering weak message authentication codes to clients.
 #