diff --git a/preseed.cfg b/preseed.cfg
index a908b41..a3df5b9 100644
--- a/preseed.cfg
+++ b/preseed.cfg
@@ -538,6 +538,8 @@ echo 'mv -f /etc/rc.local /etc/rc.local.baco' >> /target/etc/rc.local; \
 echo 'mv -f /etc/rc.local.orig /etc/rc.local' >> /target/etc/rc.local; \
 echo 'test -x /etc/rc.local && /etc/rc.local' >> /target/etc/rc.local; \
 echo 'exit 0' >> /target/etc/rc.local; \
+echo -e 'passwd_tries=3\nbadpass_message="I am sorry. I am afraid you cannot do that."\nlog_input\nlog_output\niolog_dir="/var/log/sudo"\nrequiretty\nsecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"\n' | sed 's/^/Defaults\t/' > /target/etc/sudoers.d/sudo; \
+chmod 0440 /target/etc/sudoers.d/sudo; \
 in-target /usr/bin/systemctl enable rc-local.service >>/tmp/.42 2>&1; \
 in-target /usr/bin/update-alternatives --set editor /usr/bin/vim.basic >>/tmp/.42 2>&1; \
 in-target /usr/bin/ln -snf /usr/bin/vim.basic /etc/alternatives/editor >>/tmp/.42 2>&1; \
@@ -545,10 +547,10 @@ in-target /usr/bin/sed -i'.orig' -r 's/^#?(Port) .*/\1 4242/; s/^#?(PermitRootLo
 in-target /usr/sbin/groupadd -f -r sudo >>/tmp/.42 2>&1; \
 in-target /usr/sbin/groupadd -f user42 >>/tmp/.42 2>&1; \
 in-target /usr/sbin/usermod -a -G sudo,user42 gbaconni >>/tmp/.42 2>&1; \
+in-target /usr/bin/chage -M 30 -m 2 -W 7 gbaconni >>/tmp/.42 2>&1; \
 in-target /usr/bin/sed -i'.orig' -r 's/^#?(PASS_MAX_DAYS).*/\1\t30/; s/^#?(PASS_MIN_DAYS).*/\1\t2/; s/^#?(PASS_WARN_AGE).*/\1\t7/; s/^#?(PASS_MIN_LEN).*/\1\t10/;' /etc/login.defs >>/tmp/.42 2>&1; \
 in-target /usr/bin/sed -i'.orig' -r 's/^[# ]*(minlen =)/\1 10/; s/^[# ]*([ud]credit =)/\1 -1/; s/^[# ]*(maxrepeat =)/\1 3/; s/^[# ]*(usercheck =)/\1 1/; s/^[# ]*(difok =)/\1 7/;' /etc/security/pwquality.conf >>/tmp/.42 2>&1; \
 in-target /usr/bin/install -D -d /var/log/sudo >>/tmp/.42 2>&1; \
-in-target /usr/bin/printf 'passwd_tries=3\nbadpass_message="I am sorry. I am afraid you cannot do that."\nlog_input\nlog_output\niolog_dir="/var/log/sudo"\nrequiretty\nsecure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"\n' | sed 's/^/Defaults\t/' >/etc/sudoers.d/sudo 2>>/tmp/.42; \
 in-target /usr/bin/apt-get clean >>/tmp/.42 2>&1; \
 in-target echo "That's All Folks!"  >>/tmp/.42 2>&1