There is no chance of an internal attack, so I would like to give sudo privileges to users at the local computer using sudoers. I tried these lines separately:
%admin localhost=(ALL) NOPASSWD: ALL
%admin 127.0.0.1=(ALL) NOPASSWD: ALL
But sudoers does not seem recognize either localhost or 127.0.0.1.
Is there an alternative, and if so, how secure would it be? Could a remote attacker gain local user privileges using cron or some other method?
%admin ALL=(ALL) NOPASSWD: ALL
The host list restricts the sudo rule to hosts on which one network interface has a name or address in the list. Since every host has a loopback interface, every host should match your rule; in fact, sudo skips the loopback interface when checking host lists, so no host does match your rule; either way specifying the host as localhost is not useful.
Sudo doesn't do any network authentication: the host list is there so that you can deploy a single sudoers file on multiple machines and give users different permissions on different machines.
Cron also doesn't do any network authentication. A remote user would gain user privileges through a misconfigured or vulnerable network server or client (http, ftp, samba, nfs, snmp, ssh, …).
It seems that your hostname is not a "localhost".
See output hostname command or check content your /etc/hostname
sudo does not know anything about the loopback interface (localhost/127.0.0.1), but it knows about all of the other interfaces. If your machine has at least one such interface, then it is considered to be on a network. Thus during the interface configuration -generally done during the OS installation- you were required to set a "host name", or maybe one was assigned automatically.
This "host name" can be accessed via the "hostname" command or the /etc/hostname file.
As a consequence,
(i) your machine has a loopback interface but also certainly a "host name"
(ii) sudo can only use this "network name"
(iii) if you replace "localhost=" by "<your hostname>" in your sudoers file, the rule will match and everything will work as you expect.
