diff --git a/debian/control b/debian/control
index b72ce15..5ff0bba 100644
--- a/debian/control
+++ b/debian/control
@@ -109,6 +109,11 @@ Description: enhances misc security settings
  from using su to gain root access or switch user accounts.
  /usr/share/pam-configs/security-misc
  (Which results in a change in /etc/pam.d/common-auth.)
+ .
+ * Add user `root` to group `sudo`.
+ .
+ * Lock user accounts after 5 failed login attempts using pam_tally2.
+ /usr/share/pam-configs/security-misc
  .
   * Logging into the root account from a virtual, serial, whatnot console is
  prevented by shipping an existing and empty /etc/securetty.
diff --git a/debian/security-misc.postinst b/debian/security-misc.postinst
index 1bbae43..194929f 100644
--- a/debian/security-misc.postinst
+++ b/debian/security-misc.postinst
@@ -55,6 +55,8 @@ case "$1" in
     ;;
 esac
 
+addgroup root sudo
+
 pam-auth-update --package
 
 home_folder_access_rights_lockdown