Like many (most?) home users, until now I've had my regular userid in sudoers as "ALL = (ALL) ALL". It occurs to me that, even though my machine has no open ports, this is probably not a good idea - just in case my firewall suddenly burns down. So, if my thinking is right on this, I'm wondering if there is a generally approved list of Cmnd_Alias entries? At this point, I've decided to only add entries as I use them, and to try to honestly appraise my need to do the entry as sudo, vs opening a virtual console as root. My root password is non-trivial. Any comments would be appreciated.

Don't know what to suggest you, but... I always have root console(or several) opened, if i need to build and install something, i open it up. Of course, all basic things i do under my user account or do some operations i doubt in under unprivileged user console(also always have that opened).
My root password also is strong, so i don't use (and actually never did before) sudo, preferring to enter password one-two times and have that opened.
What's bad in that? Your computer can be accessed by someone else? Lock the screen then in your DE.

I've been a sudo user since I got into Linux a few years ago, so I want to stay with that if possible. And, judging from the overwhelming lack of response, perhaps sudo isn't a big target for break-ins. Or maybe it's because I don't have any ports open to the internet.

cheers!

For a situation where a strictly limited num of privileged cmds are are needed by a non-root user, sudo is the way to go.

For a home system where any cmd may be needed, I use

su -

and the root passwd as needed. Just make both passwds reasonably strong, more so for root.