1.3.1 Ensure sudo is installed

Information

sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. The invoking user's real (not effective) user ID is used to determine the user name with which to query the security policy.

Rationale:

sudo supports a plugin architecture for security policies and input/output logging. Third parties can develop and distribute their own policy and I/O logging plugins to work seamlessly with the sudo front end. The default security policy is sudoers, which is configured via the file /etc/sudoers.

The security policy determines what privileges, if any, a user has to run sudo. The policy may require that users authenticate themselves with a password or another authentication mechanism. If authentication is required, sudo will exit if the user's password is not entered within a configurable time limit. This limit is policy-specific.

Solution

Install sudo using the following command.

# apt install sudo

OR

# apt install sudo-ldap

References:

SUDO(8)

http://www.sudo.ws/

Notes:

Use the sudo-ldap package if you need LDAP support for sudoers.

See Also

https://workbench.cisecurity.org/files/2658

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2(9), CSCv7|4.3

Plugin: Unix

Control ID: 27b58d5c46b6becaffbdb1157f5a207222c4d0114c00b5f3ee7829387b346006