Detections
Analytics

1.326 RHEL-09-611085

Information

RHEL 9 must require users to provide a password for privilege escalation.

GROUP ID: V-258106
RULE ID: SV-258106r1050789

Without reauthentication, users may access resources or perform tasks for which they do not have authorization.

When operating systems provide the capability to escalate a functional capability, it is critical that the user reauthenticate.

Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158

Solution

Configure RHEL 9 to not allow users to execute privileged actions without authenticating with a password.

Remove any occurrence of "NOPASSWD" found in "/etc/sudoers" file or files in the "/etc/sudoers.d" directory.

$ sudo find /etc/sudoers /etc/sudoers.d -type f -exec sed -i '/NOPASSWD/ s/^/# /g' {} \;

See Also

https://workbench.cisecurity.org/benchmarks/22008

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-11, CAT|II, CCI|CCI-002038, CCI|CCI-004895, Rule-ID|SV-258106r1050789_rule, STIG-ID|RHEL-09-611085, Vuln-ID|V-258106

Plugin: Unix

Control ID: d5f6393c77245850fb983c9470129256a66865456027d862a2ed9875ccc3b560