Detections
Analytics

1.307 RHEL-09-432025

Information

RHEL 9 must require users to reauthenticate for privilege escalation.

GROUP ID: V-258086
RULE ID: SV-258086r1050789

Without reauthentication, users may access resources or perform tasks for which they do not have authorization.

When operating systems provide the capability to escalate a functional capability, it is critical that the user reauthenticate.

Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158

Solution

Configure RHEL 9 to not allow users to execute privileged actions without authenticating.

Remove any occurrence of "!authenticate" found in "/etc/sudoers" file or files in the "/etc/sudoers.d" directory.

$ sudo sed -i '/\!authenticate/ s/^/# /g' /etc/sudoers /etc/sudoers.d/*

See Also

https://workbench.cisecurity.org/benchmarks/22008

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-11, CAT|II, CCI|CCI-002038, CCI|CCI-004895, Rule-ID|SV-258086r1050789_rule, STIG-ID|RHEL-09-432025, Vuln-ID|V-258086

Plugin: Unix

Control ID: d86f720aa628980cf42119d5ac22ecc8130f736cb086fc06dfdb47ea351916ce