Detections
Analytics

5.2.2 Ensure sudo commands use pty

Information

sudo can be configured to run only from a pseudo terminal ( pseudo-pty ).

More information about the sudoers configuration files, their location, and load preference is available in the section overview.

Attackers can run a malicious program using sudo which would fork a background process that remains even when the main program has finished executing.

Solution

Edit the file /etc/sudoers with visudo or a file in /etc/sudoers.d/ with visudo -f <PATH TO FILE> and add the following line:

Defaults use_pty

Edit the file /etc/sudoers with visudo and any files in /etc/sudoers.d/ with visudo -f <PATH TO FILE> and remove any occurrence of !use_pty

Impact:

WARNING: Editing the sudo configuration incorrectly can cause sudo to stop functioning. Always use visudo to modify sudo configuration files.

See Also

https://workbench.cisecurity.org/benchmarks/26236

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, 800-53|AC-6(2), 800-53|AC-6(5), CSCv7|4.3

Plugin: Unix

Control ID: ac431d3108b0ee4d4e7d959cbcb1bfedfa6eec94fac58982e11ee0687979f04c