1.3.2 Ensure sudo commands use pty

Information

sudo can be configured to run only from a psuedo-pty

Rationale:

Attackers can run a malicious program using sudo, which would again fork a background process that remains even when the main program has finished executing.

Solution

edit the file /etc/sudoers or a file in /etc/sudoers.d/ with visudo -f and add the following line:

Defaults use_pty

See Also

https://workbench.cisecurity.org/files/2970