Detections
Analytics

1.88 UBTU-22-432010

Information

The operating system must require users to reauthenticate for privilege escalation or when changing roles.

GROUP ID: V-260558
RULE ID: SV-260558r1050789

Without reauthentication, users may access resources or perform tasks for which they do not have authorization.

When operating systems provide the capability to escalate a functional capability, it is critical the user reauthenticate.

Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157

Solution

Remove any occurrence of "NOPASSWD" or "!authenticate" found in "/etc/sudoers" file or files in the "/etc/sudoers.d" directory.

See Also

https://workbench.cisecurity.org/benchmarks/22168

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-11, CAT|II, CCI|CCI-002038, CCI|CCI-004895, CSCv7|4.3, Rule-ID|SV-260558r1050789_rule, STIG-ID|UBTU-22-432010, Vuln-ID|V-260558

Plugin: Unix

Control ID: 8e76b5ec2281cec72effd070604a6f172bb2c5dd03d783867e52c1cc83a79a77