Detections
Analytics

1.64 UBTU-24-300021

Information

The operating system must require users to reauthenticate for privilege escalation or when changing roles.

GROUP ID: V-270707
RULE ID: SV-270707r1066610

Without reauthentication, users may access resources or perform tasks for which they do not have authorization.

When operating systems provide the capability to escalate a functional capability, it is critical the user reauthenticate.

Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157

Solution

Remove any occurrence of "NOPASSWD" or "!authenticate" found in "/etc/sudoers" file or files in the "/etc/sudoers.d" directory.

See Also

https://workbench.cisecurity.org/benchmarks/22775

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-11, CAT|II, CCI|CCI-002038, CCI|CCI-004895, CSCv7|4.3, Rule-ID|SV-270707r1066610_rule, STIG-ID|UBTU-24-300021, Vuln-ID|V-270707

Plugin: Unix

Control ID: 2d151bdcd8fdcb6af0f37cb06ab95d638643cfb3d90470dc01284570dea65ce0