AZLX-23-001010 - Amazon Linux 2023 must require reauthentication when using the "sudo" command.

Information

Without reauthentication, users may access resources or perform tasks for which they do not have authorization.

Solution

Configure Amazon Linux 2023 to reauthenticate "sudo" commands after the specified timeout:

Add the following line to "/etc/sudoers" or a file in "/etc/sudoers.d":

Defaults timestamp_timeout=0

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Amazon_Linux_2023_V1R2_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-11, CAT|II, CCI|CCI-002038, Rule-ID|SV-274014r1120030_rule, STIG-ID|AZLX-23-001010, Vuln-ID|V-274014

Plugin: Unix

Control ID: bc64524c63f0f7770f2c8cf503ad316d7ff6c54fa6f64eb5560e2ff7bb0f8e85