Detections
Analytics
ALMA-09-032140 - AlmaLinux OS 9 must not be configured to bypass password requirements for privilege escalation.
Information
Without re-authentication, users may access resources or perform tasks for which they do not have authorization.When operating systems provide the capability to escalate a functional capability, it is critical the user re-authenticate.
Solution
Configure the operating system to require users to supply a password for privilege escalation.Remove any occurrences of " pam_succeed_if " in the "/etc/pam.d/sudo" file.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CL_AlmaLinux_OS_9_V1R6_STIG.zip
Item Details
Audit Name: DISA Cloud Linux AlmaLinux OS 9 STIG v1r6
Category: ACCESS CONTROL
References: 800-53|AC-6(9), CAT|II, CCI|CCI-002234, Rule-ID|SV-269361r1050244_rule, STIG-ID|ALMA-09-032140, Vuln-ID|V-269361
Plugin: Unix
Control ID: 7a77543bdee1cb89f5f520f0d00a691f7abae1688cb3781ccaac07138e0ce937