Detections
Analytics
OL09-00-002363 - OL 9 must require users to provide a password for privilege escalation.
Information
Without reauthentication, users may access resources or perform tasks for which they do not have authorization.When operating systems provide the capability to escalate a functional capability, it is critical that the user reauthenticate.
Solution
Configure OL 9 to not allow users to execute privileged actions without authenticating with a password.Remove any occurrence of "NOPASSWD" found in "/etc/sudoers" file or files in the "/etc/sudoers.d" directory.
$ sudo sed -i '/NOPASSWD/ s/^/# /g' /etc/sudoers /etc/sudoers.d/*
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_9_V1R5_STIG.zip
Item Details
Audit Name: DISA Oracle Linux 9 STIG v1r5
Category: ACCESS CONTROL
References: 800-53|AC-6(9), CAT|II, CCI|CCI-002234, Rule-ID|SV-271725r1155318_rule, STIG-ID|OL09-00-002363, Vuln-ID|V-271725
Plugin: Unix
Control ID: f12314ed05107122d03655d9320d90fb3a140a9b89bb771d3064bec227ad2de8