Detections
Analytics
RHEL-10-600560 - RHEL 10 must require users to provide a password for privilege escalation.
Information
Without reauthentication, users may access resources or perform tasks for which they do not have authorization.When operating systems provide the capability to escalate a functional capability, it is critical that the user reauthenticate.
Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158
Solution
Configure RHEL 10 to not allow users to execute privileged actions without authenticating with a password.Remove any occurrence of "NOPASSWD" found in the "/etc/sudoers" file or files in the "/etc/sudoers.d" directory:
$ sudo find /etc/sudoers /etc/sudoers.d -type f -exec sed -i '/NOPASSWD/ s/^/# /g' {} \;
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-11, CAT|I, CCI|CCI-002038, Rule-ID|SV-281211r1166585_rule, STIG-ID|RHEL-10-600560, Vuln-ID|V-281211
Plugin: Unix
Control ID: e3592adba265b5912676da5a325426a596f0d6c4ae4dfefaa53eb9a6e45ab0ed