AIX must remove !authenticate option from sudo config files.
An XCCDF Rule
Description
sudo command does not require reauthentication if !authenticate option is specified in /etc/sudoers config file, or config files in /etc/sudoers.d/ directory. With this tag in sudoers, users are not required to reauthenticate for privilege escalation.
- ID
- SV-215261r1009546_rule
- Version
- AIX7-00-002062
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Edit "/etc/sudoers" using "visudo" command to remove all the "!authenticate" options:
# visudo -f /etc/sudoers
Editing a sudo config file that is in "/etc/sudoers.d/" directory and contains "!authenticate" options, use the "visudo" command as follows:
# visudo -f /etc/sudoers.d/<config_file_name>