SLEM 5 must reauthenticate users when changing authenticators, roles, or escalating privileges.
An XCCDF Rule
Description
Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When SLEM 5 provides the capability to change user authenticators, change security roles, or escalate a functional capability, it is critical the user reauthenticate.
- ID
- SV-261373r996558_rule
- Version
- SLEM-05-432015
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure SLEM 5 to remove any occurrence of "NOPASSWD" or "!authenticate" found in the "/etc/sudoers" file. If the system does not use passwords for authentication, the "NOPASSWD" tag may exist in the file.