The SUSE operating system must reauthenticate users when changing authenticators, roles, or escalating privileges.

An XCCDF Rule

Description

<VulnDiscussion>Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When the SUSE operating system provides the capability to change user authenticators, change security roles, or escalate a functional capability, it is critical the user reauthenticate. Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-234853r1009614_rule
Severity: High
References: CCI-002038 CCI-004895
Updated: 17 days ago

Configure the SUSE operating system to remove any occurrence of "NOPASSWD" or "!authenticate" found in the "/etc/sudoers" file. If the system does not use passwords for authentication, the "NOPASSWD" tag may exist in the file.

The SUSE operating system must reauthenticate users when changing authenticators, roles, or escalating privileges.

Description

Remediation - Manual Procedure