TOSS must require users to provide a password for privilege escalation.
An XCCDF Rule
Description
Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, it is critical the user reauthenticate.
- ID
- SV-252959r987879_rule
- Version
- TOSS-04-020190
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Remove any occurrence of "NOPASSWD" found in "/etc/sudoers" file or files in the "/etc/sudoers.d" directory.