Verify Permissions On /etc/sudoers File

An XCCDF Rule

Description

To properly set the permissions of /etc/sudoers, run the command:

$ sudo chmod 0440 /etc/sudoers

Rationale

Setting correct permissions on the /etc/sudoers file is important because this file hosts sudo configuration. Protection of this file is critical for system security. Restricting the permissions ensures exclusive control of the sudo configuration.

ID: xccdf_org.ssgproject.content_rule_file_permissions_etc_sudoers
Severity: Medium
References: R50
Updated: 5 days ago

- name: Test for existence /etc/sudoers
  stat:
    path: /etc/sudoers
  register: file_exists
  tags:
  - configure_strategy  - file_permissions_etc_sudoers
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed

- name: Ensure permission u-xws,g-xws,o-xwrt on /etc/sudoers
  file:
    path: /etc/sudoers
    mode: u-xws,g-xws,o-xwrt
  when: file_exists.stat is defined and file_exists.stat.exists
  tags:
  - configure_strategy
  - file_permissions_etc_sudoers
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed





chmod u-xws,g-xws,o-xwrt /etc/sudoers

Verify Permissions On /etc/sudoers File

Description

Rationale

Remediation - Ansible

Remediation - Shell Script