Verify Group Who Owns /etc/sudoers File

An XCCDF Rule

Description

To properly set the group owner of /etc/sudoers, run the command:

$ sudo chgrp root /etc/sudoers

Rationale

The ownership of the /etc/sudoers file by the root group is important because this file hosts sudo configuration. Protection of this file is critical for system security. Assigning the ownership to root ensures exclusive control of the sudo configuration.

ID: xccdf_org.ssgproject.content_rule_file_groupowner_etc_sudoers
Severity: Medium
References: R50
Updated: 5 days ago

- name: Test for existence /etc/sudoers
  stat:
    path: /etc/sudoers
  register: file_exists
  tags:
  - configure_strategy  - file_groupowner_etc_sudoers
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed

- name: Ensure group owner root on /etc/sudoers
  file:
    path: /etc/sudoers
    group: root
  when: file_exists.stat is defined and file_exists.stat.exists
  tags:
  - configure_strategy
  - file_groupowner_etc_sudoers
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed

chgrp -L root /etc/sudoers

Verify Group Who Owns /etc/sudoers File

Description

Rationale

Remediation - Ansible

Remediation - Shell Script