Skip to content
Log In

NixOS must require users to reauthenticate for privilege escalation.

An XCCDF Rule

Description

Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, it is critical the user reauthenticate.

ID
SV-268155r1039536_rule
Version
ANIX-00-001500
Severity
Medium
References
Updated

Remediation Templates

A Manual Procedure

Configure /etc/nixos/configuration.nix to enforce reauthentication with sudo by adding the following configuration settings:

 security.sudo.extraConfig = ''
Defaults timestamp_timeout=0
'';