RHEL 8 must require users to provide a password for privilege escalation.
An XCCDF Rule
Description
Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, it is critical the user reauthenticate. Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158
- ID
- SV-230271r1050789_rule
- Version
- RHEL-08-010380
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Remove any occurrence of "NOPASSWD" found in "/etc/sudoers" file or files in the "/etc/sudoers.d" directory.