RHEL 9 must use the invoking user's password for privilege escalation when using "sudo".
An XCCDF Rule
Description
If the rootpw, targetpw, or runaspw flags are defined and not disabled, by default the operating system will prompt the invoking user for the "root" user password.
- ID
- SV-258085r1045173_rule
- Version
- RHEL-09-432020
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Define the following in the Defaults section of the /etc/sudoers file or a single configuration file in the /etc/sudoers.d/ directory:
Defaults !targetpw
Defaults !rootpw
Defaults !runaspw