RHEL 9 must not be configured to bypass password requirements for privilege escalation.

An XCCDF Rule

Details
Profiles

Description

Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, it is critical the user reauthenticate. Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158

ID: SV-258118r1050789_rule
Version: RHEL-09-611145
Severity: Medium
References: CCI-002038 CCI-004895
Updated: about 2 months ago

Remediation Templates

Configure the operating system to require users to supply a password for privilege escalation.

Remove any occurrences of " pam_succeed_if " in the  "/etc/pam.d/sudo" file.

RHEL 9 must not be configured to bypass password requirements for privilege escalation.

Description

Remediation Templates

A Manual Procedure