The Photon operating system must require users to reauthenticate for privilege escalation.

An XCCDF Rule

Details
Profiles

Description

Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, it is critical the user reauthenticate. Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158

ID: SV-256533r1050789_rule
Version: PHTN-30-000062
Severity: Medium
References: CCI-002038
Updated: about 2 months ago

Remediation Templates

Check the configuration of the "/etc/sudoers" and "/etc/sudoers.d/*" files with the following command:

# visudo

OR
# visudo -f /etc/sudoers.d/<file name>

Remove any occurrences of "NOPASSWD" tags associated with user accounts with a password hash.

The Photon operating system must require users to reauthenticate for privilege escalation.

Description

Remediation Templates

A Manual Procedure