Ensure Privileged Escalated Commands Cannot Execute Other Commands - sudo NOEXEC
An XCCDF Rule
Description
The sudo NOEXEC tag, when specified, prevents user executed
commands from executing other commands, like a shell for example.
This should be enabled by making sure that the NOEXEC tag exists in
/etc/sudoers configuration file or any sudo configuration snippets
in /etc/sudoers.d/.
Rationale
Restricting the capability of sudo allowed commands to execute sub-commands prevents users from running programs with privileges they wouldn't have otherwise.
- ID
- xccdf_org.ssgproject.content_rule_sudo_add_noexec
- Severity
- High
- References
- Updated