Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo requiretty

An XCCDF Rule

Details
Profiles
Prose

Description

The sudo requiretty tag, when specified, will only execute sudo commands from users logged in to a real tty. This should be enabled by making sure that the requiretty tag exists in /etc/sudoers configuration file or any sudo configuration snippets in /etc/sudoers.d/.

Rationale

Restricting the use cases in which a user is allowed to execute sudo commands reduces the attack surface.

ID: xccdf_org.ssgproject.content_rule_sudo_add_requiretty
Severity: Medium
References: BP28(R58)
Updated: about 1 year ago