Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty

Description

The sudo use_pty tag, when specified, will only execute sudo commands from users logged in to a real tty. This should be enabled by making sure that the use_pty tag exists in /etc/sudoers configuration file or any sudo configuration snippets in /etc/sudoers.d/.

Rationale

Requiring that sudo commands be run in a pseudo-terminal can prevent an attacker from retaining access to the user's terminal after the main program has finished executing.

ID: xccdf_org.ssgproject.content_rule_sudo_add_use_pty
Severity: Medium
References: BP28(R58)

Req-10.2.5

2.2.6
Updated: about 1 year ago