Skip to content

Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate

An XCCDF Rule

Description

The sudo !authenticate option, when specified, allows a user to execute commands using sudo without having to authenticate. This should be disabled by making sure that the !authenticate option does not exist in /etc/sudoers configuration file or any sudo configuration snippets in /etc/sudoers.d/.

Rationale

Without re-authentication, users may access resources or perform tasks for which they do not have authorization.

When operating systems provide the capability to escalate a functional capability, it is critical that the user re-authenticate.

ID
xccdf_org.ssgproject.content_rule_sudo_remove_no_authenticate
Severity
Medium
References
Updated