Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate
An XCCDF Rule
Description
The sudo !authenticate
option, when specified, allows a user to execute commands using
sudo without having to authenticate. This should be disabled by making sure that the
!authenticate
option does not exist in /etc/sudoers
configuration file or
any sudo configuration snippets in /etc/sudoers.d/
.
Rationale
Without re-authentication, users may access resources or perform tasks for which they
do not have authorization.
When operating systems provide the capability to escalate a functional capability, it
is critical that the user re-authenticate.
- ID
- xccdf_org.ssgproject.content_rule_sudo_remove_no_authenticate
- Severity
- Medium
- References
- Updated