Ensure a dedicated group owns sudo
An XCCDF Rule
Description
Restrict the execution of privilege escalated commands to a dedicated group of users.
Ensure the group owner of /usr/bin/sudo is
warning alert: Functionality Warning
Changing group owner of
/usr/bin/sudo to a group with no member users will prevent
any and all escalatation of privileges.
Additionally, the system may become unmanageable if root logins are not allowed.warning alert: Warning
This rule doesn't come with a remediation, before remediating the sysadmin needs to add users to the dedicated sudo group.
Rationale
Restricting the set of users able to execute commands as privileged user reduces the attack surface.
- ID
- xccdf_org.ssgproject.content_rule_sudo_dedicated_group
- Severity
- Medium
- References
- Updated