Only the VDSM User Can Use sudo NOPASSWD
An XCCDF Rule
Description
The sudo NOPASSWD tag, when specified, allows a user to execute commands using sudo without having to authenticate. Only the vdsm user should have this capability in any sudo configuration snippets in /etc/sudoers.d/.
Rationale
Without re-authentication, users may access resources or perform tasks for which they
do not have authorization.
When operating systems provide the capability to escalate a functional capability, it
is critical that the user re-authenticate.
- ID
- xccdf_org.ssgproject.content_rule_sudo_vdsm_nopasswd
- Severity
- Medium
- Updated