Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Red Hat Enterprise Linux 9
System Settings
Installing and Maintaining Software
Sudo
Require Re-Authentication When Using the sudo Command
Require Re-Authentication When Using the sudo Command
An XCCDF Rule
Details
Profiles
Prose
Require Re-Authentication When Using the sudo Command
Medium Severity
The sudo
timestamp_timeout
tag sets the amount of time sudo password prompt waits. The default
timestamp_timeout
value is 5 minutes. The timestamp_timeout should be configured by making sure that the
timestamp_timeout
tag exists in
/etc/sudoers
configuration file or any sudo configuration snippets in
/etc/sudoers.d/
. If the value is set to an integer less than 0, the user's time stamp will not expire and the user will not have to re-authenticate for privileged actions until the user's session is terminated.