5.3 Reduce the sudo timeout period

Information

The sudo command stays logged in as the root user for five minutes before timing out and re-requesting a password. This five minute window should be eliminated since it leaves the system extremely vulnerable. This is especially true if an exploit were to gain access to the system, since they would be able to make changes as a root user.

Solution

Perform the following to implement the prescribed state:
1. Run the following command in Terminal:
sudo visudo
2. In the '# Defaults specification' section, add the line:
Defaults timestamp_timeout=0

See Also

https://workbench.cisecurity.org/files/301

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3(7)

Plugin: Unix

Control ID: 6101717832b39e645213da6edabe328b810c775dc53082591a2920add90764b0