AIX7-00-002061 - AIX must remove NOPASSWD tag from sudo config files.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

sudo command does not require reauthentication if NOPASSWD tag is specified in /etc/sudoers config file, or sudoers files in /etc/sudoers.d/ directory. With this tag in sudoers file, users are not required to reauthenticate for privilege escalation.

Solution

Edit '/etc/sudoers' using 'visudo' command to remove all the 'NOPASSWD' tags:
# visudo -f

Editing a sudo config file that is in '/etc/sudoers.d/' directory and contains the 'NOPASSWD' tags, use 'visudo' the command as follows:
# visudo -f /etc/sudoers.d/<config_file_name>

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_IBM_AIX_7-x_V2R3_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3(7), CAT|I, CCI|CCI-002038, Rule-ID|SV-215260r508663_rule, STIG-ID|AIX7-00-002061, STIG-Legacy|SV-101635, STIG-Legacy|V-91537, Vuln-ID|V-215260

Plugin: Unix

Control ID: 39427f30a2f1a2e1bbff18a6092584e318cc7a2f95653b6ab67735b9636d20dc