SLES-12-010110 - The SUSE operating system must reauthenticate users when changing authenticators, roles, or escalating privileges - NOPASSWD

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Without reauthentication, users may access resources or perform tasks for which they do not have authorization.

When SUSE operating system provide the capability to change user authenticators, change security roles, or escalate a functional capability, it is critical the user reauthenticate.

Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158

Solution

Configure the SUSE operating system to remove any occurrence of 'NOPASSWD' or '!authenticate' found in the '/etc/sudoers' file. If the system does not use passwords for authentication, the 'NOPASSWD' tag may exist in the file.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SLES_12_V2R9_STIG.zip

Item Details

References: CAT|I, CCI|CCI-002038, Rule-ID|SV-217112r854084_rule, STIG-ID|SLES-12-010110, STIG-Legacy|SV-91763, STIG-Legacy|V-77067, Vuln-ID|V-217112

Plugin: Unix

Control ID: c32904cf6ac49f1d349e36a3e774a7ceb02e233a2456c7024cdbf8e0dcdbb1db