UBTU-16-010300 - The Ubuntu operating system must require users to re-authenticate for privilege escalation and changing roles - sudoers

Information

Without re-authentication, users may access resources or perform tasks for which they do not have authorization.

When Ubuntu operating systems provide the capability to escalate a functional capability or change security roles, it is critical the user re-authenticate.

Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157

Solution

Remove any occurrence of 'NOPASSWD' or '!authenticate' found in '/etc/sudoers' file or files in the '/etc/sudoers.d' directory.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CAN_Ubuntu_16-04_LTS_V2R3_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-11, CAT|II, CCI|CCI-002038, Rule-ID|SV-214969r610931_rule, STIG-ID|UBTU-16-010300, STIG-Legacy|SV-90169, STIG-Legacy|V-75489, Vuln-ID|V-214969

Plugin: Unix

Control ID: a3d8fb13271df7492e810c771a3842210c168163766e6a00df89199c6f755e11