PHTN-30-000062 - The Photon operating system must require users to reauthenticate for privilege escalation.

Information

Without reauthentication, users may access resources or perform tasks for which they do not have authorization.

When operating systems provide the capability to escalate a functional capability, it is critical the user reauthenticate.

Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Check the configuration of the '/etc/sudoers' and '/etc/sudoers.d/*' files with the following command:

# visudo

OR

# visudo -f /etc/sudoers.d/<file name>

Remove any occurrences of 'NOPASSWD' tags associated with user accounts with a password hash.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y24M01_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-11, CAT|II, CCI|CCI-002038, Rule-ID|SV-256533r887273_rule, STIG-ID|PHTN-30-000062, Vuln-ID|V-256533

Plugin: Unix

Control ID: 50038bfb2325a94984f8f258fe040e29cdeaeb81f6f5c15ea0a85e1016ede461