Title

The macOS system must be configured with the sudoers file configured to authenticate users on a per -tty basis. (Cat I impact)

Discussion

The "sudo" command must be configured to prompt for the administrator's password at least once in each newly opened Terminal window or remote logon session, as this prevents a malicious user from taking advantage of an unlocked computer or an abandoned logon session to bypass the normal password prompt requirement. Without the "tty_tickets" option, all open local and remote logon sessions would be authenticated to use sudo without a password for the duration of the configured password timeout window.

Check Content

To check if the "tty_tickets" option is set for "/usr/bin/sudo", run the following command: /usr/bin/sudo /usr/bin/grep tty_tickets /etc/sudoers If there is no result, this is a finding.

Fix Text

Edit the "/etc/sudoers" file to contain the line: Defaults tty_tickets This line can be placed in the defaults section or at the end of the file.

Additional Identifiers

Rule ID: SV-230844r599842_rule

Vulnerability ID: V-230844

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.