Title

sudo usage must be restricted to a single terminal, and for only one sudo instance at a time. (Cat I impact)

Discussion

Do not allow direct root login because the logs cannot identify which administrator logged in. Instead, log in using accounts with administrator privileges, and then use the sudo command to perform actions as root. These limit the use of the sudo command to a single command per authentication and also ensure, even if a timeout is activated, that later sudo commands are limited to the terminal in which authentication occurred.

Check Content

Open a terminal session and use the following command to view the values. grep Defaults /etc/sudoers Ensure the following items exist: "Defaults tty_tickets" and "Defaults timestamp_timeout=0" If the values are not present, this is a finding.

Fix Text

Open a terminal session and enter the following commands to set the values in the /etc/sudoers file. VISUAL=pico visudo Enter the following two lines in the file. Defaults tty_tickets Defaults timestamp_timeout=0 Save and exit the file.

Additional Identifiers

Rule ID: SV-38614r1_rule

Vulnerability ID: V-25262

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.