Check: OL6-00-000539
Oracle Linux 6 STIG:
OL6-00-000539
(in versions v2 r7 through v2 r6)
Title
The Oracle Linux operating system must not be configured to bypass password requirements for privilege escalation. (Cat II impact)
Discussion
Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, it is critical the user re-authenticate. Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158
Check Content
Verify the operating system is not be configured to bypass password requirements for privilege escalation. Check the configuration of the "/etc/pam.d/sudo" file with the following command: $ sudo grep pam_succeed_if /etc/pam.d/sudo If any occurrences of "pam_succeed_if" is returned from the command, this is a finding.
Fix Text
Configure the operating system to require users to supply a password for privilege escalation. Check the configuration of the "/etc/ pam.d/sudo" file with the following command: $ sudo vi /etc/pam.d/sudo Remove any occurrences of "pam_succeed_if" in the file.
Additional Identifiers
Rule ID: SV-251696r854360_rule
Vulnerability ID: V-251696
Group Title: SRG-OS-000373
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002038 |
The organization requires users to reauthenticate upon organization-defined circumstances or situations requiring reauthentication. |
Controls
Number | Title |
---|---|
IA-11 |
Re-Authentication |