Title

RHEL 9 must restrict privilege elevation to authorized personnel. (Cat II impact)

Discussion

If the "sudoers" file is not configured correctly, any user defined on the system can initiate privileged actions on the target system.

Check Content

Verify RHEL 9 restricts privilege elevation to authorized personnel with the following command: $ sudo grep -iwR 'ALL' /etc/sudoers /etc/sudoers.d/ | grep -v '#' If the either of the following entries are returned, this is a finding: ALL ALL=(ALL) ALL ALL ALL=(ALL:ALL) ALL

Fix Text

Remove the following entries from the /etc/sudoers file or configuration file under /etc/sudoers.d/: ALL ALL=(ALL) ALL ALL ALL=(ALL:ALL) ALL

Additional Identifiers

Rule ID: SV-258087r1102071_rule

Vulnerability ID: V-258087

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.