An error occurred:

Check: TOSS-04-020190

Tri-Lab Operating System Stack (TOSS) 4 STIG: TOSS-04-020190 (in version v2 r1)

Title

TOSS must require users to provide a password for privilege escalation. (Cat II impact)

Discussion

Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, it is critical the user reauthenticate.

Check Content

Verify that "/etc/sudoers" has no occurrences of "NOPASSWD." Check that the "/etc/sudoers" file has no occurrences of "NOPASSWD" by running the following command: $ sudo grep -i nopasswd /etc/sudoers /etc/sudoers.d/* %admin ALL=(ALL) NOPASSWD: ALL If any occurrences of "NOPASSWD" are returned from the command and have not been documented with the information system security officer (ISSO) as an organizationally defined administrative group utilizing multifactor authentication (MFA), this is a finding.

Fix Text

Remove any occurrence of "NOPASSWD" found in "/etc/sudoers" file or files in the "/etc/sudoers.d" directory.

Additional Identifiers

Rule ID: SV-252959r987879_rule

Vulnerability ID: V-252959

Group Title: SRG-OS-000373-GPOS-00157

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-004895

Permit users to invoke the trusted communications path for communications between the user and the organization-defined security functions, including at a minimum, authentication and re-authentication.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check