Check: TOSS-04-040920
Tri-Lab Operating System Stack (TOSS) 4 STIG:
TOSS-04-040920
(in versions v1 r3 through v1 r1)
Title
TOSS must restrict privilege elevation to authorized personnel. (Cat II impact)
Discussion
The sudo command allows a user to execute programs with elevated (administrator) privileges. It prompts the user for their password and confirms the request to execute a command by checking a file, called sudoers. If the "sudoers" file is not configured correctly, any user defined on the system can initiate privileged actions on the target system.
Check Content
Verify the "sudoers" file restricts sudo access to authorized personnel. $ sudo grep -iwr 'ALL[[:blank:]]\+ALL' /etc/sudoers /etc/sudoers.d If the either of the following entries are returned, this is a finding: ALL ALL=(ALL) ALL ALL ALL=(ALL:ALL) ALL
Fix Text
Remove the following entries from the sudoers file: ALL ALL=(ALL) ALL ALL ALL=(ALL:ALL) ALL
Additional Identifiers
Rule ID: SV-253133r826066_rule
Vulnerability ID: V-253133
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |