Check: PHTN-67-000065
VMware vSphere 6.7 Photon OS STIG:
PHTN-67-000065
(in versions v1 r6 through v1 r1)
Title
The Photon operating system must require users to reauthenticate for privilege escalation. (Cat II impact)
Discussion
Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, it is critical the user reauthenticate. Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158
Check Content
At the command line, execute the following commands: # grep -ihs nopasswd /etc/sudoers /etc/sudoers.d/*|grep -v "^#"|grep -v "^%"|awk '{print $1}' # awk -F: '($2 != "x" && $2 != "!") {print $1}' /etc/shadow If any account listed in the first output is also listed in the second output, this is a finding.
Fix Text
Check the configuration of the "/etc/sudoers" and "/etc/sudoers.d/*" files with the following command: # visudo OR # visudo -f /etc/sudoers.d/<file name> Remove any occurrences of "NOPASSWD" tags associated with user accounts with a password hash.
Additional Identifiers
Rule ID: SV-239136r856054_rule
Vulnerability ID: V-239136
Group Title: SRG-OS-000373-GPOS-00156
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002038 |
The organization requires users to reauthenticate upon organization-defined circumstances or situations requiring reauthentication. |
Controls
Number | Title |
---|---|
IA-11 |
Re-Authentication |