STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must be configured so that only users who need access to security functions are part of the sudo group.

DISA Rule

SV-219169r610963_rule

Vulnerability Number

V-219169

Group Title

SRG-OS-000134-GPOS-00068

Rule Version

UBTU-18-010037

Severity

CAT I

CCI(s)

CCI-001084 - The information system isolates security functions from nonsecurity functions.

Weight

Fix Recommendation

Configure the sudo group with only members requiring access to security functions.

To remove a user from the sudo group run:

sudo gpasswd -d <username> sudo

Check Contents

Verify that the sudo group has only members who should have access to security functions.

# grep sudo /etc/group

sudo:x:27:foo

If the sudo group contains users not needing access to security functions, this is a finding.

Vulnerability Number

V-219169

Documentable

False

Rule Version

UBTU-18-010037

Severity Override Guidance

Check Content Reference

Target Key

4055

The Ubuntu operating system must be configured so that only users who need access to security functions are part of the sudo group.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments