SV-234878r622137_rule
V-234878
SRG-OS-000373-GPOS-00156
SLES-15-020102
CAT II
10
Configure the "sudo" command to require re-authentication.
Edit the /etc/sudoers file:
> sudo visudo
Add or modify the following line:
Defaults timestamp_timeout=[value]
Note: The "[value]" must be a number that is greater than or equal to "0".
Verify the operating system requires re-authentication when using the "sudo" command to elevate privileges.
> sudo grep -i 'timestamp_timeout'
/etc/sudoers /etc/sudoers.d/*
/etc/sudoers:Defaults timestamp_timout=0
If "timestamp_timeout" is set to a negative number, is commented out, or no results are returned, this is a finding.
V-234878
False
SLES-15-020102
Verify the operating system requires re-authentication when using the "sudo" command to elevate privileges.
> sudo grep -i 'timestamp_timeout'
/etc/sudoers /etc/sudoers.d/*
/etc/sudoers:Defaults timestamp_timout=0
If "timestamp_timeout" is set to a negative number, is commented out, or no results are returned, this is a finding.
M
5274