STIGQter STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The SUSE operating system must require re-authentication when using the "sudo" command.

DISA Rule

SV-234878r622137_rule

Vulnerability Number

V-234878

Group Title

SRG-OS-000373-GPOS-00156

Rule Version

SLES-15-020102

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the "sudo" command to require re-authentication.
Edit the /etc/sudoers file:

> sudo visudo

Add or modify the following line:
Defaults timestamp_timeout=[value]
Note: The "[value]" must be a number that is greater than or equal to "0".

Check Contents

Verify the operating system requires re-authentication when using the "sudo" command to elevate privileges.

> sudo grep -i 'timestamp_timeout'

/etc/sudoers /etc/sudoers.d/*
/etc/sudoers:Defaults timestamp_timout=0

If "timestamp_timeout" is set to a negative number, is commented out, or no results are returned, this is a finding.

Vulnerability Number

V-234878

Documentable

False

Rule Version

SLES-15-020102

Severity Override Guidance

Verify the operating system requires re-authentication when using the "sudo" command to elevate privileges.

> sudo grep -i 'timestamp_timeout'

/etc/sudoers /etc/sudoers.d/*
/etc/sudoers:Defaults timestamp_timout=0

If "timestamp_timeout" is set to a negative number, is commented out, or no results are returned, this is a finding.

Check Content Reference

M

Target Key

5274

Comments