SV-237626r646949_rule
V-237626
SRG-OS-000373
OL6-00-000537
CAT II
10
Configure the "sudo" command to require re-authentication.
Edit the /etc/sudoers file:
$ sudo visudo
Add or modify the following line:
Defaults timestamp_timeout=[value]
Note: The "[value]" must be a number that is greater than or equal to "0".
Verify the operating system requires re-authentication when using the "sudo" command to elevate privileges.
$ sudo grep -i 'timestamp_timeout' /etc/sudoers /etc/sudoers.d/*
/etc/sudoers:Defaults timestamp_timout=0
If "timestamp_timeout" is set to a negative number, is commented out, or no results are returned, this is a finding.
V-237626
False
OL6-00-000537
Verify the operating system requires re-authentication when using the "sudo" command to elevate privileges.
$ sudo grep -i 'timestamp_timeout' /etc/sudoers /etc/sudoers.d/*
/etc/sudoers:Defaults timestamp_timout=0
If "timestamp_timeout" is set to a negative number, is commented out, or no results are returned, this is a finding.
M
2928