STIGQter: STIG Summary: Oracle Linux 7 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Oracle Linux operating system must require re-authentication when using the "sudo" command.

DISA Rule

SV-237629r646970_rule

Vulnerability Number

V-237629

Group Title

SRG-OS-000373-GPOS-00156

Rule Version

OL07-00-010343

Severity

CAT II

CCI(s)

• CCI-002038 - The organization requires users to reauthenticate upon organization-defined circumstances or situations requiring reauthentication.

Weight

10

Fix Recommendation

Configure the "sudo" command to require re-authentication.
Edit the /etc/sudoers file:
$ sudo visudo

Add or modify the following line:
Defaults timestamp_timeout=[value]
Note: The "[value]" must be a number that is greater than or equal to "0".

Check Contents

Verify the system is configured to boot to the command line:

Verify the operating system requires re-authentication when using the "sudo" command to elevate privileges.

$ sudo grep -i 'timestamp_timeout' /etc/sudoers /etc/sudoers.d/*
/etc/sudoers:Defaults timestamp_timout=0

If "timestamp_timeout" is set to a negative number, is commented out, or no results are returned, this is a finding.

Vulnerability Number

V-237629

Documentable

False

Rule Version

OL07-00-010343

Severity Override Guidance

Verify the system is configured to boot to the command line:

Verify the operating system requires re-authentication when using the "sudo" command to elevate privileges.

$ sudo grep -i 'timestamp_timeout' /etc/sudoers /etc/sudoers.d/*
/etc/sudoers:Defaults timestamp_timout=0

If "timestamp_timeout" is set to a negative number, is commented out, or no results are returned, this is a finding.

Check Content Reference

M

Target Key

4089

Comments