STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021:

The Red Hat Enterprise Linux operating system must require re-authentication when using the "sudo" command.

DISA Rule

SV-237635r646856_rule

Vulnerability Number

V-237635

Group Title

SRG-OS-000373-GPOS-00156

Rule Version

RHEL-07-010343

Severity

CAT II

CCI(s)

• CCI-002038 - The organization requires users to reauthenticate upon organization-defined circumstances or situations requiring reauthentication.

Weight

10

Fix Recommendation

Configure the "sudo" command to require re-authentication.
Edit the /etc/sudoers file:
$ sudo visudo

Add or modify the following line:
Defaults timestamp_timeout=[value]
Note: The "[value]" must be a number that is greater than or equal to "0".

Check Contents

Verify the operating system requires re-authentication when using the "sudo" command to elevate privileges.

$ sudo grep -i 'timestamp_timeout' /etc/sudoers /etc/sudoers.d/*
/etc/sudoers:Defaults timestamp_timout=0

If "timestamp_timeout" is set to a negative number, is commented out, or no results are returned, this is a finding.

Vulnerability Number

V-237635

Documentable

False

Rule Version

RHEL-07-010343

Severity Override Guidance

Verify the operating system requires re-authentication when using the "sudo" command to elevate privileges.

$ sudo grep -i 'timestamp_timeout' /etc/sudoers /etc/sudoers.d/*
/etc/sudoers:Defaults timestamp_timout=0

If "timestamp_timeout" is set to a negative number, is commented out, or no results are returned, this is a finding.

Check Content Reference

M

Target Key

2899

Comments