STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:

The Ubuntu operating system must ensure only users who need access to security functions are part of sudo group.

DISA Rule

SV-238206r653793_rule

Vulnerability Number

V-238206

Group Title

SRG-OS-000134-GPOS-00068

Rule Version

UBTU-20-010012

Severity

CAT I

CCI(s)

CCI-001084 - The information system isolates security functions from nonsecurity functions.

Weight

Fix Recommendation

Configure the sudo group with only members requiring access to security functions.

To remove a user from the sudo group, run:

$ sudo gpasswd -d <username> sudo

Check Contents

Verify the sudo group has only members who should have access to security functions.

$ grep sudo /etc/group

sudo:x:27:foo

If the sudo group contains users not needing access to security functions, this is a finding.

Vulnerability Number

V-238206

Documentable

False

Rule Version

UBTU-20-010012

Severity Override Guidance

Check Content Reference

Target Key

5318

The Ubuntu operating system must ensure only users who need access to security functions are part of sudo group.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments