Details
The file /etc/sudoers _MUST_ be configured to include tty_tickets.
This rule ensures that the “sudo” command will prompt for the administrator’s password at least once in each newly opened terminal window. This prevents a malicious user from taking advantage of an unlocked computer or an abandoned logon session by bypassing the normal password prompt requirement. Without the “tty_tickets” option, all open local and remote logon sessions would be authenticated to use sudo without a password for the duration of the configured password timeout window.
Solution
Run the following bash code
/bin/cp /etc/sudoers /etc/sudoers.bk; /bin/echo "Defaults tty_tickets" >> /etc/sudoers
----
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management, Identification and Authentication.This control applies to the following type of system Unix.
References
- 800-53|CM-5(1)
- 800-53|CM-6b.
- 800-53|IA-11
- CCE|CCE-91015-8, CCI|CCI-000366