Details

sudo can be configured to run only from a psuedo-pty

Rationale:

Attackers can run a malicious program using sudo which would fork a background process that remains even when the main program has finished executing.

Impact:

editing the sudo configuration incorrectly can cause sudo to stop functioning.

Solution

edit the file /etc/sudoers or a file in /etc/sudoers.d/ with visudo -f and add the following line:

Defaults use_pty

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3372

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management, Identification and Authentication.This control applies to the following type of system Unix.

References

• 800-53|CM-1
• 800-53|CM-2
• 800-53|CM-6
• 800-53|CM-7
• 800-53|IA-5
• CSCv7|5.1

Source

• Tenable.com/audits