tyler.durden
/
harbian-audit
mirror of https://github.com/hardenedlinux/harbian-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/hardenedlinux/harbian-audit

This commit is contained in:
Samson-W 2018-09-16 04:27:48 +08:00
parent c7ad465d04 dc5e013b0d
commit a99b694f07
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd
View File

@ -428,6 +428,26 @@ Configure non-compliant accounts to enforce a 60-day maximum password lifetime r
# chage -M 60 [username]
```
## 10.1.7 Remove(Replace) NOPASSWD to PASSWD in the sudoers config file (Scored)
### Profile Applicability
Level 3
### Description
Users must provide a password for privilege escalation.
### Rationale
Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, it is critical the user re-authenticate.
### Aduit
If passwords are not being used for authentication, this is Not Applicable. Verify the operating system requires users to supply a password for privilege escalation. Check the configuration of the "/etc/sudoers" and "/etc/sudoers.d/*" files with the following command:
```
# grep -i nopasswd /etc/sudoers /etc/sudoers.d/*
```
If any uncommented line is found with a "NOPASSWD" tag, this is a finding.
### Remediation
Replace any occurrences of "NOPASSWD" tags to "PASSWD" tags in the file.
template