Skip to content

5.3.4 Ensure users must provide password for privilege escalation

Audit#

Note: If passwords are not being used for authentication, this is not applicable.

Verify the operating system requires users to supply a password for privilege escalation. Check the configuration of the /etc/sudoers and /etc/sudoers.d/* files with the following command: 

# grep -r "^[^#].*NOPASSWD" /etc/sudoers*

If any line is found refer to the remediation procedure below.

Remediation#

Based on the outcome of the audit procedure, use visudo -f <PATH TO FILE> to edit the relevant sudoers file.

Remove any line with occurrences of NOPASSWD tags in the file.