Skip to content

5.3.5 Ensure re-authentication for privilege escalation is not disabled globally

Audit#

Verify the operating system requires users to re-authenticate for privilege escalation.

Check the configuration of the /etc/sudoers and /etc/sudoers.d/* files with the following command: 

# grep -r "^[^#].*\!authenticate" /etc/sudoers*

If any line is found with a !authenticate tag, refer to the remediation procedure below.

Remediation#

Configure the operating system to require users to reauthenticate for privilege escalation.

Based on the outcome of the audit procedure, use visudo -f <PATH TO FILE> to edit the relevant sudoers file.

Remove any occurrences of !authenticate tags in the file(s).