{"description": "The sudo command allows a user to execute programs with elevated\n(administrator) privileges. It prompts the user for their password\nand confirms your request to execute a command by checking a file,\ncalled sudoers.\nRestrict privileged actions by removing the following entries from the sudoers file:\n<tt>ALL ALL=(ALL) ALL</tt>\n<tt>ALL ALL=(ALL:ALL) ALL</tt>", "rationale": "If the \"sudoers\" file is not configured correctly, any user defined\non the system can initiate privileged actions on the target system.", "severity": "medium", "references": {"nist": ["CM-6(b)", "CM-6(iv)"], "srg": ["SRG-OS-000480-GPOS-00227"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "either of the commands returned a line", "ocil": "Determine if \"sudoers\" file restricts sudo access run the following commands:\n<pre>$ sudo grep -PR '^\\s*ALL\\s+ALL\\=\\(ALL\\)\\s+ALL\\s*$' /etc/sudoers /etc/sudoers.d/*</pre>\n<pre>$ sudo grep -PR '^\\s*ALL\\s+ALL\\=\\(ALL\\:ALL\\)\\s+ALL\\s*$' /etc/sudoers /etc/sudoers.d/*</pre>", "oval_external_content": null, "fixtext": "Remove the following entries from /etc/sudoers or any file in /etc/sudoers.d/*:\nALL ALL=(ALL) ALL\nALL ALL=(ALL:ALL) ALL", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 must restrict privilege elevation to authorized personnel.", "warnings": [{"general": "This rule doesn't come with a remediation, as the exact requirement allows exceptions,\nand removing lines from the sudoers file can make the system non-administrable."}], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must restrict privilege elevation to authorized personnel.", "vuldiscussion": "If the \"sudoers\" file is not configured correctly, any user defined on the system can initiate privileged actions on the target system.", "checktext": "Verify Ubuntu 22.04 restricts privilege elevation to authorized personnel with the following command:\n\n$ sudo grep -riw ALL /etc/sudoers /etc/sudoers.d/\n\nIf the either of the following entries are returned, this is a finding:\nALL     ALL=(ALL) ALL\nALL     ALL=(ALL:ALL) ALL", "fixtext": "Remove the following entries from the /etc/sudoers file or configuration file under /etc/sudoers.d/:\n\nALL     ALL=(ALL) ALL\nALL     ALL=(ALL:ALL) ALL"}}, "platform": "package[sudo]", "platforms": ["package[sudo]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_sudo"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "The operating system must restrict privilege elevation to authorized personnel", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml", "template": null}