{"description": "Developers and implementers can increase the assurance in security\nfunctions by employing well-defined security policy models; structured,\ndisciplined, and rigorous hardware and software development techniques;\nand sound system/security engineering principles. Implementation may\ninclude isolation of memory space and libraries.\n\nThe Ubuntu operating system restricts access to security functions\nthrough the use of access control mechanisms and by implementing least\nprivilege capabilities.", "rationale": "Any users assigned to the sudo group would be granted administrator\naccess to the system.", "severity": "medium", "references": {"srg": ["SRG-OS-000134-GPOS-00068"], "stigid": ["UBTU-22-432015"], "stigref": ["SV-260559r958518_rule"]}, "control_references": {"stigid": ["UBTU-22-432015"]}, "components": [], "identifiers": {}, "ocil_clause": "sudo group contains users not needing access to security functions", "ocil": "Configure the sudo group with only members requiring access to security\nfunctions.\nTo remove a user from the sudo group, run:\n<pre>$ sudo gpasswd -d <i>username</i> sudo</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [{"general": "Due to the risk of removing user rights, automated remediation is\nnot available for this configuration check."}], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ensure sudo group has only necessary members", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-restrictions/password_storage/ensure_sudo_group_restricted/rule.yml", "template": null}