The Red Hat Enterprise Linux operating system must restrict privilege elevation to authorized personnel.

STIG ID: RHEL-07-010341  |  SRG: SRG-OS-000480-GPOS-00227 | Severity: medium |  CCI: CCI-000366

Vulnerability Discussion

The sudo command allows a user to execute programs with elevated (administrator) privileges. It prompts the user for their password and confirms your request to execute a command by checking a file, called sudoers. If the "sudoers" file is not configured correctly, any user defined on the system can initiate privileged actions on the target system.

Check

Verify the "sudoers" file restricts sudo access to authorized personnel.
$ sudo grep -iw 'ALL' /etc/sudoers /etc/sudoers.d/*

If the either of the following entries are returned, this is a finding:
ALL ALL=(ALL) ALL
ALL ALL=(ALL:ALL) ALL

Fix

Remove the following entries from the sudoers file:
ALL ALL=(ALL) ALL
ALL ALL=(ALL:ALL) ALL
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.