The sudoers file must be configured to authenticate users on a per-tty basis.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-51241 | OSX8-00-00995 | SV-65451r1_rule | High |
| Description |
|---|
| Do not allow direct root login because the logs cannot identify which administrator logged in. Instead, log in using accounts with administrator privileges, and then use the sudo command to perform actions as root. This limits authorization to the terminal in which authentication occurred. |
| STIG | Date |
|---|---|
| Apple OS X 10.8 (Mountain Lion) Workstation STIG | 2015-02-10 |
Details
| Check Text ( C-53589r1_chk ) |
|---|
| To check if the tty_tickets option is set for sudo, run the following command: sudo grep tty_tickets /etc/sudoers If there is no result, this is a finding. |
| Fix Text (F-56041r1_fix) |
|---|
| Edit the /etc/sudoers file to contain the line "Defaults tty_tickets" |