UCF STIG Viewer Logo

The SUSE operating system must reauthenticate users when changing authenticators, roles, or escalating privileges.


Finding ID Version Rule ID IA Controls Severity
V-234853 SLES-15-010450 SV-234853r854199_rule High
Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When the SUSE operating system provides the capability to change user authenticators, change security roles, or escalate a functional capability, it is critical the user reauthenticate. Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158
SUSE Linux Enterprise Server 15 Security Technical Implementation Guide 2022-12-07


Check Text ( C-38041r618828_chk )
Verify that the SUSE operating system requires reauthentication when changing authenticators, roles, or escalating privileges.

Check that "/etc/sudoers" has no occurrences of "NOPASSWD" or "!authenticate" with the following command:

> sudo egrep -i '(nopasswd|!authenticate)' /etc/sudoers

If any uncommented lines containing "!authenticate", or "NOPASSWD" are returned and active accounts on the system have valid passwords, this is a finding.
Fix Text (F-38004r618829_fix)
Configure the SUSE operating system to remove any occurrence of "NOPASSWD" or "!authenticate" found in the "/etc/sudoers" file. If the system does not use passwords for authentication, the "NOPASSWD" tag may exist in the file.