1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
documentation_complete: true
title: 'Ensure That the sudo Binary Has the Correct Permissions'
description: |-
{{{ describe_file_permissions("/usr/bin/sudo", "4110") }}}
In order to use this rule, the group owner for /usr/bin/sudo needs to be changed to a
group other than root to effectively limit access to sudo.
rationale: |-
The sudoers program should only be usable by people who have the correct permissions.
identifiers:
cce@rhel8: CCE-86950-3
cce@rhel9: CCE-86951-1
cce@rhel10: CCE-88124-3
severity: medium
platform: package[sudo]
template:
name: "file_permissions"
vars:
filepath: "/usr/bin/sudo"
filemode: '4110'
allow_stricter_permissions: false
|
