usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 05:53:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
Files
fd7cb2755f90869c74c47c22554d4e702baa8e4f
macos_security/rules/os/os_sudo_timeout_configure.yaml
Bob Gendler c611798fc5 Updated to add chmod 440 to file
2025-12-05 16:17:15 -05:00

58 lines
1.2 KiB
YAML
Raw Blame History

id: os_sudo_timeout_configure
title: Configure Sudo Timeout Period to $ODV
discussion: |
The file /etc/sudoers _MUST_ include a timestamp_timeout of $ODV.
check: |
/usr/bin/sudo /usr/bin/sudo -V | /usr/bin/grep -c "Authentication timestamp timeout: $ODV.0 minutes"
result:
integer: 1
fix: |
[source,bash]
----
/usr/bin/find /etc/sudoers* -type f -exec sed -i '' '/timestamp_timeout/d' '{}' \;
/bin/echo "Defaults timestamp_timeout=$ODV" >> /etc/sudoers.d/mscp
/bin/chmod 440 /etc/sudoers.d/mscp
----
references:
cce:
- CCE-95317-4
cci:
- CCI-002038
800-53r5:
- N/A
800-53r4:
- N/A
srg:
- SRG-OS-000373-GPOS-00156
disa_stig:
- APPL-26-004022
cis:
benchmark:
- 5.4 (level 1)
controls v8:
- 4.3
macOS:
- '26.0'
odv:
hint: Number of minutes.
recommended: 0
cis_lvl1: 0
cis_lvl2: 0
stig: 0
tags:
- 800-53r5_low
- 800-53r5_moderate
- 800-53r5_high
- cis_lvl1
- cis_lvl2
- cisv8
- stig
severity: medium
mobileconfig: false
mobileconfig_info:
ddm_info:
declarationtype: com.apple.configuration.services.configuration-files
service: com.apple.sudo
config_file: sudoers
configuration_key: Defaults timestamp_timeout=
configuration_value: $ODV
Reference in New Issue View Git Blame Copy Permalink