STIGQter: STIG Summary: Apple OS X 10.15 (Catalina) Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 23 Apr 2021:

The macOS system must be configured with the sudoers file configured to authenticate users on a per -tty basis.

DISA Rule

SV-225218r610901_rule

Vulnerability Number

V-225218

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

AOSX-15-004021

Severity

CAT I

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Edit the "/etc/sudoers" file to contain the line:

Defaults tty_tickets

This line can be placed in the defaults section or at the end of the file.

Check Contents

To check if the "tty_tickets" option is set for "/usr/bin/sudo", run the following command:

/usr/bin/sudo /usr/bin/grep tty_tickets /etc/sudoers

If there is no result, this is a finding.

Vulnerability Number

V-225218

Documentable

False

Rule Version

AOSX-15-004021

Severity Override Guidance

To check if the "tty_tickets" option is set for "/usr/bin/sudo", run the following command:

/usr/bin/sudo /usr/bin/grep tty_tickets /etc/sudoers

If there is no result, this is a finding.

Check Content Reference

Target Key

4212

The macOS system must be configured with the sudoers file configured to authenticate users on a per -tty basis.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments