STIGQter: STIG Summary: Apple macOS 11 (Big Sur) Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The macOS system must be configured with the sudoers file configured to authenticate users on a per -tty basis.

DISA Rule

SV-230844r599842_rule

Vulnerability Number

V-230844

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

APPL-11-004021

Severity

CAT I

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Edit the "/etc/sudoers" file to contain the line:

Defaults tty_tickets

This line can be placed in the defaults section or at the end of the file.

Check Contents

To check if the "tty_tickets" option is set for "/usr/bin/sudo", run the following command:

/usr/bin/sudo /usr/bin/grep tty_tickets /etc/sudoers

If there is no result, this is a finding.

Vulnerability Number

V-230844

Documentable

False

Rule Version

APPL-11-004021

Severity Override Guidance

To check if the "tty_tickets" option is set for "/usr/bin/sudo", run the following command:

/usr/bin/sudo /usr/bin/grep tty_tickets /etc/sudoers

If there is no result, this is a finding.

Check Content Reference

Target Key

5246

The macOS system must be configured with the sudoers file configured to authenticate users on a per -tty basis.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments