STIGQter STIGQter: STIG Summary: Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 Mar 2021:

The Ubuntu operating system must ensure only users who need access to security functions are part of sudo group.

DISA Rule

SV-238206r653793_rule

Vulnerability Number

V-238206

Group Title

SRG-OS-000134-GPOS-00068

Rule Version

UBTU-20-010012

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure the sudo group with only members requiring access to security functions.

To remove a user from the sudo group, run:

$ sudo gpasswd -d <username> sudo

Check Contents

Verify the sudo group has only members who should have access to security functions.

$ grep sudo /etc/group

sudo:x:27:foo

If the sudo group contains users not needing access to security functions, this is a finding.

Vulnerability Number

V-238206

Documentable

False

Rule Version

UBTU-20-010012

Severity Override Guidance

Verify the sudo group has only members who should have access to security functions.

$ grep sudo /etc/group

sudo:x:27:foo

If the sudo group contains users not needing access to security functions, this is a finding.

Check Content Reference

M

Target Key

5318

Comments