Nutanix AOS must require users to reauthenticate for privilege escalation.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-254204 | NUTX-OS-001170 | SV-254204r846700_rule | Medium |
| Description |
|---|
| Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, it is critical the user reauthenticate. Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158 |
| STIG | Date |
|---|---|
| Nutanix AOS 5.20.x OS Security Technical Implementation Guide | 2022-08-24 |
Details
| Check Text ( C-57689r846698_chk ) |
|---|
| Confirm Nutanix AOS is configured as shown for reauthentication in the sudoers file. $ grep -i nopasswd /etc/sudoers /etc/sudoers.d/* If any occurrences of "NOPASSWD" are returned from the command and have not been documented with the Information System Security Officer (ISSO) as an organizationally defined administrative group utilizing MFA, this is a finding. |
| Fix Text (F-57640r846699_fix) |
|---|
| If any occurrences of "NOPASSWD" found are not documented with the ISSO need to be removed. Configure Nutanix AOS to meet this requirement run the following command: salt-call state.sls security/CVM/manualCVM |