STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide

V-269360

CAT II (Medium)

AlmaLinux OS 9 must require users to provide a password for privilege escalation.

Rule ID

SV-269360r1101822_rule

STIG

Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide

Version

V1R6

CCIs

CCI-002234

Discussion

Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, it is critical the user re-authenticate.

Check Content

Verify that the sudo configuration files have no occurrences of "NOPASSWD" with the following command:

$ sudo grep -iR 'NOPASSWD' /etc/sudoers /etc/sudoers.d/

If any occurrences of "NOPASSWD" are returned from the command and have not been documented with the information systems security officer (ISSO) as an organizationally defined administrative group using multifactor authentication (MFA), this is a finding.

Fix Text

Configure AlmaLinux OS 9 to not allow users to execute privileged actions without authenticating with a password.

Remove any occurrence of "NOPASSWD" found in the "/etc/sudoers" file or files in the "/etc/sudoers.d" directory using the following command:

$ sed -i '/NOPASSWD/ s/^/# /g' /etc/sudoers /etc/sudoers.d/*