STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM AIX 7.x Security Technical Implementation Guide

V-215261

CAT II (Medium)

AIX must remove !authenticate option from sudo config files.

Rule ID

SV-215261r1050789_rule

STIG

IBM AIX 7.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-004895CCI-002038

Discussion

sudo command does not require reauthentication if !authenticate option is specified in /etc/sudoers config file, or config files in /etc/sudoers.d/ directory. With this tag in sudoers, users are not required to reauthenticate for privilege escalation.

Check Content

If sudo is not used on AIX, this is Not Applicable.

Run the following command to find "!authenticate" option in "/etc/sudoers" file:
# grep "!authenticate" /etc/sudoers

If there is a "!authenticate" option found in "/etc/sudoers" file, this is a finding.

Run the following command to find "!authenticate" option in one of the sudo config files in "/etc/sudoers.d/" directory:
# find /etc/sudoers.d -type f -exec grep -l "!authenticate" {} \;

The above command displays all sudo config files that are in "/etc/sudoers.d/" directory and they contain the "!authenticate" option.

If above command found a config file that is in "/etc/sudoers.d/" directory and that contains the "!authenticate" option, this is a finding.

Fix Text

Edit "/etc/sudoers" using "visudo" command to remove all the "!authenticate" options:
# visudo -f /etc/sudoers

Editing a sudo config file that is in "/etc/sudoers.d/" directory and contains "!authenticate" options, use the "visudo" command as follows:
# visudo -f /etc/sudoers.d/<config_file_name>