STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 6 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to SLES 12 Security Technical Implementation Guide

V-217112

CAT I (High)

The SUSE operating system must reauthenticate users when changing authenticators, roles, or escalating privileges.

Rule ID

SV-217112r1050789_rule

STIG

SLES 12 Security Technical Implementation Guide

Version

V3R2

CCIs

SV-91763

Discussion

Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When SUSE operating system provide the capability to change user authenticators, change security roles, or escalate a functional capability, it is critical the user reauthenticate. Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPOS-00158

Check Content

Verify that the SUSE operating system requires reauthentication when changing authenticators, roles, or escalating privileges.

Check that "/etc/sudoers" has no occurrences of "NOPASSWD" or "!authenticate" with the following command:

> sudo egrep -i '(nopasswd|!authenticate)' /etc/sudoers

If any uncommented lines containing "!authenticate", or "NOPASSWD" are returned and active accounts on the system have valid passwords, this is a finding.

Fix Text

Configure the SUSE operating system to remove any occurrence of "NOPASSWD" or "!authenticate" found in the "/etc/sudoers" file. If the system does not use passwords for authentication, the "NOPASSWD" tag may exist in the file.