RHEL STIG V-71949 keeps being reported as failed on scans

Because Amazon does not set a password on Linux images, and requires users to use an SSH key to authenticate to deployed instances, we can NOT enable password-based re-authentication for Sudo sessions out of the box. You can, however, enable this on your own by following these steps:

  1. Set a password for the ec2-user account. It is recommended to use the passwd command as ec2-user, to ensure password expiration rules are enforced.

  2. Run the command "sudo su -" to become root.

  3. Run "sudoedit" to edit the /etc/sudoers file.

  4. Find the lines that contain "NOPASSWD: ALL" within this file

  5. Remove the keyword "NOPASSWD" and the trailing colon

  6. Save the file (the vi command "ZZ" will do this)


  8. Open a new terminal window, and login to your server as ec2-user

  9. Try running "sudo su -"

  10. Confirm that you are prompted for your password.

Once these steps are completed, your system will be compliant with V-71949.

¿Te ha solucionado tu duda?