← Rules Catalog
mediumaccess-controlverified

Restrict overly permissive sudo privilege escalation

sudo-restrict-privilege-escalation · RHEL ≥ 8 · 1 impl

Description

RHEL 8 must restrict privilege elevation to authorized personnel. Users with sudo access must not have unrestricted ALL=(ALL) ALL entries unless specifically justified.

Rationale

Overly broad sudo rules grant users unrestricted root access which violates least-privilege principles.

Check → Remediate

Checkcommand
# Check for overly broad sudo rules granting ALL=(ALL) ALL
result=$(grep -rE '^\s*[^#%].*ALL\s*=\s*\(ALL(:ALL)?\)\s*ALL' /etc/sudoers /etc/sudoers.d/ 2>/dev/null || true)
if [ -n "$result" ]; then
  echo "FAIL: Overly broad sudo rules found:"
  echo "$result"
  exit 1
fi
echo "OK: No unrestricted ALL=(ALL) ALL entries found"
exit 0
expected_exit:
0
Remediatemanual
note:
Review and restrict any overly broad sudo rules that grant ALL=(ALL) ALL access. Replace with specific commands and paths per least-privilege principles.

Framework references

STIG

V-281207 / RHEL-10-600520V-237641

NIST 800-53

AC-6AC-6(5)

Live verification

rhel8:check
#sudo#privilege-escalation#access-control#least-privilege