mediumaccess-controlverified ✓rollback-safe
Ensure sudo commands use a pseudo terminal
sudo-use-pty · RHEL ≥ 8 · 1 impl
Description
The use_pty option in sudoers configuration requires sudo to run commands in a pseudo terminal (pty). This prevents a malicious program from continuing to run after the main program has finished.
Rationale
Using a pseudo terminal with sudo prevents attackers from using background processes that survive after sudo has completed. This closes a potential attack vector where malware could fork and continue running.
Check → Remediate
Checkcommand
grep -rPh '^\s*Defaults\s+.*use_pty' /etc/sudoers /etc/sudoers.d/ 2>/dev/null | grep -v '!use_pty'
- expected_exit:
- 0
Remediateconfig_set_dropin
- dir:
- /etc/sudoers.d
- file:
- 00-kensa-use-pty
- key:
- Defaults
- value:
- use_pty
Framework references
CIS
rhel8 5.2.2rhel9 5.2.2rhel10 5.2.2
NIST 800-53
CM-6
Live verification
rhel10:checkrhel8:checkrhel9:check
#sudo#privilege-escalation#security