← Rules Catalog
mediumaccess-controlverified rollback-safe

Ensure sudo commands use a pseudo terminal

sudo-use-pty · RHEL ≥ 8 · 1 impl

Description

The use_pty option in sudoers configuration requires sudo to run commands in a pseudo terminal (pty). This prevents a malicious program from continuing to run after the main program has finished.

Rationale

Using a pseudo terminal with sudo prevents attackers from using background processes that survive after sudo has completed. This closes a potential attack vector where malware could fork and continue running.

Check → Remediate

Checkcommand
grep -rPh '^\s*Defaults\s+.*use_pty' /etc/sudoers /etc/sudoers.d/ 2>/dev/null | grep -v '!use_pty'
expected_exit:
0
Remediateconfig_set_dropin
dir:
/etc/sudoers.d
file:
00-kensa-use-pty
key:
Defaults
value:
use_pty

Framework references

CIS

rhel8 5.2.2rhel9 5.2.2rhel10 5.2.2

NIST 800-53

CM-6

Live verification

rhel10:checkrhel8:checkrhel9:check
#sudo#privilege-escalation#security