From MAC OSX 10.6 Workstation Security Technical Implementation Guide
Part of OSX00110-Restrict sudo usage
Associated with IA controls: ECSC-1
Do not allow direct root login because the logs cannot identify which administrator logged in. Instead, log in using accounts with administrator privileges, and then use the sudo command to perform actions as root. These limit the use of the sudo command to a single command per authentication and also ensure, even if a timeout is activated, that later sudo commands are limited to the terminal in which authentication occurred.
Open a terminal session and use the following command to view the values. grep Defaults /etc/sudoers Ensure the following items exist: "Defaults tty_tickets" and "Defaults timestamp_timeout=0" If the values are not present, this is a finding.
Open a terminal session and enter the following commands to set the values in the /etc/sudoers file. VISUAL=pico visudo Enter the following two lines in the file. Defaults tty_tickets Defaults timestamp_timeout=0 Save and exit the file.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer