Rule ID
SV-279599r1192563_rule
Version
V1R1
CCIs
Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to change security roles, it is critical that the user reauthenticate.
For AHV, this requirement is Not Applicable. Confirm Nutanix OS is configured as shown for reauthentication in the sudoers file: $ grep -i nopasswd /etc/sudoers /etc/sudoers.d/* If any occurrences of "NOPASSWD" are returned from the command and have not been documented with the information system security officer (ISSO) as an organizationally defined administrative group using multifactor authentication (MFA), this is a finding.
Remove occurrences of "NOPASSWD" found. 1. For AOS, use the following command. salt-call state.sls security/CVM/manualCVM 2. For Prism Central, use the following command. salt-call state.sls security/PCVM/manualPCVM 3. For Files, use the following command. salt-call state.sls security/AFS/manualAFS 4. The AHV hypervisor does not support local interactive user accounts. AHV has been designed and configured to run essentially headless. The only accounts allowed on AHV are the pre-configured system accounts.