CIS-CAT assessment hangs when running an Ubuntu remote assessment

Owned by Chris Boldiston, created
Last updated: Jun 04, 2021
1 min read

Product Name

CIS-CAT Pro Assessor v4

Product Version

All

Date

Jun 2, 2021

 

Problem

Ubuntu patched a security vulnerability in sudo.  With this patch in place, sudo performs a hostname lookup when called.  If this lookup doesn’t return a timely result sudo will take an unexpectedly long time to respond thus causing a CIS-CAT remote assessment to “hang”.

The patch impacts the following Ubuntu versions;

  • Ubuntu 20.04

  • Ubuntu 18.04

  • Ubuntu 16.04

 

Solution

  1. Run the command “hostnamectl status” and note the Static hostname of the system

  2. Review the file “/etc/nsswitch” and verify that “hosts” line list “files” as the first option

  3. Edit the file “/etc/hosts” and add the static hostname of the system as the first option on the lines beginning with “127.0.0.1” and “::1”.  Example: “127.0.0.1  myhost.mydomain.com myhost  localhost”

 

Systems not running IPv6 will not have a line beginning with “::1” in the “/etc/hosts” file.

If a line beginning with “127.0.0.1” does not exist of a system with IPv4 enabled, add this line to the “/etc/hosts” file

Keywords;

Content by Label

Copyright © 2020

Center for Internet Security®