Require root password when executing "sudo -s"

ssh security sudo centos centos7

I have a CentOS 7 server on AWS.

When logged in with the centos user, how can I prevent sudo -s logging in to root without requiring root's password?

[root@server ~]# cat /etc/sudoers | grep rootpw
Defaults rootpw
[root@server ~]# getent group wheel
wheel:x:10:centos
[root@server ~]# gpasswd -d centos wheel
Removing user centos from group wheel
[root@server ~]# getent group wheel
wheel:x:10:
[root@server ~]# su centos
[centos@server root]$ sudo -s
[root@server ~]# !!!!!!!!!!!!!!!!

sudo always uses the user account's password. If user has sudo privileges, then the user can execute commands as root, after entering his own password in the sudo prompt.

In your example, you are seeing the effects of sudo ticket validity period. Once sudo is run for the first time, it asks for a password. After that, it creates a ticket that is valid for a certain time. During this time, sudo does not ask for password.

If you want to change this behavior, you can disable the ticket by adding

Defaults     timestamp_timeout=0

to /etc/sudoers configuration file.

Related

How to show that if $x, y, z\in\mathbb R^n$ and $\langle x, z\rangle=\langle y, z\rangle=0\implies x=\lambda y$?
Every closed set is a boundary [duplicate]
Understanding a proof of Wedderburn in Topics in algebra
Power series of $\frac{x+1}{x^2+5}$
Orthogonal projection of a point onto a line
How far can I go with the integral $\int \frac{\sin ^{n} x \cos ^{n} x}{1-\sin x \cos x} d x, $ where $n\in N$?
Calculate conditional expectation with respect to a sigma algebra
Uniformly equicontinuous sequence of functions that does not converge uniformly
Homomorphism $\psi$ from $S_3$ to $S_4$ [duplicate]
Prove $4^{n} -1$ is divisible by $3$ for all $n\geq1$ [duplicate]
Why are the domain and image of $F(x) = \sqrt{1-\cosh(x)}$ only $\{0\}$? [closed]
How do I Overload operators for a C++ class [duplicate]