It is very difficult to restrict sudo -s or su -. After struggling a lot , I found way to restrict it.
I am assuming that you have sudo implementation knowledge.
The Impact of sudo on Unix System Security
1) `sudo` improves on `su` in several ways:
2) `sudo` allows you to give privileged access to only some commands, instead of all commands.
3) `sudo` allows you to log all commands (and their arguments) executed as the privileged user.
4) `sudo` does not require the administrator to share the root password.
5) `sudo` allows you to limit the users who can use it by editing the sudoers file.
6) `sudo` times out after 5 minutes (by default).
Tips:
1. How to restrict sudo -s
If username is user1 then add following configuration in sudoers file
user1 ALL=(root) NOPASSWD:/usr/sbin/a*,(root)NOPASSWD:/usr/sbin/[c-r]*,(root) NOPASSWD:/usr/sbin/[t-z]*,(root) NOPASSWD:/usr/bin/a*,(root) NOPASSWD:/usr/bin/[c-r]*,(root) NOPASSWD:/usr/bin/[tuwxyz]*,(root) NOPASSWD:/bin/a*,(root) NOPASSWD:/bin/[c-r]*,(root) NOPASSWD:/bin/[tuvwxyz]*
Above file
1) Restrict any command in /usr/sbin , /bin and /bin/bin who alphabet starts from b,v,s ( i.e bash,vi,sudo and su etc )
2) It will not ask for password
2) How to log the usage ?
Add following line to sudoers files.
Defaults logfile=/var/adm/sudolog
Subscribe to:
Post Comments (Atom)
3 comments:
Hi Mahendra,
Good start. keep update as and when you come accross problem and find the solutions.
Bala.
Very nice information. Thanks.
Vikas.
nice artical
Chetan
Post a Comment