Security
What you most likely did not know about sudo…
Everybody knows sudo, right? Sudo allows a system administrator to give certain users
the ability to run some commands as root, while logging the executed commands and their arguments. It is installed by default on almost all Linux systems, and is available for most commercial UNIX systems. Still, even system administrators often only know it is the “prefix” to use before entering a command requiring root privileges. Learn how much more this simple looking tool can do!
Everybody knows sudo, right? Sudo allows a system administrator to give certain users the ability to run some commands as root, while logging the executed commands and their arguments. It is installed by default on almost all Linux systems, and is available for most commercial UNIX systems. Still, even system administrators often only know it is the “prefix” to use before entering a command requiring root privileges. Learn how much more this simple looking tool can do!
Most of the times the default configuration allows a group of users to run any commands:
%wheel ALL=(ALL) ALL
It’s a good first step, better than using the root account directly. This way you can trace who ran what commands on the system. But there are a lot more possibilities when configuring sudo, making your system more secure.
Life is simple when when you have to give access a single user to a single command. But as soon as you have multiple users with the same access rights, it is not just shorter but also easier to maintain, if you use aliases.
For added security, you can add a hash of binaries to sudo. This way if the binary changes for any reasons, like modifying it through a successful exploit, you can prevent it from being used.
Using sudo does not make much sense without proper logging and alerting. There are three major possibilities:
- syslog: all events are logged to syslog. For additional security, collect sudo logs centrally, so a malicious user cannot delete them easily.
- e-mail: sudo can send e-mail alerts on different kinds of failures
- debug: in depth logging of subsystems, mostly useful for developers
Session recording is a fourth possibility. The terminal output can be saved in a local file and played back. You can play back what happened, even if the user started up an interactive shell.
Instead of maintaining the sudoers file on each of your systems, you can use LDAP to configure sudo. It has some differences compared to a sudoers file, but also many advantages:
- local users cannot manipulate the rules,
- is easier to maintain,
- goes live immediately.
Starting with version 1.8, sudo has a plugin-based architecture. You can replace or extend sudo functionality using plugins. This way users can keep starting applications the usual way using sudo, but have a different configuration or policy engine behind the sudo command. There are both open source and commercial plugins available. For example the sudo_pair plugin – developed in Rust – enables monitoring and makes it possible to require interactive approval of sessions.
As you can see, sudo has several lesser-known features that can make monitoring and access management easier for large organizations.
Additional information
| Type | devroom |
|---|
More sessions
| 2/1/20 |
What threats do we need to take into account when building a system? A key method for answering this question is an approach called threat modelling, whereby security problems can be anticipated during the design phase. This talk discusses major threat-modelling approaches, and includes concrete examples of how to apply them to software-intensive systems.
|
| 2/1/20 |
Management of allowed cryptographical algorithms to disallow algorithms not allowed due to weaknesses or restrictions by certification standards is complicated task. The talk will introduce system-wide crypto-policies concept and implementation as an attempt to help system administrators with this task. This talk replaces "OSINT" talk which was schedulled initially, but David Busby could not attend on the short notice.
|
| 2/1/20 |
Security vulnerabilities are still very common in todays software. Formal methods could improve the situation, but program verification remains a complex and time-consuming task. Often, the verification of existing software is infeasible and a complete rewrite can be prohibitively expensive. Both, however, is not necessarily required to improve on the current state. By replacing critical parts of an existing software by verified code, security can be strengthened significantly with moderate ...
|
| 2/1/20 |
Spectre-type attacks are a real threat to secure systems because a successful attack can undermine even an application that would be traditionally considered safe. SpecFuzz is the first tool that enables fuzzing for such vulnerabilities.
|
| 2/1/20 |
Linux Syscalls can be used as an entrypoint to do security analysis on Linux. However reading and processing every system call in userspace creates a very unique set of challenges. In this talk we are going to see exactly what those challenges are and how we solved them in the Falco project.
|
| 2/1/20 |
In this presentation we take under consideration the increased use of Docker in corporate environments. It is a fact that Docker has found wide spread of use during the past years, mostly because of it being very easy to use , economic w.r.t resources used, fast and easy to deploy when compared with a full blown virtual machine. More and more servers are being operated as Docker hosts on which micro-services run in containers. From a security point of view, two aspects of it arise in the context ...
|
| 2/1/20 |
Protocols in symmetric cryptography are often built from block ciphers, with a fixed input and output size, while variable sizes are handled through their modes of use. Incrementality, namely, the ability to efficiently compute the output for increasing inputs, or to request longer outputs, is often a property of the implementation rather than an explicit feature of a mode. A doubly-extendable cryptographic keyed (or deck) function is a new kind of object that makes incrementality an integral ...
|
