Overview – SOE Sudo SEP 2014.

Slides:

Advertisements

Similar presentations

CIS 193A – Lesson2CIS 193A - Lesson2 Authorization & Authentication Sudo and PAM.

Advertisements

Linux Users and Groups Management

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.

Chapter 3 Rootly Powers. Computer Center, CS, NCTU 2 The Root  Root Root is God, also called super-user. UID is 0  UNIX permits the superuser to perform.

User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.

Sudo Access with Beowulf Clusters Chris Feehan CS Senior Capstone 12/18/06.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.

Introduction to Unix Administration Objectives –to identify the basic concepts of Unix administration Contents –history of Unix –unix vendors and standards.

Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

CIS 191 – Lesson 2 System Administration. CIS 191 – Lesson 2 System Architecture Component Architecture –The OS provides the simple components from which.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

Oracle 10g Database Administrator: Implementation and Administration Chapter 2 Tools and Architecture.

Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 

There are three types of users in linux  System users: ?  Super user: ?  Normal users: ?

Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.

NT4 SP4 Security Jack Schmidt - Fermilab

Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.

A Practical Guide to Fedora and Red Hat Enterprise Linux Unit 9: Basic Linux Administration Chapter 11: System Administration: Core Concepts Chapter 16:

Introduction to System Admin Sirak Kaewjamnong. 2 The system administration’s job  Adding a new user  Doing backup and restoring files from backups.

Shell Advanced Features. Module 8 Shell Advanced Features ♦ Introduction In Linux systems, the shells are often referred to as command line interfaces.

© 2007 OPNET Technologies, Inc. All rights reserved. OPNET and OPNET product names are trademarks of OPNET Technologies, Inc. An Open Source ARM 4 Implementation.

Λειτουργικά Συστήματα - Lab1 Γιάννης Πετράκης. The Operating System  Unix is a layered operating system  The innermost layer is the hardware that provides.

Lesson 3-Touring Utilities and System Features. Overview Employing fundamental utilities. Linux terminal sessions. Managing input and output. Using special.

SCSC 455 Computer Security Chapter 3 User Security.

Module 1 - Introduction to Linux. Users must log-in Linux is case sensitive File and Directories naming conventions (No spaces!) Files and Directories.

CSC414 “Introduction to UNIX/ Linux” Lecture 6. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.

SUSE Linux Enterprise Desktop Administration Chapter 9 Manage Users, Groups, and Permissions.

The Kernel At a high level, the kernel in an operating system serves as the bridge between applications and the actual data processing of the hardware.

 Last lesson, the Windows Operating System was discussed along with the Windows command shell  Unix is a computer operating system, that similarly manages.

Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK

Installation. All Rights Reserved © Alcatel-Lucent | Installation Module Objectives  Installation  Startup and process monitoring  Uninstallation.

Server Security Sudo Lars Noodén March – April 2009.

UNIX Command RTFM: sudo(8)

Security Risk Assessment Determine how important your computer is to your group ● Mission critical? ● Sensitive information? ● Expensive hardware? ● Service.

Overview – SOE Syslog-ng

Overview – SOE Cfengine v3.4.0

Overview – SOE Openssh Sep 2014.

Overview – SOE Openssh Dec 2013.

System Administration II

Overview – SOE Net-SNMP v5.7.2

Overview – TI Services September-2016.

Overview – TI Services November-2015.

Overview – SOE Net-SNMP v

ITIS 3110 System Hardening.

Overview – SOE Net-SNMP v5.7.3

Overview – SOE Changepw

“given enough eyeballs, all bugs are shallow” -Linus Torvald

SUSE Linux Enterprise Desktop Administration

Overview – SOE Rsync SEP 2014.

NTP, Syslog & Secure Shell

Sudoers Meryll Larkin - that's me Why you are here:

Andy Wang Object Oriented Programming in C++ COP 3330

Overview – SOE Sudo Dec 2013.

Rootly Powers and Controlling Processes

Overview – SOE Cfengine v3.6.5

Overview – SOE Openssh v7.1p1

Overview – SOE PatchTT December 2013.

Chapter 11: Managing Users

Overview – SOE Sudo September 2016.

Overview – SOE Dssh September 2016.

Overview – SOE Sudo November 2015.

Overview – SOE Lsof v4.87 Dec 2013.

Chapter 3 Rootly Powers.

Linux Users and Groups Management

IS3440 Linux Security Unit 3 User Account Management

Transarc AFS Client for NT

Periodic Processes Chapter 9.

Module 13 System and User Security

Rootly Powers Chapter 3.

Adding New Users.

Presentation transcript:

Overview – SOE Sudo SEP 2014

What is SOE Sudo? Sudo (su "do") allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. Users and commands can be defined in sudo configuration file /etc/sudoers Sudo access can be monitored by /var/[adm/log]/sudo.log (Default path) Allows users to run programs with the security privileges of another user A highly configurable tool Allows for Least Privilege methodology Logs each command run

Why do you Need Sudo? UNIX root account is all or nothing Want everyone to have the root password? Want to have to change it every time one of those folks leave? Want to give selective root access by user/machine/command? Want to know what someone did as root? Can also be used to control others users ... but we don`t use that yet UnixSOE Enterprise Suite v9.0 Sudo can help you with all of these dilemma`s!

SOE Sudo command line options -b (background) : To run the given command in the background -E (preserve environment) : user wishes to preserve their existing environment variables -h (help) option causes sudo to print a short help message to the standard output and exit -k (kill) option to sudo invalidates the user's cached credentials -n (non-interactive) : This option prevents sudo from prompting the user for a password the -l (list) option will list the allowed (and forbidden) commands for the invoking user on the current host The -s (shell) : option runs the shell specified by the SHELL environment variable -v (validate) option : sudo will update the user's cached credentials, authenticating the user's password if necessary. The -- option indicates that sudo should stop processing command line arguments

Examples of SOE sudo Execute ‘su’ command using Sudo $ /opt/soe/local/bin/sudo su To get a file listing of an unreadable directory: $ /opt/soe/local/bin/sudo ls /usr/local/protected To edit the index.html file as user www $ /opt/soe/local/bin/sudo -u www vi ~www/htdocs/index.html To shutdown a machine: $ /opt/soe/local/bin/sudo shutdown -r +15 "quick reboot“ To run an editor as xxx with a different primary group : $ /opt/soe/local/bin/sudo -u xxx -g audio vi ~xxx/sound.txt To view system logs only accessible to root and users in the adm group: $ /opt/soe/local/bin/sudo -g adm view /var/log/syslog To make a usage listing of the directories in the /home partition: $ /opt/soe/local/bin/sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"

Sample /etc/sudoers #; /etc/sudoers #; Sample sudoers file #; Host aliases, in the form of subnets or (eek!) hostnames. Host_Alias DPUNET = 140.192.0.0/16 #; User aliases User_Alias SYSTEM_ADMIN = nancy, drew #; RunAs aliases; what privileges are given to the sudoee Runas_Alias DBA = oracle #; Command aliases. What people can do. Cmnd_Alias SU = /usr/bin/su, /usr/bin/sudo # Defaults specification Defaults syslog=auth,log_year,logfile=/var/log/sudo.log #; Root can do anything w/o a password. root ALL = (ALL) NOPASSWD: ALL #; Nancy can do anything on the private network EXCEPT for su and visudo. nancy PRIVNET = (ALL) ALL,!SU,!VISUDO #; On the shell servers, student can reset passwords except for root's password. STUDENT SHELLSERVER = (ALL) PASSWORD

SOE sudo – Supported OS Operating System Version Architecture Sun Solaris 8 Sun Sparc Solaris 9 Solaris 10 Sun Sparc/x86-64 Architecture Solaris 11 HP-UX HP-UX11i HP PA-RISC HP-UX11i V2 (11.23) HP PA-RISC/ HP Itanium HP-UX11i V3 (11.31) AIX AIX 5.3 IBM pSeries AIX 6.1 AIX 7.1

UnixSOE Sudo-1.8.10p3– What is New? New features Removed a warning on PAM systems with stacked auth modules where the first module on the stack does not succeed. Fixed expansion of the %p escape in the prompt for "sudo -l" when rootpw, runaspw or targetpw is set. Bug #639. Fixed matching of uids and gids which was broken in version 1.8.9. Bug #640. PAM credential initialization has been re-enabled. It was unintentionally disabled by default in version 1.8.8. The way credentials are initialized has also been fixed. Bug #642. Fixed a descriptor leak on Linux when determing boot time. Sudo normally closes extra descriptors before running a command so the impact is limited. Bug #645. Fixed flushing of the last buffer of data when I/O logging is enabled. This bug, introduced in version 1.8.9, could cause incomplete command output on some systems. Bug #646.

Product Support Helpline Questions & Feedback Product Support Helpline unixsoe@csc.com