[NCLUG] Re: Who uses SUDO on production machines?

[Bob Proulx]

John L. Bass wrote:
> I've always removed sudo from security critical production machines.
> I'm currious who installs it for security reasons and why.

Well, there are security-critical machines and there are Security
Critical Machines.  So much depends upon your definitions and
particular cases.  Most cases in my experience are prioritized as high
reliability critical over non-compromising security critical.  The
owners don't want to have a remote root exploit take the machine
down.  They are willing to live with the actions of the people they
can see and talk to who work on the machine.

The only 100% secure solution is to image the system, put the media in
a security vault, and power off the computer and destroy it.  Only in
that situation can I guarantee that image will remain secure.  But
that is more security than most people want.

Generally yes I always install and configure sudo.  This means that
the root password is not shared among the critical admins of the
critical security machines.  By definition you must trust the admin,
right?  Using sudo makes one thing easier and that is the (non)
sharing of passwords.  Using sudo means that individual users are
tracked when the log into the machine.  There is improved logging for
when users execute superuser commands.  (Although I do often find
running 'sudo bash' to be the most productive way to do some things
and no logging in that case, oh well.)

What alternative to using sudo do you use?  A shared root password?
Using ssh rsa keys to log into a server as a priviledged user?
Superuser access only from a secure physical console?

For machines that critical production servers then I think most
important is to have a plan to do a bare metal recovery within a
reasonable time frame if that becomes required for some reason.  That
may be hot spares.  That may be good backup media.  That may be a plan
to rebuilt from pristine install media (my personal favorite method)
and recreation by overlay.

Bob