[NCLUG] Re: Who uses SUDO on production machines?

Chad Perrin perrin at apotheon.com
Mon Mar 19 01:17:21 MDT 2007


On Mon, Mar 19, 2007 at 12:39:37AM -0600, Sean Reifschneider wrote:
> On Sun, Mar 18, 2007 at 09:36:42PM -0600, John L. Bass wrote:
> >The problem, is that when you retract a sudo password, you are also never
> >sure that the user didn't install a backdoor. You grant sudo access to users
> 
> Of course, that goes without saying...  That's why I didn't say it.  :-)
> Any time you give someone enhanced access, they could use that both now and
> in the future.
> 
> Of course, you could also be logging the sudo commands to a remote machine
> which is secured against the untrusted trusted users, and in that way you
> should be able to detect things that would be the start of a compromise.
> You'd need to run some things in restricted mode so users can't jump out of
> vim to run unlogged commands, or at least a shell that acts as a wrapper
> and logs similarly.

I tend to prefer an anonymous logging server, using a packet sniffer to
intercept logging information sent to an IP address that doesn't exist
on the network, to solve that problem.

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
"It's just incredible that a trillion-synapse computer could actually
spend Saturday afternoon watching a football game." - Marvin Minsky



More information about the NCLUG mailing list