Quote:
Originally Posted by
Corona688
The problem is the use of "default permit". Like in a firewall, this opens not just a security hole but all possible security holes. Whenever they think of a new way to get root shells you haven't thought of, they will be able to do it.
Block everything by default. Remove the allow-everything sudo rule. The only holes in the configuration will be ones you open.
Then make individual sudo rules to allow only the few things they actually need.
Thank you for the reply,
Yes I realize that from a security standpoint, your recommendation is the best approach. I'm the senior HP-UX admin here, and all the users that have sudo access are Junior admins, so we're all on the same team. The Junior admins really need to have access to just about everything that root can do, because they need to manage things when I'm out on vacation or whatever, and they need to try things on their own and learn the systems. These are dev & test servers, not production.
I trust them not to break things (too much), I just want there to be an audit trail of who ran what and when, when it comes to privileged commands.
A black list of just a hand ful of items is sure easier to manage than a white list with thousands of things on it.
So yes I understand your recommendation, but in my particular situation, it isn't of great concern if they find another way to get a root shell, I'll just add it to the black list. These Jr. admins aren't super savy hacker types, they mostly just use google and try the first 2 or 3 things they come across.