Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
1. I need to give 2 users the same rights as root. The policy in place in our company is that you are not meant to use admin accounts. you have to have accounts with those rights so that actions can be accountable to a person.
2. I need to be able to set up a user that can administer other users passwords. I need a user to have persmissions to be able to reset passwords of other users so that a root login is not needed.
Any help would be appreciated, but please bear in mind i am trying not to use the root account or the su command.
Just had this thought of a Windows security person trying to say how a *nix system should run...
It sounds like you want 2 accounts that are root equivalents and it also sounds like these 2 accounts will have people logged in so they are basically root all the time. (back to the all users are admins in windows...)
There are other things that I would rather do than have 2 people always running with root privelages... restrict root so users cannot directly log in as root, set up a script to email you every time someone logs in to root, archive/send to another source /var/log/messages, probably more but I'm still waking up.
I worked at one company that had some AIX systems running where occasionally the DBAs would need to run a root command. They used something like sudo except everytime they ran the command an email was sent to the system administrators at the moment it was run. The email contained the command that was issued. This would be my preference instead of having 2 users running with root privs.
Thanks for the help I think the sudo command will work for the password admins.
I am not sure if it would for the administrators though (yes you are getting visions of Windows). The accounts with root privileges would only be used when it is needed to login and perform an admin task (Adding printers etc) so the 2 admins would not be always logged on with root privileges.
It is basically down to the auditors in the company wanting accountability for actions. If say I logged on as root and removed a file there is no way of telling that it was me that logged on and did it.
From a windows point of view the procedure is that th admin password is locked in the safe and noone knows it with individual admin accounts being set up with a unique password for each user. If a login as root is needed then the pasword would beknown to more than one person.
Try not to see "root" as an account but as a set of capabilities. You know those capabilities are most powerful, irreversible when applied to accounts (and coveted by anyone who doesn't have them).
Allowing root privileges to be handled by more than one account multiplies risks of handling root's tasks. It isn't part of "best practices", regardless of what your companies policies say. Almost any solution would be qualitatively better than allowing this to happen. Sudo should not be an alternative but your first choice.
BTW, do I get it right the company doesn't trust (skilled)? admins?
Sudo will provide accountability, as it logs (in /var/log/messages in most cases) all use of the command, and what command which user executed.
Running sudo paired with some auditing tools may help you make a case for Sudo. For commands that handle like editing device configuration you should write a wrapper or a front-end to validate input and config consistency, patch the kernel with LIDS or Grsecurity. This will allow you to ACL the system and processes to the point where even root can be denied access to Do Stuff and adds auditing capabilities (in the case of Grsecurity). Next set up an LD_SO_PRELOAD environment which loads libraries that log deletions, or use syscalltracker.
Top if of with setting the immutable bit on system binaries and configs to protect against "casual" deletion, harden the shell's configs, add filesystem integrity checking to keep a tab on changes and add remote logging. I use a custom vi wrapper to edit configs. It respects extended file attributes (immutable, undelete etc), allows me to do a rollback and provides me editing history.
What we try to say is, exhaust Sudo's capabilities, then look for other methods.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.