You don't have to tell me - I already know trying to do sudo in a chrooted environment is a bad idea.
But is it even possible? I don't have a choice.
Requirement:
A (commercial) inventorying script needs to interactively log in to a number of RHEL4 and RHEL5 servers and run these three commands
- sudo /usr/sbin/lsof
- sudo /usr/sbin/dmidecode
- /sbin/ifconfig
We are not going to enable SELinux on all these servers.
Is there any other way to do this securely? would suid be better/worse than sudo?
I need to secure this as much as possible. rbash is trivially defeated:
http://www.symantec.com/connect/arti...ing-unix-users
I tried to avoid manually building a chrooted environment by trying jailkit
http://olivier.sessink.nl/jailkit but I couldn't get it to work.
So I guess my only option is to try to manually hack together a chroot. Any favorite cookbooks? Anyone do this supporting sudo?
Any suggestions?
Any suggestions on another approach?
Anybody gotten jailkit to work on RHEL/Centos to provide an interactive shell?
Thanks,
QuantSuff