LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 05-17-2006, 05:42 PM   #1
wjeanpaul
LQ Newbie
 
Registered: Jan 2005
Location: Michigan
Distribution: Fedora core 4
Posts: 13

Rep: Reputation: 0
Identifying non-administrators w/ root privilege/ Multiple root account in use


Hey guys,
I need your help with following questions below:

Question 1: Is there a menthod (command) that could be use to displays a list of all users logged in (and/or out) since a file and/or directories was created. My purpose is to identify non-admnistrators who were able to view root own files.

Question 2: What are the security risks associated with using multiple accounts w/ UID of zero?
For example, root (default), rootk and rootc have UID of 0s. However, the shells are different? Is that a security risk. If so, why?


Thanks,

W
 
Old 05-18-2006, 02:52 AM   #2
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.6, Centos 5.10
Posts: 16,324

Rep: Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041
2. it means that afterwards you will not be able to tell who did what, because ownerships will be indistinguishable....
There should only ever be 1 root.
If some users need occasional access to root owned cmds, look into the sudo facility.
 
Old 05-18-2006, 09:26 AM   #3
wjeanpaul
LQ Newbie
 
Registered: Jan 2005
Location: Michigan
Distribution: Fedora core 4
Posts: 13

Original Poster
Rep: Reputation: 0
Question #2

Quote:
Originally Posted by chrism01
2. it means that afterwards you will not be able to tell who did what, because ownerships will be indistinguishable....
There should only ever be 1 root.
If some users need occasional access to root owned cmds, look into the sudo facility.
Question 2 follow up:
Hello Chris,

Thanks for your reply. Can you help me understand how you can hold anyone accountable if you have more than administrator using the the same root password. I am just trying to understand the best way to manage this issue.

Thanks for your assistance

W
 
Old 05-18-2006, 11:52 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,766
Blog Entries: 54

Rep: Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976
Is there a menthod (command) that could be use to displays a list of all users logged in (and/or out) since a file and/or directories was created. My purpose is to identify non-admnistrators who were able to view root own files.
If you take the MAC time of the created file/dir as starting point, then for users with local system login enabled you could use the "last" command. It also depends on what ways (services) the file was accessable (before) (as in service configuration and/or file/dir permissons). I think this is a good argument for running a GRSecurity RBAC or SELinux enabled server: if set up in enforcing mode there would have to be explicit rules for file access inclusion. If you can be more verbose with respect to your situation, add an example if you can, maybe there's more to add.


hold anyone accountable if you have more than administrator using the the same root password.
(This may sound harsh but I'm just emphasising what chrism01 already said) what you need to understand is there are no compelling and valid reasons to have multiple root privilege accounts. The best way to manage this issue therefore would be to add auditing facilities and disable (and later on remove) those excess accounts. If you disagree please post reasons why you think you need multiple root privilege accounts.
 
Old 05-19-2006, 09:55 PM   #5
soulestream
Member
 
Registered: Nov 2005
Posts: 183

Rep: Reputation: 30
I smell somebodies homework.


SOule
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba3 Administrators & users privilege in Windows client machines Bilal84 Linux - Networking 0 10-07-2005 03:58 AM
How do I retain the PATH in the root account even when I switch to root using su? thearchitect Linux - Newbie 1 08-13-2005 01:02 AM
Sub-root administrators? linuxpyro Linux - Security 3 05-24-2005 04:33 PM
how to get root privilege in a script jpan Linux - General 5 01-07-2005 03:46 PM
How to get root privilege in program using c? whepin Programming 1 04-06-2002 06:27 AM


All times are GMT -5. The time now is 01:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration