slackware hardening tips -Su: authentication failure
Dear slackers
Followed below link http://www.linuxquestions.org/questi...4/#comment5965 Now, I unable to su Code:
bash-4.2$ su |
Have you joined the wheel group?
I don know why you did that to yourself BTW, but the easy answer is Code:
usermod -aG wheel your_user |
Code:
bash-4.2# groups san2ban The reason I did this is because, when I used to do sudo, it used to say I am not in the sudoer's list, though I was in 'wheel' group. Hence, just thought that this (su hardened thread) might help in getting out of this situation Code:
bash-4.2# cat /etc/sudoers |
Just for the laugh, make a new luser with the wheel group as his default group
Code:
useradd -g wheel -G <whatever> -s /bin/bash [options & stuff] luser |
Businesskid
Tried as you said. luser cannot su. Is the article in he link correct? Has somebody checked and vetted it? |
There is some thing 'visudo'for editing sudoers.
As youŕe in slackware, slackware has sudo (probably in ~/a/ or ~/ap/) and you can simply upgradepkg --reinstall to overwrite it. You then rename the sudoers.new to sudoers, and youŕe back to vanilla. |
Using chown on the file (rather unexpectedely) changes its permissions from
Code:
-rws--x--x Code:
-rwx--x--x Code:
chmod 4711 /bin/su Code:
chmod 4710 /bin/su Brian |
Still, I cannot su
Code:
bash-4.2$ ls -l `which su` |
I'll bet it's the sudoers file. You've got it so hardened you can't use it :-P. In your honour, I have uploaded a sudoers file rigged the other way - total access. It's HERE
Please do us the favour of downloading it, and trying it. At least it checks whether my guess is correct. Feel free to delete it afterwards. It's something I thought about in 12.1 and have just copied ever since. |
Other people are mentioning permission issues, but that shouldn't be it because you can actually execute su. Instead you are getting an auth failure. san2ban, are you typing your user's password or root's password when you su? You'll need to use root's password for su.
This hack that you did would make it to where you cannot even try to su (i.e. it wouldn't ask for a password) if you aren't part of the wheel group. Since it does ask for a password after issuing su, it would appear that this hack is not causing the issue. |
Code:
bash-4.2$ su I compared the file that you mentioned with my /etc/sudoers. Only %users All=All line was missing. I added that. Still I cannot su. I cannot update because of following Code:
bash-4.2$ sudo slackpkg update fatalfrog I confirm that I use root password when I su. Except reinstall, I am ready to try anything that is suggested |
Can you login as root at all? Do ctl+alt+f2 and try logging in as root.
Quote:
|
/etc/sudoers has nothing to do with `su`. What, if anything, is the content of your /etc/suauth?
(And note that if you've added yourself to the wheel group but have yet to log in again, then `groups <username>` will report you as a member of wheel, but running `groups` without any arguments will not. Group membership changes does not affect the running sessions.) (Also note that "%users ALL=(ALL) NOPASSWD: ALL" in your sudoers file will allow any member of users to run anything as root without a password, once you've got all this sorted out you ought to reconsider whether this appropriate or not.) |
Yes, it's appropriate. All is me :-). It would be most inappropriate on a server.
/etc/suauth is original & untouched and I'm sure you have one of those. |
Code:
bash-4.2$ /usr/sbin/slackpkg update |
Code:
bash-4.2$ cat /etc/suauth |
Quote:
|
Maybe needs a colon between "wheel" and "DENY"
Code:
root:ALL EXCEPT GROUP wheel:DENY |
I had the same problem, and it's not in the /etc/suauth...
In fact i removed the file and had the same error: Quote:
Quote:
But don't forget the colon they said, you need it... |
This happened because when you chown the /bin/su to group wheel it looses the The Set User ID and Set Group ID permissions...
it should be rws instead of just rwx |
Genlemen
Thanks to e5150 for pointing out the missing semicolon. Problem is solved. I blindly copied and pasted from the link for su hardening tips. This semicolon should be put there also Thanks to everybody. This is what makes us slackers |
All times are GMT -5. The time now is 09:36 AM. |