[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Is it possible to stop an user from stopping rsyslog or equivalent w
|
From: |
Alex fxmbsw7 Ratchev |
|
Subject: |
Re: Is it possible to stop an user from stopping rsyslog or equivalent while still granting most privileges? |
|
Date: |
Mon, 13 Sep 2021 17:58:53 +0200 |
man sudo and suduers for sudo
u can restrict sudo root by user be only few safe commands big, no sudo
sysctl or something..
linux and bash and such are not far in this direction
On Mon, Sep 13, 2021, 17:34 conan zhan <conanzhan@onionmail.org> wrote:
> I learnt that a sudo-er can gain root privilege by certain commands like
> sudo
> bashor su - and then shut down any system monitor programs and delete
> system
> logs. And under this condition even enforcing bash to log is useless.
>
> Therefore, it is very delicate management not to grant server maintainers
> sudo/wheel privilege since both of them are equivalent to root, and it is
> a very
> tiring job to think of a whitelist strategy on what they CAN do rather
> than what
> they CANNOT do.
>
>
> So is there a way to ban a sudo-er from the following actions:
>
> 1) run a command the root does not allow. ETC. A line with both stop &
> rsyslogA
> line withchmod
>
>
> 2) use root role;
>
>
> 3) escape current bash environment ?
>
> These three altogether would create a role that gives maintainers Largest
> privileges so long as they CANNOT delete the record in Black-Box.
>
> I don't know how much work needs to be done to create such role, but there
> seems
> to be a way to walk around by a shell with censorship on command before
> execution? Since you can limit a user on what shell can be used by useradd
> [someuser] -s
>
> Thanks in advance.
>
>
> https://serverfault.com/questions/1076862/how-can-root-start-a-process-that-only-root-can-kill
> ?
>