Re: Re: Is it possible to stop an user from stopping rsyslog or equivale

help-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: Is it possible to stop an user from stopping rsyslog or equivale

From:	Alex fxmbsw7 Ratchev
Subject:	Re: Re: Is it possible to stop an user from stopping rsyslog or equivalent while still granting most privileges?
Date:	Tue, 14 Sep 2021 17:26:48 +0200

i dunno of any root calls in bash tho i dunno its .c

its a kernel security mod .c and .ko u want

On Tue, Sep 14, 2021, 16:57 conan zhan <conanzhan@onionmail.org> wrote:

> If I want to change some source code of bash-5.1, which part is parsing a
> line of code, and which part is reading configuration?
>
> Thanks.
>
> On Monday, 13. September 2021 23:58, Alex fxmbsw7 Ratchev
> <http:///webmail/send?to=fxmbsw7@gmail.com> wrote:
>
> man sudo and suduers for sudo
> u can restrict sudo root by user be only few safe commands big, no sudo
> sysctl or something..
>
> linux and bash and such are not far in this direction
>
> On Mon, Sep 13, 2021, 17:34 conan zhan <conanzhan@onionmail.org> wrote:
>
>> I learnt that a sudo-er can gain root privilege by certain commands like
>> sudo
>> bashor su - and then shut down any system monitor programs and delete
>> system
>> logs. And under this condition even enforcing bash to log is useless.
>>
>> Therefore, it is very delicate management not to grant server maintainers
>> sudo/wheel privilege since both of them are equivalent to root, and it is
>> a very
>> tiring job to think of a whitelist strategy on what they CAN do rather
>> than what
>> they CANNOT do.
>>
>>
>> So is there a way to ban a sudo-er from the following actions:
>>
>> 1) run a command the root does not allow. ETC. A line with both stop &
>> rsyslogA
>> line withchmod
>>
>>
>> 2) use root role;
>>
>>
>> 3) escape current bash environment ?
>>
>> These three altogether would create a role that gives maintainers Largest
>> privileges so long as they CANNOT delete the record in Black-Box.
>>
>> I don't know how much work needs to be done to create such role, but
>> there seems
>> to be a way to walk around by a shell with censorship on command before
>> execution? Since you can limit a user on what shell can be used by useradd
>> [someuser] -s
>>
>> Thanks in advance.
>>
>>
>> https://serverfault.com/questions/1076862/how-can-root-start-a-process-that-only-root-can-kill
>> ?
>>
>

[Prev in Thread]

Current Thread

[Next in Thread]

Is it possible to stop an user from stopping rsyslog or equivalent while still granting most privileges?, conan zhan, 2021/09/13
- Re: Is it possible to stop an user from stopping rsyslog or equivalent while still granting most privileges?, Alex fxmbsw7 Ratchev, 2021/09/13
  - Message not available
    - Re: Re: Is it possible to stop an user from stopping rsyslog or equivalent while still granting most privileges?, Alex fxmbsw7 Ratchev <=
    - Re: Re: Is it possible to stop an user from stopping rsyslog or equivalent while still granting most privileges?, Alex fxmbsw7 Ratchev, 2021/09/14
- Re: Is it possible to stop an user from stopping rsyslog or equivalent while still granting most privileges?, Jeffrey Walton, 2021/09/14

Prev by Date: Re: Is it possible to stop an user from stopping rsyslog or equivalent while still granting most privileges?
Next by Date: Re: Re: Is it possible to stop an user from stopping rsyslog or equivalent while still granting most privileges?
Previous by thread: Re: Is it possible to stop an user from stopping rsyslog or equivalent while still granting most privileges?
Next by thread: Re: Re: Is it possible to stop an user from stopping rsyslog or equivalent while still granting most privileges?
Index(es):
- Date
- Thread