[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re: Is it possible to stop an user from stopping rsyslog or equivale
From: |
Alex fxmbsw7 Ratchev |
Subject: |
Re: Re: Is it possible to stop an user from stopping rsyslog or equivalent while still granting most privileges? |
Date: |
Tue, 14 Sep 2021 17:27:14 +0200 |
or configuring any security stuff in the kernel properly
On Tue, Sep 14, 2021, 17:26 Alex fxmbsw7 Ratchev <fxmbsw7@gmail.com> wrote:
> i dunno of any root calls in bash tho i dunno its .c
>
> its a kernel security mod .c and .ko u want
>
> On Tue, Sep 14, 2021, 16:57 conan zhan <conanzhan@onionmail.org> wrote:
>
>> If I want to change some source code of bash-5.1, which part is parsing a
>> line of code, and which part is reading configuration?
>>
>> Thanks.
>>
>> On Monday, 13. September 2021 23:58, Alex fxmbsw7 Ratchev
>> <http:///webmail/send?to=fxmbsw7@gmail.com> wrote:
>>
>> man sudo and suduers for sudo
>> u can restrict sudo root by user be only few safe commands big, no sudo
>> sysctl or something..
>>
>> linux and bash and such are not far in this direction
>>
>> On Mon, Sep 13, 2021, 17:34 conan zhan <conanzhan@onionmail.org> wrote:
>>
>>> I learnt that a sudo-er can gain root privilege by certain commands like
>>> sudo
>>> bashor su - and then shut down any system monitor programs and delete
>>> system
>>> logs. And under this condition even enforcing bash to log is useless.
>>>
>>> Therefore, it is very delicate management not to grant server maintainers
>>> sudo/wheel privilege since both of them are equivalent to root, and it
>>> is a very
>>> tiring job to think of a whitelist strategy on what they CAN do rather
>>> than what
>>> they CANNOT do.
>>>
>>>
>>> So is there a way to ban a sudo-er from the following actions:
>>>
>>> 1) run a command the root does not allow. ETC. A line with both stop &
>>> rsyslogA
>>> line withchmod
>>>
>>>
>>> 2) use root role;
>>>
>>>
>>> 3) escape current bash environment ?
>>>
>>> These three altogether would create a role that gives maintainers Largest
>>> privileges so long as they CANNOT delete the record in Black-Box.
>>>
>>> I don't know how much work needs to be done to create such role, but
>>> there seems
>>> to be a way to walk around by a shell with censorship on command before
>>> execution? Since you can limit a user on what shell can be used by
>>> useradd
>>> [someuser] -s
>>>
>>> Thanks in advance.
>>>
>>>
>>> https://serverfault.com/questions/1076862/how-can-root-start-a-process-that-only-root-can-kill
>>> ?
>>>
>>