HPE Community
Secure OS Software for Linux
1828151 Members
2841 Online
109975 Solutions
New Discussion

Re: rootsh and sudo problem

 
Joppe
Occasional Advisor

‎02-16-2006 11:20 PM

‎02-16-2006 11:20 PM

rootsh and sudo problem

Hallo all,

I hope someone can help me with this problem.

To make our servers more secure have stopped root access with su and the administartors have to SUDO to run root commands, that is working really well. I have also a logging-program called rootsh to log everything that are done as root, my problem is that to start the logging the admins then they have to "sudo rootsh" and they get a root shell with logging, but it is still possible to "sudo bash" and then they get a root-shell without logging.

What I want is when they use "sudo bash", then the rootsh should be started automaticaly and logg what is happening.

I have not manage to come up with a solution how to get this to work!

Greatful for help!

Cheers
Joppe
0 Kudos
5 REPLIES 5
Muthukumar_5
Honored Contributor

‎02-16-2006 11:29 PM

‎02-16-2006 11:29 PM

Re: rootsh and sudo problem

You can audit the sudo related commands with history files itself generally.

Another method as writing shell wrapper as,

# mv sudo.org
# cat > sudo
#!/bin/bash
if [[ $1 = "bash" ]]
then
# put the command to start
fi
echo $* | bash

# end
exit 0

###########

Change permission to new sudo file and try now.

--
Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Joppe
Occasional Advisor

‎02-16-2006 11:58 PM

‎02-16-2006 11:58 PM

Re: rootsh and sudo problem

Thanks, that works fine!
But This means that I can't add new users to the sudoers file that I only want to let run a few specified commands.

The question is if it is possible to have it so I still easy can add sudo rules for other users also?

/Joppe
0 Kudos
Joppe
Occasional Advisor

‎02-17-2006 12:12 AM

‎02-17-2006 12:12 AM

Re: rootsh and sudo problem

Oups, was a little to fast to replay.

With this script instead of the orginal sudo makes my logg file look like rubbish instead!

/Joppe
0 Kudos
Joppe
Occasional Advisor

‎02-17-2006 12:29 AM

‎02-17-2006 12:29 AM

Re: rootsh and sudo problem

Okay all I found a solution for my probblem that's working!

I simply changed the default shell for the admin user to my rootsh, and added rootsh in the /etc/shells. And then I have logging from the first second a admin user loggs in to the server until he loggs out!

Cheers

Joppe

0 Kudos
Steven E. Protter
Exalted Contributor

‎02-17-2006 06:41 AM

‎02-17-2006 06:41 AM

Re: rootsh and sudo problem

Shalome Joppe,

If sudo bash works you have no security at all and there is almost no reason to use sudo.

The binaries that can be sudo must be limited by the sudoers file to make this setup effective.

Leaving bash available for sudo is a huge back door that needs to be shut.

As far a logging commands, you can set the HISTFILE variable and all commands input by keyboard logged. This can be in the home directores of your various admins or a central location.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.