Shulou(Shulou.com)06/02 Report--

This article mainly explains the "detailed explanation of sudo commands in Linux system". The content of the explanation in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "detailed explanation of sudo commands in Linux system".

Catalogue

0x01 introduction

0x02 alias

0x03 Authorization rules

Considerations for 0x04

0x05 sudo commands user behavior log audit

0x01 introduction

Sudo configuration file is / etc/sudoers, in sudoers, each line is a rule, when the rule exceeds one line, you can use "\" to continue the line, its rules can be roughly divided into two categories, one is alias definition, the other is authorization rules, alias definition is not necessary, but it will be more convenient when there are more authorization rules, authorization rules are necessary.

0x02 alias

Alias types mainly include the following four types

Host_Alias host alias User_Alias user alias Runas_Alias user identity alias Cmnd_Alias command alias

Host_Alias

The host alias specifies which host to take effect on. We generally don't use it. It can only be used in shared multiple systems. ALL is fine. It corresponds to the first ALL.

The format defined is as follows

Host_Alias FILESERVERS = fs1, fs2

User_Alias

A user alias specifies a valid user, and it can be used for either a user or a user group. If it is a user group, it needs to be preceded by%.

The definition format is as follows

User_Alias ADMINS = admin, balabala,% groupname

Runas_Alias

User identity alias is the user identity to which sudo is allowed to switch

The definition format is as follows

Runas_Alias OP = root, wuxin

Cmnd_Alias

A command alias is a collection that defines a set of related commands.

The definition format is as follows

Cmnd_Alias PROCESSES = / bin/nice, / bin/kill

So when do we use these aliases? generally, we only need to use them when there are multiple system users who need classification and hierarchical management. as for how to configure them, we can just change them according to the actual needs. in fact, it is to reduce a lot of command content to simple variables.

0x03 Authorization rules

As for the rules, it is clear to take a look at the previous example. The previous article also mentioned the meaning of each item. The following example is very clear.

Let's do some editing first.

Then we switch to the test user and check the commands that can be executed.

Considerations for 0x04

1. ALL in authorization rules must be uppercase

2.Cmnd_Alias executes commands in order, and the order of commands is from back to front. Try to put prohibited commands behind.

3. If the content exceeds one line, be sure to use "\" to wrap the line.

0x05 sudo commands user behavior log audit

The sudo command log audit does not record the ordinary operations of ordinary users, but the user actions that execute sudo commands.

The first method is to do a full log audit through environment variables and rsyslog services. The problem with this is that it generates too much information, so this is not recommended.

The second method, sudo with rsyslog service for log audit, the amount of information is still relatively small, the effect is OK.

The third method is to embed a monitor in the bash interpreter program so that all audited system users use the modified bash program as the interpreter

The fourth method, the open source springboard jumpserver (python)

The fifth way is to spend money on commercial services.

This is explained in the second way.

First, let's edit the rsyslog.conf file.

Then modify the / etc/sudoers file

Thank you for your reading, the above is the content of "detailed explanation of sudo commands in Linux system". After the study of this article, I believe you have a deeper understanding of the detailed interpretation of sudo commands in Linux systems, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.