Stephen Davies wrote:
> Sean,
> My take on su vs sudo is that with su and giving the root password to
> a user is a positive action. Just like in your work environment it can
> be positively controlled and even time limited rather than with sudo.
> Yes the user (sudo) has to be allowed to use sudo but IMHO, this is
> still a weakness only one password needs to be cracked/exosed and
> ironically a strength as it is easier to manage for non experts.
>
> The customer I mentioned does require everyone using their systems to
> be PV'd so I guess that security is pretty high up their list of must
> have and do's. Their policy towards security is totally based upon the
> sensitivity of the data that their systems hold. If this was to get
> released into he wider domain then all sorts of extreemly smelly brown
> stuff would start hitting every wind turbine in the country.
> So, they ban sudo from their systems.
> I was amazed at the lockdown processes they go through before putting
> a system even into UAT. It makes the processes we went through when we
> worked together look very elementary. Basicaly there is a rule for
> literally every shell script and binary on the system. This is after a
> disable all option. (Just like firewalls, disable ALL and then enable
> only what is needed)
> It took me over a month to get the rules changed so the Message Broker
> could run properly. Various IBM bods had to backup my requests to get
> it through. IT was this lockdown process that allowed me to understand
> the benefits of a properly configured selinux environment.
>
I believe sudo is very good practice and one I learnt from Evi Nemeth's
Unix Sys Admin book. You can control what commands a normal user can use
and you don't have to give them the root password. All commands are
logged so you can find out who did what. Root logons are difficult to trace.
Ubuntu's use of sudo is slightly different than Fedora as the normal
user can run any GUI application requiring root using their own
password. This seems logical for newbies and I'm sure once they learn
more they could understand it isn't as secure as it should be. The first
thing I do on Ubuntu after an install is
sudo passwd root
and I have the root user available. I could then change /etc/sudoers to
restrict the normal users commands.
I can't see why sudo is any less secure than su'ing to root using the
same password string. In fact the logging is a definite positive.
The type of security you talk about is only required for secure
installations. I've used Keon (BoKS) and eTrust Access Control (Seos)
which allows fine tuning of who can logon where (single sign on), what
binaries they can run and which folders/files they have access to. Even
root can't get access as it always sees you as the original user you
logged on with. This makes tracing users much easier.
John.
--
--------------------------------------------------------------
Discover Linux - Open Source Solutions to Business and Schools
http://discoverlinux.co.uk
--------------------------------------------------------------
