DOCSLIB.ORG

One Identity Privilege Manager for Sudo Administration Guide

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
One Identity Privilege Manager for Sudo Administration Guide One Identity Privilege Manager for Sudo 6.1 Administration Guide Copyright 2019 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of One Identity LLC . The information in this document is provided in connection with One Identity products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of One Identity LLC products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, ONE IDENTITY ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON- INFRINGEMENT. IN NO EVENT SHALL ONE IDENTITY BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ONE IDENTITY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. One Identity makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. One Identity does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: One Identity LLC. Attn: LEGAL Dept 4 Polaris Way Aliso Viejo, CA 92656 Refer to our Web site (http://www.OneIdentity.com) for regional and international office information. Patents One Identity is proud of our advanced technology. Patents and pending patents may apply to this product. For the most current information about applicable patents for this product, please visit our website at http://www.OneIdentity.com/legal/patents.aspx. Trademarks One Identity and the One Identity logo are trademarks and registered trademarks of One Identity LLC. in the U.S.A. and other countries. For a complete list of One Identity trademarks, please visit our website at www.OneIdentity.com/legal. All other trademarks are the property of their respective owners. Legend WARNING: A WARNING icon highlights a potential risk of bodily injury or property damage, for which industry-standard safety precautions are advised. This icon is often associated with electrical hazards related to hardware. CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed. Privilege Manager for Sudo Administration Guide Updated - July 2019 Version - 6.1 Contents One Identity Privileged Access Suite for Unix 9 About this guide 10 Introducing Privilege Manager for Sudo 12 Features and benefits of Privilege Manager for Sudo 13 How Privilege Manager for Sudo works 15 Planning Deployment 17 System requirements 18 Supported platforms 19 Reserve special user and group names 20 Required privileges 20 Estimating size requirements 21 Privilege Manager licensing 21 Deployment scenarios 22 Single host deployment 22 Medium business deployment 23 Large business deployment 23 Installation and Configuration 25 Download Privilege Manager for Sudo software packages 26 Quick start and evaluation 26 Installing the Management Console 26 Uninstalling the Management Console 28 Configure a Primary Policy Server 28 Checking the server for installation readiness 29 TCP/IP configuration 29 Firewalls 30 Hosts database 30 Reserve special user and group names 30 Policy server daemon hosts 31 Sudo 1.8.x 31 Installing the Privilege Manager packages 31 Privilege Manager for Sudo 6.1 Administration Guide 3 Adding directories to PATH environment 32 Configuring the Privilege Manager for Sudo Primary Policy Server 32 Privilege Manager for Sudo Server Configuration Settings 33 Join hosts to policy group 37 Joining Sudo Plugin to Policy Server 38 Swap and install keys 38 Configure a secondary policy server 39 Installing secondary servers 39 Configuring a secondary server 40 Synchronizing policy servers within a group 40 Install Sudo Plugin on a remote host 40 Checking Sudo Plugin Host for installation readiness 41 Installing a Sudo Plugin on a remote host 42 Joining a Sudo Plugin to a primary policy server 42 Verifying Sudo Plugin configuration 43 Load balancing on the client 44 Remove configurations 44 Uninstalling the Privilege Manager software packages 44 Uninstalling Privilege Manager for Sudo on macOS 45 Upgrade Privilege Manager for Sudo 46 Before you upgrade 46 Upgrading Privilege Manager packages 46 Upgrading the server package 47 Upgrading the Sudo Plugin package 47 Removing Privilege Manager packages 47 Removing the server package 47 Removing the Sudo Plugin package 48 System Administration 49 Reporting basic policy server configuration information 49 Checking the status of the master policy 50 Checking the policy server 50 Checking policy server status 51 Checking the Sudo Plugin configuration status 51 Installing licenses 52 Privilege Manager for Sudo 6.1 Administration Guide 4 Displaying license usage 53 Listing policy file revisions 54 Viewing differences between revisions 54 Backup and recovery 55 Managing Security Policy 57 Security policy types 57 Specifying security policy type 59 The sudo type policy 59 Viewing the security profile changes 60 Administering Log and Keystroke Files 62 Configuring keystroke logging for Privilege Manager for Sudo policy 63 Validating Sudo commands 63 Local logging 64 Event logging 65 Keystroke (I/O) logging 65 Viewing the log files using a web browser 66 Viewing the log files using command line tools 66 Listing event logs 68 Backing up and archiving event and keystroke logs 70 Troubleshooting 73 Enabling sudo policy debug logging 73 Enabling tracing for Sudo Plugin 73 Join fails to generate a SSH key for sudo policy 74 Join to policy group failed on Sudo Plugin 74 Load balancing and policy updates 75 Policy servers are failing 75 Sudo command is rejected by Privilege Manager for Sudo 76 Sudo policy is not working properly 77 Appendix: Privilege Manager Variables 79 Global input variables 79 argc 81 argv 82 client_parent_pid 82 client_parent_uid 82 Privilege Manager for Sudo 6.1 Administration Guide 5 client_parent_procname 83 clienthost 83 command 83 cwd 84 date 84 day 84 dayname 85 domainname 85 env 86 false 86 gid 86 group 86 groups 87 host 87 hour 87 masterhost 88 masterversion 88 minute 88 month 88 nice 89 nodename 89 pid 89 pmclient_type 90 pmclient_type_pmrun 90 pmclient_type_sudo 90 pmversion 91 ptyflags 91 requestlocal 91 requestuser 91 samaccount 92 status 92 submithost 92 submithostip 92 thishost 93 time 93 Privilege Manager for Sudo 6.1 Administration Guide 6 true 94 ttyname 94 tzname 94 uid 95 umask 96 unameclient 96 uniqueid 96 user 96 year 97 Global output variables 97 disable_exec 98 eventlog 98 iolog 98 logstderr 98 logstdin 99 logstdout 99 Global event log variables 99 event 100 exitdate 100 exitstatus 101 exittime 102 PM settings variables 102 Appendix: Privilege Manager programs 109 pmcheck 112 pmjoin_plugin 115 pmkey 116 pmlicense 118 pmloadcheck 121 pmlog 123 pmlogadm 127 pmlogsearch 130 pmlogsrvd 134 pmlogxfer 136 pmmasterd 137 pmplugininfo 138 Privilege Manager for Sudo 6.1 Administration Guide 7 pmpluginloadcheck 139 pmpolicy 140 pmpolicyplugin 147 pmpoljoin_plugin 148 pmpolsrvconfig 149 pmremlog 151 pmreplay 152 Navigating the log file 154 pmresolvehost 155 pmserviced 156 pmsrvcheck 157 pmsrvconfig 159 pmsrvinfo 161 pmsum 162 pmsysid 163 Appendix: Installation Packages 164 Package locations 164 Installed files and directories 165 Appendix: Unsupported Sudo Options 168 Unsupported command line sudo options 168 Behavioral change 169 Unsupported Sudoers policy options 169 Unsupported Sudoers directives 171 Appendix: Privilege Manager for Sudo Policy Evaluation 172 About us 174 Contacting us 174 Technical support resources 174 Index 175 Privilege Manager for Sudo 6.1 Administration Guide 8 1 One Identity Privileged Access Suite for Unix Unix Security Simplified One Identity Privileged Access Suite for Unix solves the inherent security and administration issues of Unix-based systems (including Linux and macOS) while making satisfying compliance requirements easier. It unifies and consolidates identities, assigns individual accountability, and enables centralized reporting for user and administrator access to Unix. The Privileged Access Suite for Unix combines an Active Directory bridge and root delegation solutions under a unified console that grants organizations centralized visibility and streamlined administration of identities and access rights across their entire Unix environment. Active Directory Bridge Achieve unified access control, authentication, authorization, and identity administration for Unix, Linux, and macOS systems by extending them into Active Directory (AD) and taking advantage of AD’s inherent benefits. Patented technology allows non-Windows resources
Load more

Recommended publications
  • Linux Hacking Case Studies Part 4: Sudo Horror Stories
    Linux Hacking Case Studies Part 4: Sudo Horror Stories written by Scott Sutherland | March 26, 2020 This blog will cover different ways to approach SSH password guessing and attacking sudo applications to gain a root shell on a Linux system. This case study commonly makes appearances in CTFs, but the general approach for attacking weak passwords and sudo applications can be applied to many real world environments. This should be a fun walk through for people new to penetration testing. This is the fourth of a five part blog series highlighting entry points and local privilege escalation paths commonly found on Linux systems during network penetration tests. Below are links to the first three blogs in the series: Linux Hacking Case Study Part 1: Rsync Linux Hacking Case Study Part 2: NFS Linux Hacking Case Study Part 3: phpMyAdmin Below is an overview of what will be covered in this blog: Finding SSH Servers Dictionary Attacks against SSH Servers Viewing Sudoers Execution Options Exploiting Sudo sh Exploiting Sudo VI Exploiting Sudo Python Exploiting Sudo Nmap Finding SSH Servers Before we can start password guessing or attacking sudo applications, we need to find some SSH servers to go after. Luckily Nmap and similar port scanning tools make that pretty easy because most vendors still run SSH on the default port of 22. Below is a sample Nmap command and screenshot to get you started. nmap -sS -sV -p22 192.168.1.0/24 -oA sshscan Once you’ve run the port scan you can quickly parse the results to make a file containing a list of SSH servers to target.
    [Show full text]
  • Getty Scholars' Workspace™ INSTALLATION INSTRUCTIONS
    Getty Scholars’ Workspace™ INSTALLATION INSTRUCTIONS This document outlines methods to run the application locally on your personal computer or to do a full installation on a web server. Test Drive with Docker Getty Scholars' Workspace is a multi-tenant web application, so it is intended to be run on a web server. However, if you'd like to run it on your personal computer just to give it a test drive, you can use Docker to create a virtual server environment and run the Workspace locally. Follow the steps below to give it a spin. Scroll further for real deployment instructions. 1. Install Docker on your machine. Follow instructions on the Docker website: https://www.docker.com/ 2. If you are using Docker Machine (Mac or Windows), be sure to start it by using the Docker Quickstart Terminal. Docker is configured to use the default machine with IP 192.168.99.100. 3. At the command line, pull the Getty Scholars' Workspace image. $ docker pull thegetty/scholarsworkspace 4. Run the container. $ docker run -d -p 8080:80 --name=wkspc thegetty/scholarsworkspace supervisord -n 5. Point your browser to `<ip address>:8080/GettyScholarsWorkspace`. Use the IP address noted in Step 2. 6. The Drupal administrator login is `scholar` and the password is `workspace`. Be sure to change these in the Drupal admin interface. 7. To shut it down, stop the container: $ docker stop wkspc Web Server Installation These installation instructions assume you are installing Getty Scholars' Workspace on a server (virtual or physical) with a clean new instance of Ubuntu 14.04 as the operating system.
    [Show full text]
  • Tao-Of-Tmux Documentation 发布 V1.0.2
    tao-of-tmux Documentation 发布 v1.0.2 Tony Narlock 2020 年 04 月 18 日 Contents 1 前言 3 1.1 关于本书 ............................................... 3 1.2 代码等风格说明 ........................................... 4 1.3 本书主要内容 ............................................. 4 1.4 打赏 .................................................. 5 1.5 书籍形式(Formats) ........................................ 5 1.6 勘误说明(Errata){#errata} ................................... 5 1.7 感谢 .................................................. 6 1.8 本书跟新和 tmux 的变动 ...................................... 6 2 tmux 初识 {#thinking-tmux} 7 2.1 terminal 的窗口管理器 ....................................... 8 2.2 多任务处理 .............................................. 9 2.3 在后台运行程序 ........................................... 10 2.4 Powerful combos ........................................... 11 2.5 小节 .................................................. 12 3 Terminal 基础知识(fundamentals){#terminal-fundamentals} 13 3.1 POSIX 标准 ............................................. 13 3.2 Terminal interface .......................................... 14 3.3 Terminal emulators ......................................... 15 3.4 Shell languages {#shell-languages} ................................ 15 3.5 Shell interpreters (Shells) {#shells} ................................ 15 3.6 小节 .................................................. 16 4 开始使用(Practical usage){#practical-usage} 17 4.1 前缀组合快捷键(prefix key ){#prefix-key} ........................... 17 4.2 Session persistence and the server model ............................. 19
    [Show full text]
  • BSD UNIX Toolbox 1000+ Commands for Freebsd, Openbsd
    76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page iii BSD UNIX® TOOLBOX 1000+ Commands for FreeBSD®, OpenBSD, and NetBSD®Power Users Christopher Negus François Caen 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page ii 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page i BSD UNIX® TOOLBOX 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page ii 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page iii BSD UNIX® TOOLBOX 1000+ Commands for FreeBSD®, OpenBSD, and NetBSD®Power Users Christopher Negus François Caen 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page iv BSD UNIX® Toolbox: 1000+ Commands for FreeBSD®, OpenBSD, and NetBSD® Power Users Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2008 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-0-470-37603-4 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 Library of Congress Cataloging-in-Publication Data is available from the publisher. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permis- sion should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions.
    [Show full text]
  • Secure Automation: Achieving Least Privilege with SSH, Sudo and Setuid Robert A
    Secure Automation: Achieving Least Privilege with SSH, Sudo and Setuid Robert A. Napier – Cisco Systems ABSTRACT Automation tools commonly require some level of escalated privilege in order to perform their functions, often including escalated privileges on remote machines. To achieve this, developers may choose to provide their tools with wide-ranging privileges on many machines rather than providing just the privileges required. For example, tools may be made setuid root, granting them full root privileges for their entire run. Administrators may also be tempted to create unrestricted, null-password, root-access SSH keys for their tools, creating trust relationships that can be abused by attackers. Most of all, with the complexity of today’s environments, it becomes harder for administrators to understand the far-reaching security implications of the privileges they grant their tools. In this paper we will discuss the principle of least privilege and its importance to the overall security of an environment. We will cover simple attacks against SSH, sudo and setuid and how to reduce the need for root-setuid using other techniques such as non-root setuid, setgid scripts and directories, sudo and sticky bits. We will demonstrate how to properly limit sudo access both for administrators and tools. Finally we will introduce several SSH techniques to greatly limit the risk of abuse including non-root keys, command keys and other key restrictions. Introduction to files writable only by a particular group. For exam- ple, in FreeBSD programs that read system memory Since its introduction in 1995 by Tatu Ylonen, are setgid to a special kmem group.
    [Show full text]
  • Page 1 of 3 Sudo (Super User Do) Is a Very Useful
    Sudo Sudo (Super User Do) is a very useful program that allows a system administrator to give certain users the ability to run some (or all) commands as root 1. Download the source code: The source of sudo is available from http://www.courtesan.com/sudo/. At the time of writing, the latest version is V1.6.3 and the source code is provided as a compressed tar archive in the file sudo- 1.6.3.tar.gz . Download this file to a temporary directory, such as /tmp. 2. Prepare the source code for compilation: Log in as root, make a directory at a convenient point in the file system to hold the source code and copy the source into this directory. For example: # mkdir -p /opt/source/sudo # cd /opt/source/sudo # cp /tmp/sudo-1.6.3.tar.gz . Unzip and untar the source and then change to the directory created by tar: # gunzip sudo # tar xvf sudo # cd sudo-1.6.3 At this point, you may like to have a look at the README, INSTALL and FAQ files. 3. Compile the source code and install sudo: Configure the compilation process for your system: # ./configure Compile the source code: # make And install the compiled code: # make install This install the sudo program into /usr/local/bin, the visudo script (see later) into /usr/local/sbin and the manual page into subdirectories of /usr/local/man. 4. Modify the search path: If you haven't already done so for other software, you now need to modify the search paths so that the system can find the sudo program and its manual pages.
    [Show full text]
  • System Analysis and Tuning Guide System Analysis and Tuning Guide SUSE Linux Enterprise Server 15 SP1
    SUSE Linux Enterprise Server 15 SP1 System Analysis and Tuning Guide System Analysis and Tuning Guide SUSE Linux Enterprise Server 15 SP1 An administrator's guide for problem detection, resolution and optimization. Find how to inspect and optimize your system by means of monitoring tools and how to eciently manage resources. Also contains an overview of common problems and solutions and of additional help and documentation resources. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see https://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its aliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof. Contents About This Guide xii 1 Available Documentation xiii
    [Show full text]
  • Lab :: Snort (Ids)
    LAB :: SNORT (IDS) # super user command. $ normal user command. Username apnic and password training . VM Details [group01.apnictraining.net] [192.168.30.1] [group02.apnictraining.net] [192.168.30.2] ...... [group10.apnictraining.net] [192.168.30.10] [group11.apnictraining.net] [192.168.30.11] ...... [group20.apnictraining.net] [192.168.30.20] [group21.apnictraining.net] [192.168.30.21] ...... [group30.apnictraining.net] [192.168.30.30] Install SNORT 1. Install SNORT: sudo apt update sudo apt install snort 2. It will ask for your HOME_NET address. For this lab define it as your host IP. Example, for group 11 it will 192.168.30.11/32 . If required we can change it later from snort.debian.conf file also. 3. Check the installation location of SNORT whereis snort Few important location SNORT configuration : /etc/snort/snort.conf SNORT debian configuration : /etc/snort/snort.debian.conf SNORT rules : /etc/snort/rules SNORT exuecuble : /usr/sbin/snort Configure SNORT 1. Check HOME_NET and Interface related configuration on /etc/snort/snort.debian.conf . During installation process if you had defined your HOME_NET properly; no need to edit it. Else, you can edit this file. 2. The main configuration file for SNORT is /etc/snort/snort.conf file. sudo vi /etc/snort/snort.conf This is a big configuration file; for the purpose of this lab we will disable all predefined rules (ruleset). Disable (comment out # ) all the line having include $RULE_PATH (in Step 7 of configuration file) except include $RULE_PATH/local.rules . We will put all our local rules in include $RULE_PATH/local.rules To enable alert log; comment out (adding # before the line) the following line (Step 6 in the configuration file): output unified2: filename snort.log, limit 128, nostamp, mpls_event_types, vlan_event_types Save and quit from snort.conf file :wq Start SNORT: sudo systemctl start snort or sudo /etc/init.d/snort start Check whether SNORT is running: sudo systemctl status snort or ps -ef|grep snort SNORT Rules Snort rules are divided into two logical sections: 1.
    [Show full text]
  • A Quick and Easy Guide to Tmux
    7/24/2018 A Quick and Easy Guide to tmux Ham Vocke writing stu about software (/) Home (/) Blog (/blog) About Me (/about) Talks (/talks) (https://github.com/hamvocke) (https://twitter.com/hamvocke) (http://www.hamvocke.com/feed.xml) A Quick and Easy Guide to tmux 16 Aug 2015 terminal 13 minutes read I love working with the command line. Seriously, I think there’s hardly any more productive and more versatile tool for a software developer than the terminal. Maybe it’s the hacker/wizard/neckbeard kind of feeling I get when using a terminal, I don’t know. At work we do lots of pair programming. Everyone’s got their own laptop and can set it up the way they like. And since I love working with the command line I’ve spent quite some time doing (only sane! I swear!) modications to my terminal environment that make working with the command line more pleasant and streamlined. This is why my pair usually will be greeted by something like this: https://www.hamvocke.com/blog/a-quick-and-easy-guide-to-tmux/ 1/21 7/24/2018 A Quick and Easy Guide to tmux If they’ve worked with me before they know what they are up to. But every once in a while there will be a new team member who doesn’t know my environment. Usually this is the point where they will ask something like “WTF am I looking at?” and it’s my time to shine! Because what they’re looking at is nothing less than the best thing since sliced bread.
    [Show full text]
  • NVIDIA CUDA Installation Guide for Linux
    NVIDIA CUDA Installation Guide for Linux Installation and Verification on Linux Systems DU-05347-001_v11.4 | September 2021 Table of Contents Chapter 1. Introduction........................................................................................................ 1 1.1. System Requirements...............................................................................................................1 1.2. About This Document............................................................................................................... 3 Chapter 2. Pre-installation Actions..................................................................................... 4 2.1. Verify You Have a CUDA-Capable GPU....................................................................................4 2.2. Verify You Have a Supported Version of Linux........................................................................ 5 2.3. Verify the System Has gcc Installed........................................................................................5 2.4. Verify the System has the Correct Kernel Headers and Development Packages Installed........................................................................................................................................5 2.5. Install MLNX_OFED.................................................................................................................. 7 2.6. Choose an Installation Method................................................................................................ 7 2.7. Download
    [Show full text]
  • Geek Guide > Beyond Sudo: How to Know You Have Outgrown It
    GEEK GUIDE Beyond Sudo: How to Know You Have Outgrown It (and What to Do) Table of Contents About the Sponsor ..................................................................4 Introduction ..............................................................................5 A Bit of Sudo History ...............................................................7 Sudo Usage ..............................................................................8 Sudo Defaults ........................................................................12 Aliases ....................................................................................16 A More Complex Example ....................................................16 Other Security Tools ..............................................................19 Sudo Shortcomings ...............................................................21 Next-Generation Tools ..........................................................22 Key Capabilities in Achieving Advanced Security and Compliance Use Cases on UNIX and Linux Platforms ......24 GREG BLEDSOE is a Managing Consultant with Accenture in the DevOps Architecture Practice. He has more than 20 years of hard-fought experience in security and operations, having been a developer, network engineer, sysadmin, techops manager, Vice President of Operations and CISO. You can reach him at [email protected] or via Twitter: @geek_king. 2 GEEK GUIDE Beyond Sudo: How to Know You Have Outgrown It (and What to Do) GEEK GUIDES: Mission-critical information for the most technical
    [Show full text]
  • Useful Linux Commands for NOC Work
    Useful Linux Commands for NOC Work Abstract: This page is intended to be a somewhat-loose flow of instructions which will serve as both a lesson when taken in order and as a searchable reference. NOC's Linux sandbox (aus-noc-dev.trionworld.priv) can be reached with PuTTY (http://www.putty.org/). Objective/Goal: Provide a fully funtional introduction to performing Tier 1 NOC procedures in a Linux environment. Keywords: unix admin administration bash shell rhel centos ubuntu debian This document is a: Reference Learning and applying these instructions will require the use of: Your standard AD credentials should provide access; otherwise, Linux Engineering can set you up. Some learning lab advise: 1. Type your command but do not press Enter. 2. Take your hands far away from your keyboard. 3. Picture in your mind what you expect the command will do. 4. Press the Enter key then observe the results. Caution: In DOS, the Find command works like the Grep command in Linux. However, Find in Linux serves a different purpose and it is a far-reaching and dangerous command. It should not be used without a specific purpose in mind and only with intentions and results tested on a safe server. Instruction Body: The basics: Copy from your Linux session: Use the mouse to highlight the text you want to copy. Text will automatically go to the clipboard. Paste to your Linux session: Right-click in the Linux window. Items on the clipboard will insert at the cursor position. Ctrl+c // Cancel current action. Some actions require a few repeated cancels to generate an interrupt.
    [Show full text]