[sudo-users] How to prevent editing sudoers-file
pottmi at gmail.com
Thu Nov 30 00:08:08 EST 2006
On 11/29/06, Stephen Carville <stephen at totalflood.com> wrote:
> Matthew Hannigan wrote:
> > On Mon, Nov 27, 2006 at 10:32:33PM +0100, Claude Hohl wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>> OK, thank you guys for the tips. I solved the problem about the
> >>> writable sudoers file this way:
> >>> Sudoers is located on a dedicated server; and it's exported via NFS
> >>> as a read-only filesystem. therefore, even as root you can not
> >>> write on it!
> > But you could edit the sudo binary to use a different sudoers file.
> > You've raised the bar a bit, but not much.
> True but trip wire should catch that.
And at best, you know that you had a problem, and at worst the hacker
disables tripwire and has sustained control or your system.
Trip wire would not detect a temporary copy of sudo that has been changed.
How about this:
Don't use sudo to give wide open root access.
More information about the sudo-users