[sudo-users] Checksum for executed scripts
JR Aquino
JR.Aquino at citrix.com
Tue Aug 20 10:20:05 MDT 2013
On Aug 20, 2013, at 7:16 AM, "Todd C. Miller" <Todd.Miller at courtesan.com>
wrote:
> You are in luck, sudo 1.8.7 added support for SHA-2 digests
> (checksums) of commands. To use it you place the digest
> before the command. For example:
>
> someuser ALL = \
> sha224:118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25 \
> /home/oracle/root.sh
>
> It is often cleaner to group the command and digest together in
> a Cmnd_Alias instead.
>
> Cmnd_Alias ORACLE_ROOT_SH = \
> sha224:118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25
>
> You can also use base64 encoding of the digest which is a bit more
> compact. See the sudoers manual for more details (search for digest
> and sha2) http://www.sudo.ws/sudo/man/1.8.7/sudoers.man.html
>
> - todd
Can this be expressed in LDAP as well?
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list