I'm trying to put together a security policy for a collection of Linux servers. There are 8 people in my organization that require root level access over SSH.
At a past company, my solution was to permit only RSA keys and give everyone a user with their own key.
To grant root privileges, I set the UID to 0. This negated needing to setup sudo or su which people just seem to sudo su – or sudo /bin/bash anyway. It also let me do the following.
I patched Bash to log the return value of getlogin() and the command to syslog. I then had a log of everything run on the servers and usernames tied to users. If I used su or sudo, I would just get the user root.
I'm in a fresh state right now at a new company and wondering if anyone has a policy they use and like.
Best Answer
We use sudo configured to allow commands from the group. To prevent the sudo -i or sudo bash, I have setup an alias including all known shells which I disallow using ! in the definition of what the group can do. That way, all commands run with sudo are logged to syslog. The only shell I have installed and allowed is rootsh, which logs everything done from it.
Obviously, nothing can stop an admin to
in order to bypass this security, but still you give them root rights, you have to trust them anyway...