Linux – Best practice for multi Admin root access

linuxroot

I'm trying to put together a security policy for a collection of Linux servers. There are 8 people in my organization that require root level access over SSH.

At a past company, my solution was to permit only RSA keys and give everyone a user with their own key.

To grant root privileges, I set the UID to 0. This negated needing to setup sudo or su which people just seem to sudo su – or sudo /bin/bash anyway. It also let me do the following.

I patched Bash to log the return value of getlogin() and the command to syslog. I then had a log of everything run on the servers and usernames tied to users. If I used su or sudo, I would just get the user root.

I'm in a fresh state right now at a new company and wondering if anyone has a policy they use and like.

Best Answer

We use sudo configured to allow commands from the group. To prevent the sudo -i or sudo bash, I have setup an alias including all known shells which I disallow using ! in the definition of what the group can do. That way, all commands run with sudo are logged to syslog. The only shell I have installed and allowed is rootsh, which logs everything done from it.

Cmnd_Alias SHELLS= /bin/sh, /bin/ksh, /bin/bash, /bin/zsh, /bin/csh, /bin/tcsh, /bin/login, /bin/su
%admin ALL = (ALL) ALL, !SHELLS

Obviously, nothing can stop an admin to

cp /bin/bash /tmp/shell
sudo /tmp/shell

in order to bypass this security, but still you give them root rights, you have to trust them anyway...

Related Solutions

Bash Scripting: Require script to be run as root (or with sudo)

To pull the effective uid use this command:

id -u

If the result is ‘0’ then the script is either running as root, or using sudo. You can run the check by doing something like:

if [[ $(/usr/bin/id -u) -ne 0 ]]; then
    echo "Not running as root"
    exit
fi

linux – Why Use su to Root Instead of Logging in as Root?

The inference is to only su or sudo when required.

Most everyday tasks don't require a root shell. So it is good practice to use an unprivileged shell as your default behaviour and then only elevate to root when you need to perform special tasks.

By doing so you are reducing scope for dangerous mistakes (bad scripting, misplaced wildcards, etc) and vulnerabilities from any applications that you use. Especially those which connect to the Internet - see the old adage "Don't IRC as root".

sudo is often recommended because it allows you fine grain and audit the use of such privileges.

By observing these practices you are also in a position to disable remote root logins. This increases the bar of entry for any would-be attacker, as they would need to compromise both a regular user account that was a member of the "wheel" group and ideally only authorised by SSH public keys, then the root account itself.

Best Answer

Related Solutions

Bash Scripting: Require script to be run as root (or with sudo)

linux – Why Use su to Root Instead of Logging in as Root?

Related Topic