BSDCan2014 - Final

BSDCan 2014
The Technical BSD Conference

Michael W. Lucas
Day Tutorials - Day 2 - Thu May 15 - 2014-05-15
Room Montpetit 201
Start time 13:00
Duration 03:00
ID 456
Event type Workshop
Track Tutorial
Language used for presentation English


You're doing it wrong

Sudo is one of the most widely deployed system security tools. It's also widely misunderstood and frequently misapplied. This tutorial takes you through the proper application of sudo, its strengths and weaknesses, and how it can be used and abused. Based on the book "Sudo Mastery."

Unix-like operating systems use a rudimentary access control system: the root account can do anything, while other users are peasants with only minimal access. This worked fine in UNIX’s youth, but today, system administration responsibilities are spread among many people and applications. Each person needs a tiny slice of root’s power.

Sudo lets you divide root’s monolithic power between the people who need it with accountability and auditability.

This course will teach you to:

  • design a sudo policy rather than slap rules together
  • simplify policies with lists and aliases
  • use non-Unix information sources in policies
  • configure alternate sudo policies
  • manage shell environments
  • verify system integrity and perform intrusion detection
  • have a common sudo policy across your server farm
  • manage sudo policies via LDAP
  • log and debug sudo
  • log and replay full sudo sessions
  • use authentication systems other than passwords