BSDCan2014 - Final
BSDCan 2014
The Technical BSD Conference
| Speakers | |
|---|---|
|
Michael W. Lucas |
| Schedule | |
|---|---|
| Day | Tutorials - Day 2 - Thu May 15 - 2014-05-15 |
| Room | Montpetit 201 |
| Start time | 13:00 |
| Duration | 03:00 |
| Info | |
| ID | 456 |
| Event type | Workshop |
| Track | Tutorial |
| Language used for presentation | English |
Sudo
You're doing it wrong
Sudo is one of the most widely deployed system security tools. It's also widely misunderstood and frequently misapplied. This tutorial takes you through the proper application of sudo, its strengths and weaknesses, and how it can be used and abused. Based on the book "Sudo Mastery."
Unix-like operating systems use a rudimentary access control system: the root account can do anything, while other users are peasants with only minimal access. This worked fine in UNIX’s youth, but today, system administration responsibilities are spread among many people and applications. Each person needs a tiny slice of root’s power.
Sudo lets you divide root’s monolithic power between the people who need it with accountability and auditability.
This course will teach you to:
- design a sudo policy rather than slap rules together
- simplify policies with lists and aliases
- use non-Unix information sources in policies
- configure alternate sudo policies
- manage shell environments
- verify system integrity and perform intrusion detection
- have a common sudo policy across your server farm
- manage sudo policies via LDAP
- log and debug sudo
- log and replay full sudo sessions
- use authentication systems other than passwords