Wednesday, February 20, 2013

Securing Sudo: Take Advice With A Grain of Salt



Adopting new security procedures in Linux based on online advice can be like conversing with a bipolar person; you never know what you're going to get and sometimes you'll do something that you'll spend hours trying to figure out (no disrespect to those affected by bipolar disorder).

For instance, I was doing my daily browse through Google and I came across an interesting concept on Ubuntu's forums. The concept was that of securing "sudo". If you're new to Linux, sudo is a command that allows users to access files with the permissions of other users. The most obvious use for this is editing root files (like u ncomplicated f irewall w all settings). So being the curious person that I am, I delved deeper and found this:

“sudo” allows you to run a single command as a different users, usually root. If , for example, you take a glance at the Ubuntu community forums, you’ll see the place crowded with commands like “sudo aptitude install kubuntu-desktop”. “sudo” then prompts you for a password. Unforunately this password is the password or your current user! So if your account gets compromised, so does every other account on that computer. The only other security measure is the file “/etc/sudoers” (on Mac “/private/etc/sudoers”) which contains a list of every user allowed to use “sudo” and a list of options.
While “sudo” prompts you for your own password “su” will asl for the password of the user you want to become (the default is again root). This of course is much more secure. The drawback is, that by using the “su” command, you will become that user for as long as you wish which is again rather unsafe.
The trick
But it wouldn’t be Unix of you couldn’t change that! So here is whate we are going to do:
“visudo”
Look for a line beginning with “Defaults”, like “Defaults    env_reset”
Below that line add “Defaults    targetpw”
Save and quit
From now on “sudo” will ask you for the password of the target user by that combining the strengths of both “sudo” and “su”!
 source

Ok, sounds good. This person is telling me how to add a layer to my security. What's the issue? Well, you could start with the fact that he/she makes the assumption that the reader knows that this process will enable the root account (disabled by default in distro's like Ubuntu). There's also the awful assumption that the user has set a root password. Not setting a root password means 0 root access when logged in. Zip, zilch, nada. What can the reader do? Probably, most will complain. After all, screwing up the sudoers file can break a number of processes, including updates and daemons like the aforementioned ufw (what happens if firewall rules are breaking your connection?). This should have been noted. Not just to make it easier, but because it's common practice. But don't panic because the fix is relatively simple.

Keep in mind the theory behind disabling the root account: Disabling the root account = one less account to worry about. It's simple. Plus, if an attacker is smart they'll find a way to compromise your root account anyway. On the contrary, setting a password MAY buy you extra time in order to combat the problem. So the argument has two sides. If you feel comfortable enabling root, read on.

First, in order to change the root password we want to attain root level privileges. So open a terminal and type "sudo su".

Next, we want to set our root password. The theory remains the same: If our default password (i.e. the one you set on YOUR account) is compromised, an attacker can pwn us into oblivion. So we want to type:


Type your password twice and you're good to go. But please, and I can't stress this enough. Make sure your password is easy to remember and do not write it down!
If you encounter any authentication token errors, type this:


So now we have a root password, which was the whole battle. Using the above article, we can finally reference the password. But let's assume for a moment you followed the article (shame on you :[). What would happen? You wouldn't have root privileges. It's as simple as that. But luckily for us, there's another fix:

If you have root privileges in a terminal, don't exit! You can skip the optional step below.

(optional) Via your GRUB or Lilo menu, select recovery mode. Usually, the option will be prefaced with your kernel version, with (recovery mode) at the end. Once in recovery mood, select drop to root shell. (aha, root privileges)

Regardless of the above step, we want a backup of our current sudoers file:

Now that our backup is created, we can simply type:


 4.) Remove the line Defaults targetpw, hit ctrl x, y and enter. We can now follow the above article. And perhaps more importantly, you won't have to reinstall. :)

The takeaway: Don't trust all procedures, especially when they have the potential to break other (core) procedures. Know what you're doing and why. If answering any of these is impossible, it's best to research what you can't answer.
    Posted by at
    Labels: , , , , ,

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)