Return
-
Title
What sudo permissions are required on Linux/Unix assets in Safeguard? -
Description
What sudo permissions are required on Linux/Unix assets in Safeguard? -
Resolution
1. Ensure that the service account can run the following list of commands with root privileges without prompting for a password.
Linux and most Unix-based systems:egrepgreppasswd
usermod (If suspending account after check in)
AIX:sedgreppasswdpwdadm
Mac OS X:dsclpasswd
For example, the entries for the various targets are below:
# Linux/Unix systemsservice_acct ALL=(root) NOPASSWD: /bin/grep, /usr/bin/passwd, /bin/egrep
# AIX systemsservice_acct ALL=(root) NOPASSWD: /bin/sed, /usr/bin/passwd, /usr/bin/pwdadm, /bin/egrep# MacOSXservice_acct ALL=(root) NOPASSWD: /usr/bin/dscl, /usr/bin/passwd
2. Ensure that sudo is set in the Privilege Escalation Command