Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

Advanced Lessons

The remaining lessons are theoretical discussions covering the changes to scripts and leave the reader to consider modification and experimentation as exercises.

These lessons are not designed to be interactive. However, if you work through the sample policies, making changes and trying out the policy files in the same way you did for Lesson 1 through 7, you will extend your understanding of the process, approach, and style required to create policies.

The advanced lessons are:

Lesson 8: Controlling the Execution Environment

This policy file introduces a number of environmental controls that give you greater flexibility and control over the command and user execution environment.

if (cwd != "/usr" && !glob("/usr/*", cwd)) 
   runcwd = "/tmp";

The first uses the runcwd variable which gives you the ability to examine and override the working directory in which the requested command executes. In this example, you allow commands to be run from /usr and its subdirectories, but you run all other commands from /tmp.

if (argc > 2) 
   runargv = range(argv, 0, 2);

You can also control the number of arguments specified on the requested command line. You can examine the number of arguments together with the value of each argument, as well as remove, modify, or supplement them with additional arguments not previously present on the original command line.

runuser = "root"; 
rungroup = "bin"; 
if (command != "hostname") 
   runhost = submithost;

You can also examine the rungroup and the host on which the command is destined to run and override them.

keepenv("TERM", "DISPLAY", "HOME", "TZ", "PWD", "WINDOWID", "COLUMNS", "LINES"); 
setenv("PATH", 
"/usr/ucb:/bin:/usr/bin:/usr/local/bin:/usr/bin/X11:" + 
"/usr/X11/bin:/usr/etc:/etc:/usr/local/etc:/usr/sbin");

Control of the execution environment is vitally important as you can use environment variables to exploit security vulnerabilities in some UNIX® programs, so one aspect of the policy can be to cleanse the execution environment to make sure there is nothing which could be considered unsafe. A common requirement within policy files is to ensure that the PATH is cleansed, removing any user appended paths which may be higher up the search path, where a user-created script may be lurking.

runumask = 022; 
runnice = -4;

You can control many other aspects of the execution environment including the nice value and umask.

Refer to Lesson 8 Sample: Controlling the Execution Environment to see the sample policy used in this lesson.

Lesson 9: Flow Control

This lesson introduces you to another execution control construct using switch(), case and break statements which allow you control which parts of the script are executed.

adminprogs = {"ls", "hostname", "kill", "csh", "ksh", "echo"};

if (command in adminprogs) {
   switch (dayname) {
      case "Mon":
      case "Wed":
      case "Fri":
         adminusers = {"dan", "robyn"};
         break;
      case "Tue":
      case "Thu":
         adminusers = {"robyn", "cory"};
         break;
      default:
         adminusers = {};
   }
   if (user in adminusers) {
      runuser = "root";
      accept;
   }
}

In this example, you use the switch and case statements to control which users are considered to be admin users on any given day of the week. Execution commences when the first case statement matches the condition. It proceeds until it encounters the end of the switch statement or reaches a break statement.

Refer to Lesson 9 Sample: Flow Control to see the sample policy used in this lesson.

Lesson 10: Basic Menus

This final lesson introduces a number of new functions and concepts. It demonstrates the use of a rudimentary menu system which you can present to the user when he enters the adminmenu command.

if(command=="adminmenu") {
   print("========= Admin Menu =========");
   print("1) Add users");
   print("2) Start a backup");
   print("3) Change ownership of a file");
   print("4) Fix line printer queues");
   choice = input("Please choose one: ");

   switch(choice) {
      case "1":
         if(!getstringpasswd("m9xxg7B4.v8Ck", "Type in the adduser
   password: ", 2))
            reject;
         runcommand = "/usr/local/bin/adduser";
         runuser = "root";
         break;
      case "2":
         runcommand = "/usr/local/bin/dobackup";
         runuser = "backup";
         break;
      case "3":
         runcommand = "/usr/bin/chown";
         runuser = "root";
         break;
      case "4":
         runcommand = "/usr/lib/lpadmin";
         runuser = "root";
         break;
      default:
         printf("\"%s\" was not a valid choice. Sorry.\n", choice);
         reject;
   }
   
   if (choice == "3") {
      file_name=input("Please enter the new owner's name then file name: ");
      arguments = split(file_name);
      runargv = insert(arguments, 0, "Spacer");
   }
   print("** Command to be run :", runcommand);
   print("** User to run command as :", runuser);
   accept;
}

This example shows how to gather input from the user, check the value of a literal hard-coded password and manipulate command line arguments. It is purely illustrative of the scope and scale of what you can achieve from within a policy file, although there is much more that has not been covered in this lesson.

Refer to Lesson 10 Sample: Basic Menus to see the sample policy used in this lesson.

Related Documents