Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Practical Linux Security Cookbook

You're reading from   Practical Linux Security Cookbook Secure your Linux machines and keep them secured with the help of exciting recipes

Arrow left icon
Product type Paperback
Published in Apr 2016
Publisher Packt
ISBN-13 9781785286421
Length 276 pages
Edition 1st Edition
Tools
Arrow right icon
Authors (2):
Arrow left icon
Michael A Lindner Michael A Lindner
Author Profile Icon Michael A Lindner
Michael A Lindner
Tajinder Kalsi Tajinder Kalsi
Author Profile Icon Tajinder Kalsi
Tajinder Kalsi
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. Linux Security Problems 2. Configuring a Secure and Optimized Kernel FREE CHAPTER 3. Local Filesystem Security 4. Local Authentication in Linux 5. Remote Authentication 6. Network Security 7. Security Tools 8. Linux Security Distros 9. Patching a Bash Vulnerability 10. Security Monitoring and Logging Index

Making use of sudoers – configuring sudo access

Whenever the system administrator wants to provide trusted users administrative access to the system without sharing the password of the root user, they can do so using the sudo mechanism.

Once the user is given access using the sudo mechanism, they can execute any administrative command by preceding it with sudo. Then, the user will be asked to enter their own password. After this, the administrative command will be executed in the same way as run by the root user.

Getting ready

As the file for the configuration is predefined and the commands used are inbuilt, nothing extra needs to be configured before starting these steps.

How to do it…

  1. We will first create a normal account and then give it sudo access. Once done, we will be able to use the sudo command from the new account and then execute the administrative commands. Follow the steps given to configure the sudo access. Firstly, use the root account to login to the system. Then, create a user account using the useradd command, as shown in the following figure:
    How to do it…

    Replace USERNAME with any name of your choice in the preceding command.

  2. Now, using the passwd command, set a password for the new user account.
    How to do it…
  3. Edit the /etc/sudoers file by running visudo. The policies applied when using the sudo command are defined by the /etc/sudoers file.
    How to do it…
  4. Once the file is open in the editor, search for the following lines, which allow sudo access to the users in the test group:
    How to do it…
  5. We can enable the given configuration by deleting the comment character (#) at the beginning of the second line. Once the changes are made, save the file and exit from the editor. Now, using the usermod command, add the previously created user to the test group.
    How to do it…
  6. We need to check whether the configuration shown in the preceding screenshot allows the new user account to run commands using sudo.
  7. To switch to the newly created user account, use the su option.
    How to do it…
  8. Now, use the groups command to confirm the presence of the user account in the test group.
    How to do it…

    Finally, run the whoami command with sudo from the new account. As we have executed a command that uses sudo for the first time, using this new user account, the default banner message will be displayed for the sudo command. The screen will also ask for the user account password to be entered.

    How to do it…
  9. The last line of the preceding output is the username returned by the whoami command. If sudo is configured correctly, this value will be root.

You have successfully configured a user with sudo access. You can now log in to this user account and use sudo to run commands the same way as you would from the root user.

How it works…

When we create a new account, it does not have permission to run administrator commands. However, after editing the /etc/sudoers file and making an appropriate entry to grant sudo access to the new user account, we can start using the new user account to run all the administrator commands.

There's more…

Here is an extra measure that you can take to ensure total security.

Vulnerability assessment

A vulnerability assessment is the process of auditing our network and system security through which we can know about the confidentiality, integrity, and availability of our network. The first phase in the vulnerability assessment is reconnaissance, and this further leads to the phase of system readiness in which we mainly check for all known vulnerabilities in the target. The next phase is reporting, where we group all the vulnerabilities found into categories of low, medium, and high risk.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime