Common sudo permissions in Jumpserver

Others 2020-04-22 15:15:58 views: null

In the jumpserver, the system user needs to be set. It can be directly set as the root user with full permissions, but this risk is also relatively high. The user can create users and delete files, so we need to deal with different employees. , Assign different system users, or each employee establishes a system user, and then set permissions 

 

ALL,!/bin/bash,!/bin/tcsh,!/bin/su,!/usr/bin/passwd,!/usr/bin/passwd root,!/bin/vim /etc/sudoers,!/usr/bin/vim /etc/sudoers,!/usr/sbin/visudo,!/usr/bin/sudo -i,!/bin/bi /etc/ssh/*,!/bin/chmod 777 /etc/*,!/bin/chmod 777 *,!/bin/chmod 777,!/bin/chmod -R 777 *,!/bin/rm /*,!/bin/rm /,!/bin/rm -rf /,!/bin/rm -rf /*,!/bin/rm /etc,!/bin/rm -r /etc,!/bin/rm -rf /etc,!/bin/rm /etc/*,!/bin/rm -r /etc/*,!/bin/rm -rf /etc/*,!/bin/rm /root,!/bin/rm -r /root,!/bin/rm -rf /root,!/bin/rm /root/*,!/bin/rm -r /root/*,!/bin/rm -rf /root/*,!/bin/rm /bin,!/bin/rm -r /bin,!/bin/rm -rf /bin,!/bin/rm /bin/*,!/bin/rm -r /bin/*,!/bin/rm -rf /bin/*

 

Setting a root permission is
simple, just add a root user, and set the permissions of / bin / su, which is equivalent to giving administrator permissions. After logging in to jumpserver, this user can directly perform root operations on the machine .

/bin/su

system user

Parameter description! / Bin / su Disable sudo su-switch to root This is very important, if you don't want them to be able to do sudo su-operation you need to add !/bin/su

!/bin/bash,!/bin/tcsh,!/bin/su,!/usr/bin/passwd,!/usr/bin/passwd root,!/bin/vim /etc/sudoers,!/usr/bin/vim /etc/sudoers,!/usr/sbin/visudo,!/usr/bin/sudo -i,!/bin/bi /etc/ssh/*,!/bin/chmod 777 /etc/*,!/bin/chmod 777 *,!/bin/chmod 777,!/bin/chmod -R 777 *,!/bin/rm /*,!/bin/rm /,!/bin/rm -rf /,!/bin/rm -rf /*,!/bin/rm /etc,!/bin/rm -r /etc,!/bin/rm -rf /etc,!/bin/rm /etc/*,!/bin/rm -r /etc/*,!/bin/rm -rf /etc/*,!/bin/rm /root,!/bin/rm -r /root,!/bin/rm -rf /root,!/bin/rm /root/*,!/bin/rm -r /root/*,!/bin/rm -rf /root/*,!/bin/rm /bin,!/bin/rm -r /bin,!/bin/rm -rf /bin,!/bin/rm /bin/*,!/bin/rm -r /bin/*,!/bin/rm -rf /bin/*

 Login test rules

After we landed a springboard to the machine, the user becomes a huangcong, then need to do is sudo su -switch to an administrator, then perform dangerous operations, you will find, not just delete the root of this dangerous operation.

 

Reference blog:

https://www.cnblogs.com/diantong/p/11444142.html

 

Guess you like

Origin www.cnblogs.com/nsh123/p/12752038.html
Recommended
Ranking
Big Data Development-Flume-Access Hive Data Warehouse Construction Process
Week Twelve blog jobs
Jmeter plug-in PerfMon Metrics Collector installation and use and error resolution
fastjson vulnerability research deserialization (at)
Summary of errors encountered by IDEA using Tomcat
SAP ABAP Excel import data download template example
[SpringBoot] System Description
GPU memory hierarchy (gpu memory hierarchy)
Common Commands in Linux
Flowable process history display modification based on jeecg-boot
Daily
More
2024-08-28(0)
2024-08-27(0)
2024-08-26(0)
2024-08-25(0)
2024-08-24(0)
2024-08-23(0)
2024-08-22(0)
2024-08-21(0)
2024-08-20(0)
2024-08-19(0)

Code World

© 2018 codetd.com