9.1.1.6. Authorize Access to Security FunctionsΒΆ
One of the main mechanisms to control access to security functions is the use of sudo. SIMP installs the following sudo rules:
Account |
Sudo Commands |
Run As Account |
Password Required |
---|---|---|---|
administrators |
/bin/su - root -l |
root |
no |
administrators |
/usr/sbin/puppetd |
root |
no |
administrators |
/usr/sbin/puppetca |
root |
no |
administrators |
/bin/rm -rf /var/lib/puppet/ssl |
root |
no |
auditors |
/bin/cat, /bin/ls, /usr/bin/lsattr, /sbin/aureport, /sbin/ausearch, /sbin/lspci, /sbin/lsusb, /sbin/lsmod, /usr/sbin/lsof, /bin/netstat, /sbin/ifconfig -a, /sbin/route, /sbin/route -[venC], /usr/bin/getent, /usr/bin/tail |
root |
no |
References: AC-6 (1) : AUTHORIZE ACCESS TO SECURITY FUNCTIONS