7.1.1.6. Authorize Access to Security FunctionsΒΆ
One of the main mechanisms to control access to security functions is the use of sudo. SIMP installs the following sudo rules:
| Account | Sudo Commands | Run As Account | Password Required |
|---|---|---|---|
| administrators | /bin/su - root -l | root | no |
| administrators | /usr/sbin/puppetd | root | no |
| administrators | /usr/sbin/puppetca | root | no |
| administrators | /bin/rm -rf /var/lib/puppet/ssl | root | no |
| auditors | /bin/cat, /bin/ls, /usr/bin/lsattr, /sbin/aureport, /sbin/ausearch, /sbin/lspci, /sbin/lsusb, /sbin/lsmod, /usr/sbin/lsof, /bin/netstat, /sbin/ifconfig -a, /sbin/route, /sbin/route -[venC], /usr/bin/getent, /usr/bin/tail | root | no |
References: AC-6 (1) : AUTHORIZE ACCESS TO SECURITY FUNCTIONS