Add sudo management in main and utils

* perform readonly checks as a regular user * sudo -n is used for checks requiring root privileges * increase accountability by providing log of individual access to sensitive files
2025-06-23 19:14:34 +02:00 · 2017-11-09 15:45:42 +01:00
parent a3937b3183
commit b1f85d3f99
30 changed files with 187 additions and 53 deletions
--- a/cisharden.sudoers
+++ b/cisharden.sudoers
@ -0,0 +1,23 @@
+Cmnd_Alias SCL_CMD =    /bin/grep ,\
+                        /bin/zgrep,\
+                        /bin/cat,\
+                        /usr/bin/stat,\
+                        /usr/bin/getent,\
+                        /usr/bin/[,\
+                        /bin/ls,\
+                        /usr/bin/find,\
+                        ! /usr/bin/find *-exec*, \
+                        ! /usr/bin/find *-delete*,\
+                        /usr/bin/apt-get update -y,\
+                        /usr/bin/apt-get upgrade -s,\
+                        /usr/bin/cut,\
+                        /sbin/iptables -nL,\
+                        /sbin/iptables -nL *,\
+                        /sbin/sysctl net.*,\
+                        /sbin/sysctl fs.*,\
+                        /sbin/sysctl kernel.*,\
+                        /sbin/sysctl -a,\
+                        /bin/dmesg "",\
+                        /bin/netstat
+
+cisharden ALL = (root) NOPASSWD: SCL_CMD