mirror of
https://github.com/ovh/debian-cis.git
synced 2025-06-21 18:23:42 +02:00
Add sudo management in main and utils
* perform readonly checks as a regular user * sudo -n is used for checks requiring root privileges * increase accountability by providing log of individual access to sensitive files
This commit is contained in:
23
cisharden.sudoers
Normal file
23
cisharden.sudoers
Normal file
@ -0,0 +1,23 @@
|
||||
Cmnd_Alias SCL_CMD = /bin/grep ,\
|
||||
/bin/zgrep,\
|
||||
/bin/cat,\
|
||||
/usr/bin/stat,\
|
||||
/usr/bin/getent,\
|
||||
/usr/bin/[,\
|
||||
/bin/ls,\
|
||||
/usr/bin/find,\
|
||||
! /usr/bin/find *-exec*, \
|
||||
! /usr/bin/find *-delete*,\
|
||||
/usr/bin/apt-get update -y,\
|
||||
/usr/bin/apt-get upgrade -s,\
|
||||
/usr/bin/cut,\
|
||||
/sbin/iptables -nL,\
|
||||
/sbin/iptables -nL *,\
|
||||
/sbin/sysctl net.*,\
|
||||
/sbin/sysctl fs.*,\
|
||||
/sbin/sysctl kernel.*,\
|
||||
/sbin/sysctl -a,\
|
||||
/bin/dmesg "",\
|
||||
/bin/netstat
|
||||
|
||||
cisharden ALL = (root) NOPASSWD: SCL_CMD
|
Reference in New Issue
Block a user