Four Hidden Costs and Risks of Sudo Can Lead to Cybersecurity Risks and Compliance Problems on Unix and Linux Servers

Chad Erbe — Fri, 20 Oct 2017 15:19:36 +0000

Sponsored Post:

It is always a philosophical debate as to whether to use open source software in a regulated environment. Open source software is crowd sourced, and developers from all over the world contribute to packages that are later included in Operating System distributions. In the case of ‘sudo’, a package designed to provide privileged access included in many Linux distributions, the debate is whether it meets the requirements of an organization, and to what level it can be relied upon to deliver compliance information to auditors.

There are four hidden costs or risks that must be considered when evaluating whether sudo is meeting your organization’s cybersecurity and compliance needs on its Unix and Linux systems, including administrative, forensics and audit, business continuity, and vendor support. Although sudo is a low-cost solution, it may come at a high price in a security program, and when an organization is delivering compliance data to satisfy auditors. In this article, we will review these areas while identifying key questions that should be answered to measure acceptable levels of risk. While every organization is different, there are specific risk/cost considerations that make a strong argument for replacing sudo with a commercially-supported solution.

Administrative Costs
There are several hidden administrative costs is using sudo for Unix and Linux privilege management. For example, with sudo, you also need to run a third-party automation management system (like CFEngine or Puppet) plus third party authentication modules on the box. And, if you plan to externalize the box at all, you’re going to have to replace sudo with that supplier’s version of sudo. So, you end up maintaining sudo, a third-party management system, a third-party automation system, and may have to replace it all if you want to authenticate against something external to the box. A commercial solution would help to consolidate this functionality and simplify the overall management of Unix and Linux servers.

Another complexity with sudo is that everything is local, meaning it can be extremely time-consuming to manage as environments grow. And as we all know, time is money. With sudo, you have to rely on local systems on the server to keep logs locally, rotate them, send them to an archival environment, and ensure that no one is messing with any of the other related subsystems. This can be a complex and time-consuming process. A commercial solution would combine all of this activity together, including binary pushes and retention, upgrades, logs, archival, and more.

Go to Full Article

Quick Tip: Setup Ubuntu-style Sudo on other Distributions

Michael Reed — Fri, 22 Oct 2010 15:11:44 +0000

by Michael Reed

Ubuntu's sudo command is something that I miss when I'm using other distributions. For the uninitiated, when using Ubuntu, you can execute privileged commands as the root user by prefacing them with sudo. This saves having to log in as root, do your work and then log out again (or if you're like me, forget to log out and keep doing things as root). Fortunately, it's a cinch to add the functionality to other distributions such as Debian or Fedora.

Here's a funny thing (well, I found it amusing): If you attempt to execute a command using sudo on, say, stock Debian, before being prompted for your password, you are issued a stern warning:

We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.

#2) Think before you type.

#3) With great power comes great responsibility.

Once you've got over the lecture and you enter the password, you quickly learn that other distributions don't handle sudo in quite the same way as Ubuntu.

[username] is not the in the sudoers file. This incident will be reported.

Eek! The Debian Police didn't actually turn up at my house on this occasion, and although I did notice a helicopter circling above my house for a while, it might have been a coincidence.

To add Ubuntu-style functionality you need to edit the file /etc/sudoers

Obviously you can't use sudo yet, so make youtself root by typing

su

Then, use your favorite text editor to open up /etc/sudoers. For example, under Debian type

nano /etc/sudoers

Scroll down until you find the line

root ALL=(ALL) ALL

and underneath, add the line

[your username] ALL=(ALL) ALL

substituting [your username] as appropriate. Save the file and exit the editor. Once you've done this, test things out by executing a command that requires root privileges. Under Debian, I ran:

sudo apt-get update

and sure enough, the command ran with root privileges. As with Ubuntu, it caches your password for a while, so you don't have to keep re-entering it for every command.

Go to Full Article