Manualshelf

User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE
41424344454647484950
Chapter 2. Securing Your Network
34
Important
Users of the sudo command should take extra care to log out before walking away from their
machines since sudoers can use the command again without being asked for a password within
a five minute period. This setting can be altered via the configuration file, /etc/sudoers.
The sudo command allows for a high degree of flexibility. For instance, only users listed in the /etc/
sudoers configuration file are allowed to use the sudo command and the command is executed in
the user's shell, not a root shell. This means the root shell can be completely disabled, as shown in
Section 2.1.4.2.1, “Disabling the Root Shell”.
The sudo command also provides a comprehensive audit trail. Each successful authentication is
logged to the file /var/log/messages and the command issued along with the issuer's user name is
logged to the file /var/log/secure.
Another advantage of the sudo command is that an administrator can allow different users access to
specific commands based on their needs.
Administrators wanting to edit the sudo configuration file, /etc/sudoers, should use the visudo
command.
To give someone full administrative privileges, type visudo and add a line similar to the following in
the user privilege specification section:
juan ALL=(ALL) ALL
This example states that the user, juan, can use sudo from any host and execute any command.
The example below illustrates the granularity possible when configuring sudo:
%users localhost=/sbin/shutdown -h now
This example states that any user can issue the command /sbin/shutdown -h now as long as it is
issued from the console.
The man page for sudoers has a detailed listing of options for this file.
2.1.5. Available Network Services
While user access to administrative controls is an important issue for system administrators within an
organization, monitoring which network services are active is of paramount importance to anyone who
administers and operates a Linux system.
Many services under Red Hat Enterprise Linux 6 behave as network servers. If a network service is
running on a machine, then a server application (called a daemon), is listening for connections on one
or more network ports. Each of these servers should be treated as a potential avenue of attack.
2.1.5.1. Risks To Services
Network services can pose many risks for Linux systems. Below is a list of some of the primary issues:
Denial of Service Attacks (DoS) — By flooding a service with requests, a denial of service attack
can render a system unusable as it tries to log and answer each request.