New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

securityonion-sudoers: remove secure_path #1040

Closed
dougburks opened this Issue Dec 21, 2016 · 3 comments

Comments

Projects
None yet
1 participant
@dougburks
Contributor

dougburks commented Dec 21, 2016

No description provided.

@dougburks dougburks changed the title from securityonion-sudoers: update secure_path to include /snap/bin to securityonion-sudoers: remove secure_path Dec 21, 2016

@dougburks

This comment has been minimized.

Show comment
Hide comment
@dougburks

dougburks Dec 21, 2016

Contributor

This package was created here:
https://groups.google.com/d/topic/security-onion-testing/Vmgc2Pr43Vs/discussion

The original motivation was user convenience, allowing the user to type "sudo broctl" instead of "sudo /opt/bro/bin/broctl". This setting needs to be removed now for a few reasons:

  • Ubuntu recently updated the default secure_path setting but that setting was being overridden by our setting. By removing our setting, we allow the standard default to take effect.

  • We're adding a new script /usr/sbin/broctl (#1043) that will run /opt/bro/bin/broctl as a limited user. So now when a user types "sudo broctl" it will do the right thing with the default Ubuntu secure_path setting.

Contributor

dougburks commented Dec 21, 2016

This package was created here:
https://groups.google.com/d/topic/security-onion-testing/Vmgc2Pr43Vs/discussion

The original motivation was user convenience, allowing the user to type "sudo broctl" instead of "sudo /opt/bro/bin/broctl". This setting needs to be removed now for a few reasons:

  • Ubuntu recently updated the default secure_path setting but that setting was being overridden by our setting. By removing our setting, we allow the standard default to take effect.

  • We're adding a new script /usr/sbin/broctl (#1043) that will run /opt/bro/bin/broctl as a limited user. So now when a user types "sudo broctl" it will do the right thing with the default Ubuntu secure_path setting.

@dougburks

This comment has been minimized.

Show comment
Hide comment
Contributor

dougburks commented Dec 21, 2016

@dougburks

This comment has been minimized.

Show comment
Hide comment

@dougburks dougburks closed this Jan 4, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment