securityonion-sudoers: remove secure_path #1040

Closed
dougburks opened this Issue Dec 21, 2016 · 3 comments

Projects

None yet

1 participant

@dougburks
Contributor

No description provided.

@dougburks dougburks changed the title from securityonion-sudoers: update secure_path to include /snap/bin to securityonion-sudoers: remove secure_path Dec 21, 2016
@dougburks
Contributor
dougburks commented Dec 21, 2016 edited

This package was created here:
https://groups.google.com/d/topic/security-onion-testing/Vmgc2Pr43Vs/discussion

The original motivation was user convenience, allowing the user to type "sudo broctl" instead of "sudo /opt/bro/bin/broctl". This setting needs to be removed now for a few reasons:

  • Ubuntu recently updated the default secure_path setting but that setting was being overridden by our setting. By removing our setting, we allow the standard default to take effect.

  • We're adding a new script /usr/sbin/broctl (#1043) that will run /opt/bro/bin/broctl as a limited user. So now when a user types "sudo broctl" it will do the right thing with the default Ubuntu secure_path setting.

@dougburks dougburks closed this Jan 4, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment