|
|
|
|
|
|
by kotakanbe
3554 days ago
|
|
|
SUDO with Password via ssh is technologically possible. http://askubuntu.com/questions/470383/how-to-avoid-prompt-pa... But there is a problem with sudo with password via ssh. For example... userA .... 'watch w' on serverA
userB ... 'ssh serverA echo sudopassword | sudo -S command'
userA can steal of root password on ServerA because plain sudo password is displayed by w command.So, I disable -ask-sudo-password for security reasons.
https://github.com/future-architect/vuls/pull/148 I recommend to define minimum commands in /etc/sudoers on target servers. CentOS, RHEL
vuls ALL=(root) NOPASSWD: /usr/bin/yum, /bin/echo
Ubuntu, Debian
vuls ALL=(root) NOPASSWD: /usr/bin/apt-get, /usr/bin/apt-cache
Vuls can scan without root on FreeBSD and Amazon Linux.
|
|
|