[op00to]

A big part of sudo is that you should be running individual commands using sudo to increase auditability rather than simply running sudo bash or whatever.

[aaaronic]

I can agree with that, though admit to being guilty of using sudo bash far more often than I should.

I honestly thought they’d be using ssh that way (single command at a time), though I’m still not sure to what security end.

[mmh0000]

If ‘sudo’ is properly configured running bash or anything that allows command execution (vim, eMacs, etc) is disallowed.

Also, may I introduce you to the ‘sudo -i’ option.

[dns_snek]

> If ‘sudo’ is properly configured running bash or anything that allows command execution (vim, eMacs, etc) is disallowed.

Keep in mind that this is borderline impossible to enforce unless your goal is just to stop the most common ways of accidentally breaking the policy. A list of commands that allows breaking out into a full shell includes: less, apt, man, nano, wget & many more.

https://gtfobins.github.io/#+shell

[acka]

> eMacs

This made me chuckle. Apple influencing the way Emacs is capitalized (pun intended) versus RMS's stance on Free Software couldn't be further apart I think.

[mmh0000]

You're correct there! Wrote that up on my tiny Apple device and really couldn't be bothered to correct Apple's spellcheck. Text editing from a 5in touchscreen is very painful.

[op00to]

I sudo bash a lot as well. Some times I regret it when I try to figure out what the hell I did months ago. :)

[dmw_ng]

It's comical to see the sudo codebase mentioned in the same breath as increasing auditability here

[kiririn]

Auditd and pam_tty_audit can take care of all your auditing needs

[op00to]

Sure! All part of layered controls and reporting.