adm cdrom sudo dip plugdev
To increase the system security a little bit further add another user with a
different password and uncheck all the group memberships.This way an attacker must know the username of the power user first and than the different password.Furthermore if something with the least privilege gets compromized a direct sudo
can't be run.
Let's say we have two users: brick (power user) and wall (least privilege user)
In order to run: sudo apt-get update && sudo apt-get dist-upgrade,
you will have to su to brick first after which you have to enter another password
to be able to run whatever sudo command.
eg: su brick
passwd:
brick@blah-blah :/home/wall$
and then you can you can run something like: sudo apt-get update && sudo dist-upgrade or sudo psad -L or sudo psad -S.
Geen opmerkingen:
Een reactie posten