Hi all,
I would like to use Grsecurity RBAC model to protect some files of my servers (daemons and their config files).
However I am facing a problem.
When installing servers, we are using masters to have the same image deployed everywhere.
Then, to deploy software, we are using scripts to copy both binaries and configuration files from a master to the server.
Therefore, I need my "installation" user to by able to write files in folders like /etc.
In addition, my "installation user" shall also be able to remove some files for maintenance purpose in the same folder.
Thus, my "installation" user needs to have write access to folder such as /etc.
Is there a way to prevent an attacker that reached Root user, to switch (su) to "installation" user and modify my config files ?
In such a non-interactive administration, i don't know if it is possible to use the gr administrator profile...
Hope it was clear enough.
Thanks
Non-interactive server administration
2 posts
• Page 1 of 1
Non-interactive server administration
by evilangel » Thu Nov 27, 2008 12:51 pm
- evilangel
- Posts: 59
- Joined: Thu May 15, 2008 7:57 pm
Re: Non-interactive server administration
by evilangel » Mon Dec 15, 2008 10:13 am
I am still wondering about the problem.
I am maybe not taking it the good way.
I could administrate my server directly using the RBAC administrator account instead of the "installation" user.
In such case, is it possible to open a SSH session under RBAC admin account ?
Or you have to log, and then "upgrade" your profile to RBAC admin account ?
Thanks
I am maybe not taking it the good way.
I could administrate my server directly using the RBAC administrator account instead of the "installation" user.
In such case, is it possible to open a SSH session under RBAC admin account ?
Or you have to log, and then "upgrade" your profile to RBAC admin account ?
Thanks
- evilangel
- Posts: 59
- Joined: Thu May 15, 2008 7:57 pm
2 posts
• Page 1 of 1