sudo命令用於給普通用戶提供額外權利來完成原本只有超級用戶才有權限完成的任務,
格式:sudo [參數] 命令名稱
sudo命令與su命令的區別是,su命令允許普通用戶完全變更為超級管理員的身份,但
如此一來便增加了安全隱患,而使用sudo命令可以僅將特定的命令/程序執行權限賦予
指定的用戶。
sudo命令的特色:
1:限制用戶執行指定的命令 2:記錄用戶執行的每一條命令 3:驗證過密碼后5分鍾(默認值)內無需再讓用戶驗證密碼,更加方便。
sudo程序的配置文件為/etc/sudoers,只有超級用戶可以使用visudo編輯該文件。
實例1:使用visudo命令編輯sudo程序的配置文件,在第99行添加參數允許pentest用戶
能夠從任意主機執行任意命令的參數。
1 ## Sudoers allows particular users to run various commands as 2 ## the root user, without needing the root password. 3 ## 4 ## Examples are provided at the bottom of the file for collections 5 ## of related commands, which can then be delegated out to particular 6 ## users or groups. 7 ## 8 ## This file must be edited with the 'visudo' command. 9 10 ## Host Aliases 11 ## Groups of machines. You may prefer to use hostnames (perhaps using 12 ## wildcards for entire domains) or IP addresses instead. 13 # Host_Alias FILESERVERS = fs1, fs2 14 # Host_Alias MAILSERVERS = smtp, smtp2 15 16 ## User Aliases 17 ## These aren't often necessary, as you can use regular groups 18 ## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname 19 ## rather than USERALIAS 20 # User_Alias ADMINS = jsmith, mikem 21 22 23 ## Command Aliases 24 ## These are groups of related commands... 25 26 ## Networking 27 # Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool 28 29 ## Installation and management of software 30 # Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum 31 32 ## Services 33 # Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig, /usr/bin/systemctl start, /usr/bin/systemctl stop, /usr/bin/systemctl reload, /usr/bin/systemctl restart, /usr/bin/systemctl status, /usr/bin/systemctl enable, /usr/bin/systemctl disable 34 35 ## Updating the locate database 36 # Cmnd_Alias LOCATE = /usr/bin/updatedb 37 38 ## Storage 39 # Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount 40 41 ## Delegating permissions 42 # Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp 43 44 ## Processes 45 # Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall 46 47 ## Drivers 48 # Cmnd_Alias DRIVERS = /sbin/modprobe 49 50 # Defaults specification 51 52 # 53 # Disable "ssh hostname sudo <cmd>", because it will show the password in clear. 54 # You have to run "ssh -t hostname sudo <cmd>". 55 # 56 Defaults requiretty 57 58 # 59 # Refuse to run if unable to disable echo on the tty. This setting should also be 60 # changed in order to be able to use sudo without a tty. See requiretty above. 61 # 62 Defaults !visiblepw 63 64 # 65 # Preserving HOME has security implications since many programs 66 # use it when searching for configuration files. Note that HOME 67 # is already set when the the env_reset option is enabled, so 68 # this option is only effective for configurations where either 69 # env_reset is disabled or HOME is present in the env_keep list. 70 # 71 Defaults always_set_home 72 73 Defaults env_reset 74 Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS" 75 Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" 76 Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES" 77 Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" 78 Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" 79 80 # 81 # Adding HOME to env_keep may enable a user to run unrestricted 82 # commands via sudo. 83 # 84 # Defaults env_keep += "HOME" 85 86 Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin 87 88 ## Next comes the main part: which users can run what software on 89 ## which machines (the sudoers file can be shared between multiple 90 ## systems). 91 ## Syntax: 92 ## 93 ## user MACHINE=COMMANDS 94 ## 95 ## The COMMANDS section may have other options added to it. 96 ## 97 ## Allow root to run any commands anywhere 98 root ALL=(ALL) ALL 99 pentest ALL=(ALL) ALL 100 ## Allows members of the 'sys' group to run networking, software, 101 ## service management apps and more. 102 # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS 103 104 ## Allows people in group wheel to run all commands 105 %wheel ALL=(ALL) ALL 106 107 ## Same thing without a password 108 # %wheel ALL=(ALL) NOPASSWD: ALL 109 110 ## Allows members of the users group to mount and unmount the 111 ## cdrom as root 112 # %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom 113 114 ## Allows members of the users group to shutdown this system 115 # %users localhost=/sbin/shutdown -h now 116 117 ## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment) 118 #includedir /etc/sudoers.d [root@localhost ~]#
切換到pentest用戶查看可以執行的命令,提示為ALL,即可以執行所有超級管理員的命令。
[root@localhost ~]# su - pentest 上一次登錄:五 9月 9 13:29:34 CST 2016pts/1 上 [pentest@localhost ~]$ sudo -l [sudo] password for pentest: 匹配此主機上 pentest 的默認條目: requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin 用戶 pentest 可以在該主機上運行以下命令: (ALL) ALL
使用普通ls命令來查看/root文件夾出現“權限不夠”,然后使用sudo ls后便可以查看了。
[pentest@localhost ~]$ ls /root/ ls: 無法打開目錄/root/: 權限不夠 [pentest@localhost ~]$ sudo ls /root/ [sudo] password for pentest: anaconda-ks.cfg testA testC 公共 視頻 文檔 音樂 initial-setup-ks.cfg testB yum 模板 圖片 下載 桌面 [pentest@localhost ~]$
實例2:僅允許pentest以root身份執行cat命令
pentest用戶先以普通權限cat文件/etc/shadow發現權限不夠
[pentest@localhost ~]$ cat /etc/shadow cat: /etc/shadow: 權限不夠
切換至root用戶給予pentest用戶cat權限 [pentest@localhost ~]$ su - root 密碼: 上一次登錄:五 9月 9 14:12:10 CST 2016pts/1 上 [root@localhost ~]# visudo [root@localhost ~]# su - pentest 上一次登錄:五 9月 9 14:12:30 CST 2016pts/1、 上
賦予執行cat權限
[root@localhost ~]# visudo
root ALL=(ALL) ALL
pentest ALL=(root) /bin/cat
繼續使用普通cat確認是否可以查看/etc/shadow提示權限不夠 [pentest@localhost ~]$ cat /etc/shadow cat: /etc/shadow: 權限不夠
使用sudo cat查看/etc/shadow發現可以查看了。 [pentest@localhost ~]$ sudo cat /etc/shadow root:$6$Y6LHG5EEAGs3JMUM$jcEE.RZgMF9mO/xiPVA522l1Ek8JZ2Nkl.9nCBuiUWAH/.F84Kj6XyNxbuecW1M4BNGpryB/10Ncp.EGu9VhZ/::0:99999:7::: bin:*:16579:0:99999:7::: daemon:*:16579:0:99999:7::: adm:*:16579:0:99999:7::: lp:*:16579:0:99999:7::: sync:*:16579:0:99999:7::: shutdown:*:16579:0:99999:7::: halt:*:16579:0:99999:7::: mail:*:16579:0:99999:7::: operator:*:16579:0:99999:7::: games:*:16579:0:99999:7::: ftp:*:16579:0:99999:7::: nobody:*:16579:0:99999:7::: avahi-autoipd:!!:17050:::::: ods:!!:17050:::::: pegasus:!!:17050:::::: systemd-bus-proxy:!!:17050:::::: systemd-network:!!:17050:::::: dbus:!!:17050:::::: polkitd:!!:17050:::::: sssd:!!:17050:::::: colord:!!:17050:::::: apache:!!:17050:::::: tss:!!:17050:::::: unbound:!!:17050:::::: usbmuxd:!!:17050:::::: abrt:!!:17050:::::: amandabackup:!!:17050:::::: saslauth:!!:17050:::::: libstoragemgmt:!!:17050:::::: geoclue:!!:17050:::::: memcached:!!:17050:::::: rpc:!!:17050:0:99999:7::: postfix:!!:17050:::::: setroubleshoot:!!:17050:::::: rtkit:!!:17050:::::: chrony:!!:17050:::::: mysql:!!:17050:::::: qemu:!!:17050:::::: ntp:!!:17050:::::: rpcuser:!!:17050:::::: nfsnobody:!!:17050:::::: radvd:!!:17050:::::: named:!!:17050:::::: pcp:!!:17050:::::: pulse:!!:17050:::::: hsqldb:!!:17050:::::: tomcat:!!:17050:::::: pkiuser:!!:17050:::::: gdm:!!:17050:::::: gnome-initial-setup:!!:17050:::::: avahi:!!:17050:::::: postgres:!!:17050:::::: dovecot:!!:17050:::::: dovenull:!!:17050:::::: sshd:!!:17050:::::: oprofile:!!:17050:::::: tcpdump:!!:17050:::::: pentest:$6$6U3Z2n.sd63M32ZS$tzQJg852/1G3Mw7uv1.Ipbh.lOusvfd47Ih52xxku7okBBb/nu.Vn5V4mB50SSCMfaspqeGSDLcPM7XdgLE2w/::0:99999:7::: [pentest@localhost ~]$