Securing Linux's master sysadmin command: Sudo

There's a new release of the open-source Linux command sudo, and it comes with improved auditing, logging, and security.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

Sudo is one of the most powerful and dangerous tools in the Unix or Linux system administrator's toolbox. With it, an ordinary user can run commands just as if he or she were the superuser or any other user. Now, One Identity, the company behind the utility, has released a new version of sudo, called sudo 1.9, which gives it better auditing, logging, and security than ever before. 

Sudo, thanks in no small part to Randall Munroe's famous xkcd cartoon, is famous. It's also infamous in some circles because it is so easy to make system-destroying blunders such as the classic:

$ sudo rm -rf /

That can destroy an entire server's worth of data. 

But, in the right hands, it's invaluable. As Stan Lee wrote, "With great power comes great responsibility."

Thanks to the new sudo changes, it will be harder -- but still not impossible -- for wet-behind-the-ears developers to still make mistakes. This new "risk-aware" sudo comes with new security and management measures 

These include: 

  • Centralized Logging: Whereas previously, Sudo I/O logs were only stored locally, Sudo 1.9 includes a logging daemon, sudo_logsrvd, which can consolidate and simplify logging. You can use this to implement centralized logging over a secure TLS connection.
  • Rich Auditing: Third-party software providers can leverage the audit plugin to write a third-party plugin to pull detailed data from Sudo sessions, aiding in auditing and best-practice review. For example, an audit plugin can access full details of the invoking user and the full execution environment for the given command.
  • Just-in-time Command Approval: This enables third-party plugins to be written that would provide the ability for administrators the option to enable just-in-time authorizations for Sudo commands adding an additional layer of security. An approval plugin runs after the main security policy (such as sudoers) accepts a command. The approval policy may perform additional checks, potentially interacting with the user. Multiple approval plugins may be specified in the sudo.conf file. Only if all approval plugins succeed will the command be allowed.
  • Python Plugin Support: Sudo 1.9 adds support for third-party Sudo plugins written in Python. Some Python plugins are already available.

"Sudo 1.9 introduces new features that are particularly useful in an enterprise environment. From centralized keystroke logging to a more accessible plugin framework, version 1.9 creates a wealth of new possibilities when it comes to security and compliance" said Todd Miller, the sudo project's developer and maintainer. "Sudo's flexibility and ubiquity make it a key component of a company's identity and access management strategy."

Sudo 1.9 can work in concert with One Identity Privilege Manager for Sudo. This program provides additional enterprise features, such as centralized management. 

Almost all Linux distributions will automatically be automatically updated to this version. If you can't wait, the code's already available on the sudo GitHub repository

Related Stories:

Editorial standards