Author Topic: For developer team - sudo and perl binary  (Read 351 times)

Sysnet

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
For developer team - sudo and perl binary
« on: October 28, 2019, 05:41:32 pm »
Hi there, I need a control panel with high features related to security

I check the Zentyal Server Development Edition source code and to run system shell command the user who run the control panel has to be add to group sudo or admin, is this correct?

If that correct, the group admin has this privileges

Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

So in case the Web server process gets hijacked through some vulnerability, they can have privileges like root because the group admin

please see this mention related to perl binary
https://security.stackexchange.com/questions/219989/sudo-white-list-just-program-perl

Now my main question, does the Zentyal commercial version has different functionality related to sudo?

doncamilo

  • Zen Samurai
  • ****
  • Posts: 392
  • Karma: +112/-1
    • View Profile
Re: For developer team - sudo and perl binary
« Reply #1 on: October 29, 2019, 02:58:03 pm »
 :)

Hi... I'm a user but...

In relation with the administrator account, yes,  It has to have administrative rights and these are granted to him through "sudo".
Webadmin uses https protocol, so, the traffic couldn't be easily deciphered for session hijacking purposes.
In addition, If I need manage my domains from the Internet with webadmin I do it through a VPN (actually my webadmins are only accessible from the internal interfaces). Considere to use fail2ban too.
A competent sysadmin can configure a Zentyal system in order to keep secured against the most usual authomatized attacks, but, personally, I don't believe myself so good as sysadmin to fight against a true motivated hacker, but this is true for Zentyal and any other system. If you need the higher security degrees, the key point is the sysadmin, not the system itself.

Cheers!
« Last Edit: October 29, 2019, 04:14:04 pm by doncamilo »
"Tanta salud goces como bondad abrigues en tu corazón"

Don Camilo.

"That place... is strong with the
dark side of the Force.  A domain
of evil it is.  In you must go."

Yoda.