Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check for missing HBAC rules for sudo services when sudorules are defined #344

Open
abbra opened this issue Nov 4, 2024 · 2 comments
Open

Check for missing HBAC rules for sudo services when sudorules are defined #344

abbra opened this issue Nov 4, 2024 · 2 comments

Comments

@abbra
Copy link
Contributor

abbra commented Nov 4, 2024

can we do a healthcheck for a case when people have sudo rules but no corresponding hbac rule allowing sudo access? Or this would be too much of a data crunching?
@rcritten
Copy link
Collaborator

rcritten commented Nov 4, 2024

It would involve a couple of searches, or one jumbo one. It depends on the indexing. I can run a test with a lot of sudo and hbac rules to see what the etimes are.

I think what we're looking for is:

  • one or more sudo rules
  • HBAC rules with sudo or sudo-l as a service OR servicecat=all

@abbra
Copy link
Contributor Author

abbra commented Nov 4, 2024

right. One complicating thing is the case where sudo rules are targeting hosts that HBAC rules with sudo or sudo-l are not targeting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@abbra @rcritten