Using Sudo for root delegation
You can choose the Sudo root delegation tool when configuring a Unix
authentication record. Just configure the file /etc/sudoers to allow the
user account provided in the Unix authentication record to execute commands
with root access on the hosts to be scanned.
should I use?
This depends on the type
of scanning you plan to do. We recommend you review what
credentials are needed for scanning.
How does root delegation
When Sudo is properly configured
within a Unix record, Unix authentication to hosts in the record works
like this 1) we'll authenticate to the hosts using the login credentials
provided in the record (user name and password, RSA key or DSA key), 2)
we'll execute the command "sudo su -" to obtain root authority,
and 3) we'll perform commands with root authority and complete the scan.
Do I need to get
Sudo may already be installed
on your Unix system since it is included in many distributions by default.
Sudo is not a standard part of all Unix distributions so you may need
to install it. You can download it from http://www.sudo.ws.
How do I configure
the "sudoers" file?
Add /bin/su to the sudoers file to allow the user to
execute /bin/su in order to gain elevated privileges. One method for setting
this up in your sudoers file is to create a command alias for the /bin/su
command and then grant the privilege to run this command to the user account.
In the example below, "scanuser" is the account user name
you supply in the Unix authentication record:
Cmnd alias specification
User privilege specification
Using the NOPASSWD
it is recommended that you use the NOPASSWD option (in your sudoers file)
to avoid unnecessary exposure of the password. If the NOPASSWD option
is enabled you must still provide valid login credentials in the Unix
authentication record for the initial authentication.
Keep in mind if NOPASSWD option is Not Enabled
(in your sudoers file), then you must include the password in the Unix
authentication record login credentials section.
Still have questions?
Please refer to your sudoers documentation for information on proper