Timestamps: 0:00 Introduction to the series 2:14 Video starts You can register for part 2 of this series here: event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&partnerref=website&eventid=2649692&sessionid=1&key=FDD7D40926383C11B3392509222D8368®Tag=1558905&sourcepage=register
To lock down sudo even further you could take these two steps: Another thing you could do is log all your sudo commands to a separate log file as by default sudo gets logged to syslog files You can enter the following below in your visudo Defaults log_host, log_year, logfile="/var/log/sudo.log" ^ This will create a log file in /var/log called sudo.log and will log what user and what time on what host executed what command example: Oct 17 13:07:08 2020 : admin : HOST=mitchell : TTY=pts/2 ; PWD=/var/log ; USER=root ; COMMAND=/bin/cat sudo.log Oct 17 13:06:43 2020 : admin : HOST=mitchell : TTY=pts/2 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/apt update Admin would be the user who executes the command. Then simply just cat /var/log/sudo.log to view the contents of the log You could also: Configure sudo to not allow users to switch to root or any another account. but Instead, configure sudo to allow users to run specific commands as the users they need to operate as, while still having root disabled. For eg: There’s a need for a user to install software. Allow them to run only RPM or APT or YUM as root without even switching to the root user as shown below: Entered in the sudo config file: usernameHere ALL =(ALL) PASSWD : /usr/bin/apt-get, /usr/bin/yum, /bin/rpm This would allow said user to run sudo apt-get, sudo yum and sudo rpm without any password but would not allow any other commands! in case a user types a wrong password, sudo will display insults on the terminal with the insults parameter. Enter this into your visudo file to enable insults on wrong password attemps: Defaults insults Also thx HS, Very informative video
Sir, i thanks you to providing such valuable content. all the content uploaded on this channel is awesome, and i also learnt a lot from this channel. sir i request you to start a series on privileged escalation as many of us know how to exploit machines but face trouble when we try to escalate our privileges I would love to hearing from you 🙏
very nice video... would love to see a more in-depth video specifically on configuring sudoers and using sudoers.d to manage privileged commands a user can run. thanks for this one though.
Thanks hackersploit, not sure what i did but obviously missed 1 through 5, could you pls send through this missing series... Greatly appreciated , yours truly - Myne
ok so my school computers run a shitty linux distro and they "disabled" root by changing the password the thing is you can access a root terminal in the recovery mode when booting up the pc and change again the password there lets just say i installed cs 1.6 on a couple computers..
Hi sir. I love your content. Huge respect from india. I have a doubt sir. If I know the password for dev account who is in sudo group, what is the use of locking password for root account. Because they can unlock it again and switch to root account ryt ?please answer my question if it makes sense and if am wrong pls correct me. Thank you so much.
nice video.... moreover if you can pls share the link of the videos you talked about sudo file syntaxes and other stuff of sudo. I have gone throught ur channel but could not find it... :)
I have a doubt, If we are giving all permission to dev then why hacker will try to access the root account, because he can do almost anything from the dev account.
Hello HackerSploit. I've been watching your videos and I appreciate all of your hard work to train us here. I have a question about this video. The methods you've shown work perfectly fine when we try to switch to the root user with su command. But wen I try "sudo -s" on the system I can easily switch to root user and I get something like "root@ubuntu:~#" in my terminal. I'm curious if there's any way to disable that too. Or is this changing to root user. It doesnt ask for root password. It just asks for the current user's password. Thank you in advance...
@NuBz haha :) thx for the answer - yeah im not familiar with Arch - Debian is my home distro :), i will going to look into other distros and try these different ways out
adduser command is for creating a new user in your system while sudoers file is for configuring who can have access to sudo command and some other stuff...
@NuBz I already know he lives in Kenya, as his public profiles have listed that, as well as his about section. I was just asking how covid has effected life there around him.
I know you hear this. So I just want to thank you for your work. It has been the most valuable teaching tool.
Timestamps:
0:00 Introduction to the series
2:14 Video starts
You can register for part 2 of this series here: event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&partnerref=website&eventid=2649692&sessionid=1&key=FDD7D40926383C11B3392509222D8368®Tag=1558905&sourcepage=register
To lock down sudo even further you could take these two steps:
Another thing you could do is log all your sudo commands to a separate log file as by default sudo gets logged to syslog files
You can enter the following below in your visudo
Defaults log_host, log_year, logfile="/var/log/sudo.log"
^ This will create a log file in /var/log called sudo.log and will log what user and what time on what host executed what command
example:
Oct 17 13:07:08 2020 : admin : HOST=mitchell : TTY=pts/2 ; PWD=/var/log ;
USER=root ; COMMAND=/bin/cat sudo.log
Oct 17 13:06:43 2020 : admin : HOST=mitchell : TTY=pts/2 ; PWD=/var/log ;
USER=root ; COMMAND=/usr/bin/apt update
Admin would be the user who executes the command.
Then simply just cat /var/log/sudo.log to view the contents of the log
You could also:
Configure sudo to not allow users to switch to root or any another account. but Instead, configure sudo to allow users to run specific commands as the users they need to operate as, while still having root disabled.
For eg: There’s a need for a user to install software. Allow them to run only RPM or APT or YUM as root without even switching to the root user as shown below:
Entered in the sudo config file:
usernameHere ALL =(ALL) PASSWD : /usr/bin/apt-get, /usr/bin/yum, /bin/rpm
This would allow said user to run sudo apt-get, sudo yum and sudo rpm without any password but would not allow any other commands!
in case a user types a wrong password, sudo will display insults on the terminal with the insults parameter. Enter this into your visudo file to enable insults on wrong password attemps:
Defaults insults
Also thx HS, Very informative video
Man these are all what I learned manually from linux Bible, but sir your teaching was fantastic 😍😍
I watch all in one breath@!! Great man!
Sir, i thanks you to providing such valuable content. all the content uploaded on this channel is awesome, and i also learnt a lot from this channel. sir i request you to start a series on privileged escalation as many of us know how to exploit machines but face trouble when we try to escalate our privileges
I would love to hearing from you 🙏
Yup, I love this series. Yes.
Aleksis thank u for your video channel!
These are super important things which we all must know!
You are great man,you are doing great work I really really appreciate your work your are doing ❤️
Love your bro from INDIA 🇮🇳
Thank you, selfless man!
Much appreciated sir
Damn this is good stuff. And especially for RUclips. Thanks for creating this great content
very nice video...
would love to see a more in-depth video specifically on configuring sudoers and using sudoers.d to manage privileged commands a user can run. thanks for this one though.
Thank you for all your great content!!!
7:55 root has to use sudo command?!? wat... I think usermod ( /sbin/ ) just isn't in $PATH. ??
Good evening sir,
Sir I want to convert my chromebook714 - 1W - 390Y but it is required to enable Sudo if I want to bypass the VT2 terminal.
Thanks hackersploit, not sure what i did but obviously missed 1 through 5, could you pls send through this missing series... Greatly appreciated , yours truly - Myne
So what's keeping the dev user account from unlocking the root arround or changing the shell of the root?
Willing to learn more CTF !
Thanks, great video.
Thanks for your video sir
How is the dev user any more secure than root if it has all the same privileges?
Which process monitor was that at the beginning of video?
Thanks a lot sir, when you get time can you make some video on hardware hacking or BIOS hacking
ok so my school computers run a shitty linux distro and they "disabled" root by changing the password
the thing is you can access a root terminal in the recovery mode when booting up the pc and change again the password there
lets just say i installed cs 1.6 on a couple computers..
Time to run useradd and usermod -aG
Thank you. Very good video !
Please make more videos like this!
Hi sir. I love your content. Huge respect from india. I have a doubt sir. If I know the password for dev account who is in sudo group, what is the use of locking password for root account. Because they can unlock it again and switch to root account ryt ?please answer my question if it makes sense and if am wrong pls correct me. Thank you so much.
nice video.... moreover if you can pls share the link of the videos you talked about sudo file syntaxes and other stuff of sudo.
I have gone throught ur channel but could not find it... :)
I have a doubt, If we are giving all permission to dev then why hacker will try to access the root account, because he can do almost anything from the dev account.
wonderfull!! see ya @webcast
what if dev does $ sudo su in order to access root?
Hello HackerSploit. I've been watching your videos and I appreciate all of your hard work to train us here. I have a question about this video. The methods you've shown work perfectly fine when we try to switch to the root user with su command. But wen I try "sudo -s" on the system I can easily switch to root user and I get something like "root@ubuntu:~#" in my terminal. I'm curious if there's any way to disable that too. Or is this changing to root user. It doesnt ask for root password. It just asks for the current user's password. Thank you in advance...
is there a difference between adding the user to the sudoers file and adding the user with a command "adduser [USER] sudo"?
@NuBz haha :) thx for the answer - yeah im not familiar with Arch - Debian is my home distro :), i will going to look into other distros and try these different ways out
adduser command is for creating a new user in your system while sudoers file is for configuring who can have access to sudo command and some other stuff...
Hi, nice video. If you can put something about:
sudo edit
sudo noexec
The implications of them for linux security. Thank you for the very good video!
How payload Hide in images help
Artix linux review from your perspective, plz
thanks
Thank you. How is Covid going in your part of the world?
@NuBz I already know he lives in Kenya, as his public profiles have listed that, as well as his about section. I was just asking how covid has effected life there around him.
@@blakryptonite1 it's a bot, no replies to he expected.
And what is the root password
Hey good video but I don't have a credit card account . " ? "
you are awesome
Dollarboysushil is here *#*#*#
Great
Hello thanks
Regardless
Hello
Make a rat video.