[Cialug] followup from meeting

Jared Brees fromj2sitsme at msn.com
Thu Jun 20 03:40:17 UTC 2019


Sean Flattery has also done an awesome talk on sudo and auditd; you can restrict it to something with a specific SHA224 checksum if you really want to get paranoid. https://www.youtube.com/watch?v=hvhde2F6Jms
________________________________
From: Cialug <cialug-bounces at cialug.org> on behalf of Tim Champion <timchampion at gmail.com>
Sent: Wednesday, June 19, 2019 21:42
To: cialug
Subject: [Cialug] followup from meeting

This is mostly for Andrew and Jared who talked with me about a secure-ish
way to have the web server able to change the network config on the pi.

I think docker might be overkill for what I'm doing.  I think I'm going to
stick with another idea I had which was to grant sudoer to www-data for
only specific scripts

sudo visudo
www-data        ALL=(ALL) NOPASSWD: /root/hotspot.sh
www-data        ALL=(ALL) NOPASSWD: /root/normal.sh

Either way, it was nice to have some people to bounce ideas off of.

Tim Champion
_______________________________________________
Cialug mailing list
Cialug at cialug.org
https://www.cialug.org/cgi-bin/mailman/listinfo/cialug


More information about the Cialug mailing list