Closed gtarnaras closed 3 years ago
Closing in favor of this approach: https://github.com/calebhailey/sensu-remediation-handler/tree/rewrite#privilege-escalation
Working on (finally!) getting this merged into this repo; see #18 which closes most of the open issues in this repository.
Oof. This is a bit of a hot topic when it comes to Sensu. We absolutely need to note this on the remediation handler readme. There's been a larger conversation in the Sensu community around adding the
sensu
user to sudoers and what the potential security implications are for carte-blanche access to a system. That is to say, there's room for us to be prescriptive in our recommendations for sudo use (i.e., ensuring that if we have a note like this in a readme that it's linked to a recommended best practice that properly scopes thesensu
user's access.There's also a distinction between Sensu having access to system commands, versus having access to executables that might require sudo (I'm drawing a blank on those commands atm). I'm not quite sure of where everything's landed so far, but IIRC the lack of predictable asset names means that if you're operating from the principle of least privilege, you'd have to add the Sensu to sudoers with the path to the command, which includes the SHA512sum as part of the path, and that's kind of unwieldy.
All that to say, I'm totally in favor of adding the note re: sudoers, but I'd like to get feedback from @cwjohnston & @calebhailey to see if there's more a note like this can do to ensure that folks don't open themselves up to a potential security snafu.