Giving up Your Roots: A Root Remedy Checklist

Paul Harper, May 11th, 2016

Control Root Privileges

As an IT organization, should you be concerned that your sysAdmins login as root, su to root, or sudo su to root? If so, can you really expect your users to do their daily tasks if they cannot logon with root level administrative permissions? Even if you enable your most trusted admins with root, shared accounts are inherently problematic and open up the possibility to both internal abuse as well as compromise from external threats and bad actors that have compromised your network. Remember the old adage, “It’s not if you are compromised, it is when!!!”

Tasks users perform as root

We have all heard the line, “I need root,” and there are probably a million different reasons (or excuses more often than not) why your admins will claim this need. But for those of you who are curious about some of the common tasks sysadmins will typically run as root or with root level privileges, here is a short list of common tasks they will likely perform on any given day.

These tasks include, but aren’t limited to:

  1. Provision and deprovision users
    • useradd <username>
    • usermod <username>
    • userdel <username>
  2. Network maintenance
    • ifconfig <interface> <parameters>
    • netstat <parameters>
    • route <parameters>
  3. Disk/Filesystem maintenance:
    • mount <device> <path>
    • umount <device>
    • Df
  4. Kernel configuration
    • echo <parameter> > /proc/kernel/<attribute>
    • vi /etc/system
    • vi /etc/sysconfig
  5. Kernel/App crashes
    • sar <parameters>
    • crash <parameters>
  6. Killing runaway or hung processes
    • kill <signal> <process>
    • ps <parameters>
  7. Software install / updates

The risks of running as root

Unix and Linux, for years, have had a security model where applications run with low privileges and request elevation of their privileges to modify the underlying system. When you are logged on as root any application you launch assumes your rights, thus, a vulnerability in that application could expose access to a root shell.

So, should you be concerned that your sysAdmins login as root, su to root, or sudo su to root? The short and simple answer is yes.

How to revoke root access without impacting administration

Although revoking root access may meet some resistance, this decision increases the level of security in your organization. This will better protect both customer and internal data. In an effort to solve the administrative fallout of revoking day-to-day root access for sysadmins and ensuring that admins remain productive, we have provided a checklist of items to ensure that what is implemented does not create a new headache for administration.

Here’s your ‘root’ remedy checklist for server privilege management:

  1. Fine-grain delegation to permit admins to perform only the tasks they need to perform.
  2. Support for time-based policies which ensures tasks are only performed during maintenance windows or after hours. This would ensure the privileges are only available during those times.
  3. Just-in-time approvals to permit admins to request a list of actions that can be approved by a manager or peers.
  4. A way to re-authenticate users or prompt for a second factor of authentication when performing highly sensitive operations or accessing sensitive information.
  5. Centralized policy management to simplify the management of policies across hundreds or thousands of servers.
  6. Centralized auditing to simplify compliance and speed up forensics.
  7. Controls to prevent users from circumventing the business policy and process.
  8. Allow the elevation and auditing for non-interact user activity like scripts and application processing.
  9. A way to integrate with IAM platforms for provisioning/de-provisioning so policies can be data-driven and managed with business automation.
  10. Security and compliance auditing will require extensive reporting of activities to ensure accountability and to identify rogue or unauthorized activity.
  11. Efficient way to locate suspect activity when doing a forensic investigation. This needs to take seconds vs. days or weeks to track down activity.

There is no time like the present to start thinking about giving up your roots. Or better yet, take the information above and get to work on locking down what are typically the most important servers hosting the most critical data in just about every organization.

For more information on how BeyondTrust can help you achieve control and accountability over root or admin credentials, contact us today.