[Cialug] followup from meeting
Jared Brees
fromj2sitsme at msn.com
Thu Jun 20 03:40:17 UTC 2019
Sean Flattery has also done an awesome talk on sudo and auditd; you can restrict it to something with a specific SHA224 checksum if you really want to get paranoid. https://www.youtube.com/watch?v=hvhde2F6Jms
________________________________
From: Cialug <cialug-bounces at cialug.org> on behalf of Tim Champion <timchampion at gmail.com>
Sent: Wednesday, June 19, 2019 21:42
To: cialug
Subject: [Cialug] followup from meeting
This is mostly for Andrew and Jared who talked with me about a secure-ish
way to have the web server able to change the network config on the pi.
I think docker might be overkill for what I'm doing. I think I'm going to
stick with another idea I had which was to grant sudoer to www-data for
only specific scripts
sudo visudo
www-data ALL=(ALL) NOPASSWD: /root/hotspot.sh
www-data ALL=(ALL) NOPASSWD: /root/normal.sh
Either way, it was nice to have some people to bounce ideas off of.
Tim Champion
_______________________________________________
Cialug mailing list
Cialug at cialug.org
https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
More information about the Cialug
mailing list