sudo pair #0

Supports: xenial bionic
Add to new model

Description

sudo_pair is a sudo plugin that ensure that if a user tries to get root privileges,
he will need an authorization from a pair


Overview

sudo_pair is a sudo plugin that ensure that no user
can act entirely on their own authority within these systems.
Once configured if a user tries to get root privileges, he will need
an authorization from a pair that will monitor over his session.

Build

cd sudo-pair
charm build 

Usage

Add to an existing application using juju-info relation.

Example:

juju deploy ubuntu
juju deploy ./sudo-pair
juju add-unit ubuntu
juju add-relation ubuntu sudo-pair 

Configuration

The user can configure the following parameters:
groups_enforced (default: root): This is a comma-separated list of group names that sudo_pair will gate access to. If a user is sudoing to a user that is a member of one of these groups, they will be required to have a pair approve their session.
groups_exempted(default: none): This is a comma-separated list of group names whose users will be exempted from the requirements of sudo_pair. Note that this is not the opposite of the groups_enforced flag. Whereas groups_enforced gates access to groups, groups_exempted exempts users sudoing from groups. For instance, this setting can be used to ensure that oncall sysadmins can respond to outages without needing to find a pair.
bypass_cmds (default: none): This is a comma-separated list of full path commands that have to be bypassed from sudo pairing
bypass_group (default: none): This is the unix group for which the commands specified through bypass_cmds will be bypassed from sudo pairing approval
* auto_approve (default: true): If true, auto approval is permitted.

Testing

Unit tests has been developed to test templates rendering for sudo.conf, sudoers.d/91-bypass-sudopair-cmds, sudo_approve

To run unit tests:

tox -e unit

Deploy tests has been developed using python-libjuju

To run tests using python-libjuju:

tox -e functional

Contact Information

Giuseppe Petralia giuseppe.petralia@canonical.com


Configuration

auto_approve
(boolean) If true, auto approval is permitted.
True
bypass_cmds
(string) This is a comma-separated list of full path commands that have to be bypassed from sudo pairing
bypass_group
(string) This is the unix group for which the commands will be bypassed from sudo pairing approval
extra_packages
(string) Space separated list of extra deb packages to install.
groups_enforced
(string) This is a comma-separated list of group names that sudo_pair will gate access to.
root
groups_exempted
(string) This is a comma-separated list of group names whose users will be exempted from the requirements of sudo_pair
install_keys
(string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
install_sources
(string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.
package_status
(string) The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".
install