ProHoster > Блог > labaran intanet > sudo 1.9.0 saki

sudo 1.9.0 saki

Shekaru 9 bayan samuwar reshen 1.8.x buga sabon gagarumin saki na mai amfani sudo 1.9.0, ana amfani da shi don tsara aiwatar da umarni a madadin sauran masu amfani.

Canje-canje masu mahimmanci:

  • A abun da ke ciki hada tsarin baya sudo_logsrvd, An tsara shi don shiga tsakani daga wasu tsarin. Lokacin gina sudo tare da zaɓin "-enable-openssl", ana watsa bayanai akan tashar sadarwar rufaffiyar (TLS). Ana yin saita aika rajistan ayyukan ta amfani da zaɓin log_servers a cikin sudoers. Don musaki tallafi don sabon tsarin aika log ɗin, an ƙara zaɓuɓɓukan "--disable-log-server" da "--disable-log-client". Don gwada hulɗa tare da uwar garken ko aika rajistan ayyukan da ke akwai, ana ba da shawarar amfanin sudo_sendlog;
  • Kara damar plugin ci gaban don sudo a cikin Python, wanda aka kunna lokacin ginawa tare da zaɓin "-enable-python";
  • An ƙara sabon nau'in plugin - "audit", wanda ake aika saƙonni game da kira mai nasara da nasara, da kuma kurakurai da suka faru. Wani sabon nau'in plugin yana ba ku damar haɗa masu sarrafa ku don shiga waɗanda ba su dogara da daidaitattun ayyuka ba (alal misali, ana aiwatar da mai kula da rubuta rajistan ayyukan a cikin tsarin JSON a cikin hanyar plugin);
  • An ƙara sabon nau'in plugin ɗin, "yarda", don yin ƙarin cak bayan ingantaccen binciken izini na tushen ƙa'ida a cikin sudoers. Da yawa plugins na wannan nau'in za a iya kayyade a cikin saitunan, amma tabbacin ana bayar da aikin kawai idan an yarda da duk plugins da aka jera a cikin saitunan;
  • Umurnin "sudo -S" yanzu yana buga duk buƙatun zuwa daidaitaccen fitarwa ko stderr, ba tare da samun damar na'urar sarrafa tashar ba;
  • A cikin sudoers, maimakon Cmnd_Alias, ƙayyade Cmd_Alias ​​​​ yanzu shima abin karɓa ne;
  • Ƙara sabon pam_ruser da pam_rhost saituna don kunna / kashe saitin sunan mai amfani da ƙimar runduna lokacin saita zama ta hanyar PAM;
  • Yana ba da ikon tantance hash SHA-2 sama da ɗaya akan layin umarni da aka raba waƙafi. Hakanan za'a iya amfani da hash ɗin SHA-2 a cikin sudoers tare da ma'anar kalmar "ALL" don ayyana umarni waɗanda za'a iya aiwatar da su kawai idan hash ɗin ya dace;
  • sudo da sudo_logsrvd suna ba da ƙirƙirar ƙarin fayil ɗin log a cikin tsarin JSON, yana nuna bayanai game da duk sigogin umarnin da aka ƙaddamar, gami da sunan mai watsa shiri. Wannan log ɗin yana amfani da mai amfani sudoreplay, wanda yanzu yana da ikon tace umarni ta sunan mai masauki;
  • Jerin muhawarar layin umarni da aka wuce ta hanyar SUDO_COMMAND m yanayi yanzu an datse su zuwa haruffa 4096.

source: budenet.ru

Add a comment