Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > sudo 1.9.0 kumasulidwa

sudo 1.9.0 kumasulidwa

Zaka 9 pambuyo pa kukhazikitsidwa kwa nthambi ya 1.8.x losindikizidwa kutulutsa kofunikira kwambiri kwa ogwiritsa ntchito sudo 1.9.0, amagwiritsidwa ntchito pokonzekera kuchitidwa kwa malamulo m'malo mwa ogwiritsa ntchito ena.

Zosintha zazikulu:

  • The zikuchokera kuphatikizapo ndondomeko yakumbuyo sudo_logsrvd, yopangidwira kudula mitengo pakati kuchokera ku machitidwe ena. Mukapanga sudo ndi njira ya "-enable-openssl", deta imatumizidwa kudzera pa njira yolumikizirana encrypted (TLS). Kukonzekera kutumiza kwa zipika kumachitika pogwiritsa ntchito njira ya log_servers mu sudoers. Kuti mulepheretse kuthandizira njira yatsopano yotumizira chipika, zosankha za "--disable-log-server" ndi "-disable-log-client" zawonjezedwa. Kuyesa kuyanjana ndi seva kapena kutumiza zipika zomwe zilipo, sudo_sendlog utility ikuperekedwa;
  • Zowonjezedwa mwayi chitukuko cha plugin kwa sudo mu Python, yomwe imathandizidwa pomanga ndi "-enable-python" njira;
  • Mtundu watsopano wa plugin wawonjezedwa - "kufufuza", komwe mauthenga okhudza mafoni opambana komanso osachita bwino, komanso zolakwika zomwe zimachitika, zimatumizidwa. Mtundu watsopano wa pulogalamu yowonjezera umakulolani kuti mulumikizane ndi ogwira ntchito anu odula mitengo omwe sadalira ntchito yokhazikika (mwachitsanzo, chogwirira ntchito cholembera zolemba mumtundu wa JSON chimakhazikitsidwa ngati pulogalamu yowonjezera);
  • Onjezani mtundu watsopano wa pulogalamu yowonjezera, "kuvomereza", kuti mufufuzenso pambuyo pofufuza chilolezo chokhazikitsidwa ndi malamulo mu sudoers. Mapulagini angapo amtunduwu amatha kufotokozedwa pazosintha, koma chitsimikiziro cha ntchitoyi chimaperekedwa pokhapokha ngati chivomerezedwa ndi mapulagini onse omwe adalembedwa pazosintha;
  • Lamulo la "sudo -S" tsopano likusindikiza zopempha zonse kuti zikhale zofanana kapena stderr, popanda kupeza chipangizo chowongolera;
  • Mu sudoers, m'malo mwa Cmnd_Alias, kufotokoza Cmd_Alias ​​​​tsopano ndikovomerezeka;
  • Onjezani zosintha zatsopano pam_ruser ndi pam_rhost kuti mutsegule / kuletsa kuyika dzina lolowera ndi zikhalidwe zochititsa mukakhazikitsa gawo kudzera pa PAM;
  • Amapereka kuthekera kofotokozera ma hashi opitilira SHA-2 pamzere wamalamulo wolekanitsidwa ndi koma. SHA-2 hash itha kugwiritsidwanso ntchito mu sudoers molumikizana ndi mawu oti "ALL" kufotokozera malamulo omwe atha kuyendetsedwa ngati hashi ikufanana;
  • sudo ndi sudo_logsrvd zimapereka kupanga kwa fayilo yowonjezera ya chipika mumtundu wa JSON, kuwonetsa zambiri zamagawo onse a malamulo omwe adakhazikitsidwa, kuphatikiza dzina la wolandila. chipikachi chimagwiritsidwa ntchito ndi sudoreplay utility, yomwe tsopano ili ndi kuthekera kosefa malamulo ndi dzina la alendo;
  • Mndandanda wa mikangano yamalamulo yomwe idadutsa mumitundu yosiyanasiyana ya SUDO_COMMAND tsopano yasinthidwa kukhala zilembo 4096.

Source: opennet.ru

Kuwonjezera ndemanga