虚心使人进步

虚心学习,天天向上......
  博客园  :: 首页  :: 新随笔  :: 联系 :: 订阅 订阅  :: 管理

等保-linux-三权分立账号设置

Posted on 2024-03-25 09:19  Showker  阅读(1623)  评论(0编辑  收藏  举报

1.创建三权账号

#新建系统管理员
useradd sysadmin
passwd sysadmin

#新建安全管理员
useradd secadmin
passwd secadmin

#新建审计管理员
useradd auditadmin
passwd auditadmin

2.修改visudo配置
visudo

#系统管理员
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig, /usr/bin/systemctl start, /usr/bin/systemctl stop, /usr/bin/systemctl reload, /usr/bin/systemctl restart, /usr/bin/systemctl status, /usr/bin/systemctl enable, /usr/bin/systemctl disable
Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
sysadmin ALL=(root) SOFTWARE,SERVICES,STORAGE

#安全管理员
Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
secadmin ALL=(root) DELEGATING,PROCESSES,NETWORKING

#审计管理员的权限
auditadmin ALL=(root) NOPASSWD:/usr/sbin/aureport,NOPASSWD:/usr/sbin/autrace,NOPASSWD:/usr/sbin/ausearch,NOPASSWD:/usr/sbin/audispd,NOPASSWD:/usr/sbin/auditctl

3.测试配置是否正确
visudo -c