Using Ninja to Monitor And Kill Rogue Privilege Escalation

mvario · Jun 21, 2011

Using Ninja to Monitor And Kill Rogue Privilege Escalation
https://www.infosecisland.com/blogview/12020-Using-Ninja-to-Monitor-And-Kill-Rogue-Privilege-Escalation.html#.TgDiKtihNyM;twitter

"Ninja is a program for Linux (and presumably most Unix like OSes) that monitors for such privilege escalation."
Click to expand...

Haven't tried it yet but it looks interesting.

Mrkvonic · Jun 22, 2011

If someone has root, they can stop the ninja service.
So it's useless. Local root = winning!

Besides, what exactly "rogue" could happen in your home?
Rogue privilege escalation is a fancy term - now real examples, please.

P.S. you can track sudo and ssh via /var/log/security - simple.

Regards,
Mrk

chrisretusn · Jun 28, 2011

[url]https://www.infosecisland.com/blogview/12020-Using-Ninja-to-Monitor-And-Kill-Rogue-Privilege-Escalation.html[/url] said:

The white-list function of ninja makes it useful for enforcing policy. You can have a group of users who are allowed to run file editors as root to make changes to system configs and another group who are allowed to restart services, thus providing separation of duties.
Click to expand...

I can do this using sudoers.

Log in or Sign up

Using Ninja to Monitor And Kill Rogue Privilege Escalation

mvario Registered Member

Mrkvonic Linux Systems Expert

chrisretusn Registered Member

Log in or Sign up

Using Ninja to Monitor And Kill Rogue Privilege Escalation

mvario Registered Member

Mrkvonic Linux Systems Expert

chrisretusn Registered Member

Useful Searches