How to Manage Sudo Rules in EPM Linux

  • 3 minute(s) read
Prev Next

This document provides a step-by-step guide for registering a sudo rule in EPM Linux.

Requirements

Every user who will use sudo rules (general, device, and user) needs to be added to the gonix group. To add a user to the gonix group, follow these steps:

  1. Access the terminal where EPM Linux is installed.
  2. Type this command to add the user to the gonix group: sudo usermod -a -G gonix USERNAME.
  3. Type this command to create a password for the sudo user: sudo passwd USERNAME.
  4. Type this command to validate if the user is part of the gonix group: sudo getent group gonix.

Register a General Sudo Rule

  1. In Segura, hover over the Product Menu in the navigation bar and select EPM.
  2. In the sidebar menu, select Policies > Linux > Sudo Rules.
  3. Click Add.
  4. On the Segregation screen, choose General.
  5. In the Register Sudo Rules form, fill in the fields:
    1. Identification name: define a name to identify the rule.
    2. Active: set the rule status.
    3. Commands for rule application (full path must be used): fill in with the path of the command that can be executed as sudo and elevate privileges. To discover the path of a command in the Linux terminal, execute which [command].
    4. Should be NOPASSWD?: if you set this to Yes, the user will not be prompted for a password to execute the command as sudo. If set to No, the user will be prompted for a password.
    5. Description: add a brief description about this rule.
  6. Click Continue.
  7. Click Save.

Register a Sudo Rule for a Device

  1. In Segura, hover over the Product Menu in the navigation bar and select EPM.
  2. In the sidebar menu, select Policies > Linux > Sudo Rules.
  3. Click Add.
  4. On the Segregation screen, choose Device.
  5. In the Register Sudo Rules form, on the Sudo rules tab, fill in the fields:
    1. Identification name: define a name to identify the rule.
    2. Active: set the rule status.
    3. Commands for rule application (full path must be used): fill in with the path of the command that can be executed as sudo and elevate privileges. To discover the path of a command in the Linux terminal, execute which [type the desired command].
    4. Should be NOPASSWD?: if you set this to Yes, the user will not be prompted for a password to execute the command as sudo. If set to No, the user will be prompted for a password.
    5. Description: add a brief description about this rule.
  6. On the Devices tab, fill in the fields:
    1. Click Add to open the Devices modal.
    2. In the Devices modal, select the devices you want to include in the rule.
    3. Click Add.
  7. Click Continue.
  8. On the Review tab, review the rule registration and click Save.

How to Register a General Sudo Rule for a User

  1. In Segura, hover over the Product Menu in the navigation bar and select EPM.
  2. In the sidebar menu, select Policies > Linux > Sudo Rules.
  3. Click Add.
  4. On the Segregation screen, choose User.
  5. In the Register Sudo Rules form, on the Sudo rules tab, fill in the fields:
    1. Identification name: define a name to identify the rule.
    2. Active: set the rule status.
    3. Commands for rule application (full path must be used): fill in with the path of the command that can be executed as sudo and elevate privileges. To discover the path of a command in the Linux terminal, execute which [type the desired command].
    4. Should be NOPASSWD?: if you set this to Yes, the user will not be prompted for a password to execute the command as sudo. If set to No, the user will be prompted for a password.
    5. Description: add a brief description about this rule.
  6. On the User tab:
    1. Click Add to open the Users modal.
    2. In the Users modal, select the users you want to include in the rule.
    3. Click Add.
  7. Click Continue.
  8. On the Review tab, review the rule registration and click Save.
Info

To validate if the sudo rules are active, use the command cat /etc/sudoers.d/senhasegura.