Hello,
I have a Application which needs to run shell scripts in a elevated state (root) for system interrogation. So I execute each script using bash -C. This has worked really well.
I now want to add another layer of security, I cant inspect each of the scripts before they get deployed to the systems. So I would like to have my app inspect the script for dangerous command line apps that might be on purpose or a fat finger, like rm; mv; cp; chown; chmod; etc.
I did try running bash in restricted mode but I had issues running some of the scripts. Is there a list or a command I can run to add a layer of protection to protect against something dangerous from happening?
First off, create a chrooted user that has some privilege, not all.
In the chroot jail (new / root directory ) only populate /usr/bin (or whatever with commands you can live with). No commands can be a link outside the jail.
Next, grant whatever users you want the privilege of becoming that special user, via sudo and /etc/sudoers
Basically though I gave you and answer, this is a not a good idea overall. I would not do this. Why do you want ordinary users doing normally restricted operations on the system.
You can probably use /etc/sudoers to set up what you want, but DO'NT let everybody have access to everything. The model is grant access. The model is never deny access.
Which is what your question is all about. Deny access.
The reason is the negative approach has serious flaws, even though you may think otherwise. You will notice that the security model that comes with the system is the "grant access model". There lots of good reasons for that. Don't bypass 30 years of security work for no good reason.
*I like Frank's answer better,I was being too polite.