Sponsored Link
A "magic" group can be specified, allowing members of this group to run any setuid/setgid root executable.
Individual executables can be whitelisted. Ninja uses a fine grained whitelist that lets you whitelist executables on a group and/or user basis. This can be used to allow specific groups or individual users access to setuid/set-gid root programs, such as su and passwd.
Install Ninja in Ubuntu
sudo aptitude install ninja
Configuring ninja
1. Add a “magic” group (only members of the magic group are allowed root access). In this example we will call the group “ninja” , you may change the name if you wish. Take note of the group id (gid or number).
sudo addgroup ninja
Adding group `ninja’ (GID 1002) …
Done.
Add root, messagebus, and your administrative user(s) to the magic group.
sudo usermod -a -G ninja root
sudo usermod -a -G ninja messagebus
sudo usermod -a -G ninja bodhi
2. Make a log file, restrict access to both /etc/ninja and the log file to root.
sudo touch /var/log/ninja.log
sudo chmod o-rwx -R /etc/ninja/
sudo chmod o-rwx /var/log/ninja.log
3. Using any editor, open /etc/ninja/ninja.conf
sudo -e /etc/ninja/ninja.conf
Make the following changes match the number with the magic group id:
group = 1002
Test ninja:
sudo ninja start
bodhi@lucid:~$ sudo -i
root@lucid:~# sudo -u nobody /bin/bash
bash: /root/.bashrc: Permission denied
nobody@lucid:~$ whoami
nobody
nobody@lucid:~$ sudo -i
[sudo] password for nobody:
Sorry, try again.
Exit the shell and/or close the terminal.
At this time ninja is configured only to log events.
Examining the log will show the event:
lucid:~$ sudo cat /var/log/ninja.log
NEW ROOT PROCESS: bash[2319] ppid=2015 uid=0 gid=0
-- ppid uid=1000(bodhi) gid=1000 ppid=2013
+ bodhi is in magic group, all OK!
NEW ROOT PROCESS: sudo[2338] ppid=2335 uid=0 gid=0
-- ppid uid=65534(nobody) gid=65534 ppid=2319
+ UNAUTHORIZED PROCESS DETECTED: sudo[2338] (parent: bash[2335])
-- nokill option set, no signals sent
Notice three things :
1. bodhi was allowed to run sudo.
2. ninja detected nobody was not authorized to run sudo.
3. Last, ninja is configured with the “no kill” option, so did not take action.
Reboot
Before we complete our configuration of ninja, we need to test it. If ninja is misconfigured you may loose all root access !!!
Clear the log
sudo bash -c “> /var/log/ninja.log”
Reboot, test root (sudo) access and run your system for a few hours or days (your choice). Watch the ninja log. If there are events you will need to determine if you need to configure ninja further, either via adding users to the ninja group or white listing processes.
Add a user to the magic group
Use the graphical tool or command line to add users to the ninja group
sudo usermod -a -G ninja user_to_add
Whitelisting a process
Edit /etc/ninja/whitelist
If you examine the file you will find there are already a few processes listed. If you need to add a process the syntax is
/path_to/program:group:user
where group/user is a group/user allowed to run the process
Enable ninja
Assuming you have configured ninja and you are not getting alerts in the ninja log, it is time to activate ninja.
Using any editor, open /etc/ninja/ninja.conf
sudo -e /etc/ninja/ninja.conf
Change these lines
no_kill = no
no_kill_ppid = no
restart ninja
sudo service ninja restart
Test ninja
bodhi@lucid:/usr/share/doc/ninja$ sudo -i
root@lucid:~# sudo -u nobody /bin/bash
bash: /root/.bashrc: Permission denied
nobody@lucid:~$ sudo -i
When I try to run ninja withOUT a log file in the config it works perfectly. When I add the logfile option I get the error:
root@pinkzebra:~# ninja /etc/ninja/ninja.conf
log: reading configuration file: /etc/ninja/ninja.conf
log: ninja version 0.1.2 initializing
log: magic group: gid=1003 (ninja)
die: got signal SIGSEGV — segmentation fault
Why is the logfile causing ninja to crash? How can I fix this?
Thanks,
Ken
Now this is a good article. Way to go ubuntugeek!
Mmh I never tried Ninja so I tried to install it but it crashed in the middle of installing, sent debug report to developers, anyway you’ve tested this on lucid lynx? or does it not run for x64 systems?
– Carlos
i get this error
usermod: user ‘bodhi’ does not exist
sorry im kinna new to ubuntu or any linux platform
Could anyone please tell me where the user manual is for ninja.
thanks