Ansible - Privilege Escalation
- ssh key
- AWS instance as a managed node
- sudo
Linux OS -> root - full access - full power -> Privilege
Disable root login because of security
# useradd sam; passwd sam
You can use this account to login to your system.
give user extra power -> by -> privilege escalation - by using sudo
Control Node (CN) -> PB -> package -> connect to TN using ssh.
Target Node (TN) -> No root, create a user sam and give full access
# visudo
sam ALL=(ALL) ALL
Inventory file
# cat /root/myhosts
[myweb]
192.
ansible_user=sam ansible_sssh_pass=q ansible
[myweb]
worker1 ansible_user=sam ansible_ssh_pass=q ansible_connection=ssh
worker2 ansible_user=sam ansible_ssh_pass=changeme ansible_connection=ssh
# ansible myweb - package -a "name=httpd state=present"
This command will fail.
The reason is:
- go to visudo and give sam user extra power
- and become root to run this command.
# ansible myweb - -m command -a id
This command is successful as a user sam.
but we are talking about previlege escalation
how do we do it?
1. First login with other use but don't run it as a normal user sam.
# ansible -h | grep become
look for become option.
# ansible 192.168.10.20 -m command -a id --become --become-user root --become-methos sudo
# ansible-doc -t become -l
# ansible 192.168.10.20 -m command -a id --become --become-user root --become-methos sudo --ask-become-pass
[root@master ~]# ansible worker1 -m package -a "name=httpd state=present" --become ---become-user root --become-methos sudo --ask-become-pass
Go to ansible conf file and add following conent
[ privilege_escalation]
become=true
become_methos=sudo
become_user=root
become_ask_pass=true # ask pw, false will not prompt for pw.
but yo have to edit sudoers file ...
sam all=all nopasswd:all
Since you write on your conf file, now, you can supply
ansible worker1 -m command -a id --become --become-user root --become-method sudo --ask-become-pass
ansible worker1 -m command -a id
In case of EC2 -> We never login as root user. ec2-user
on your inventory @control node, you can't use user=root since it is disable
so, you have to use normal user with sudo power.
so login as ec2-user and run the command as root. so become is use ful...
keys or ssh-key
--------------
ssh to remove system
- ask you for username/pw
you create key
- private key
- public key
take public key to other nodes
On control node run
$ ssh-keygen
it will generate two keys
you never share your private key but share your public key
If user @other end accepts your putblic key, and you inititate adn ssh connection
to remote machine, you can login without password
To share your pubic ckey
$ ssh-copy-id sam@remove-host
Now, login
$ ssh user@remove-host
you are logged in without pw...
# cat .ssh/id.rsa -> private key
CN
- create a VM
- Create an inventory file
ip address -> user -> pw/ssh-private-key (download the key and upload on your cn)
GOOGLE FOR ANSIBLE INVENTORY FILE
ansible_ssh_private_key_file ...
review other options
from your laptop -> login to aws EC2 and run ansible ad-hoc commands..
you don't have to configure anything since the use comes with sodo access..
Monday, December 28, 2020
Ansible - Privilege Escalation
Subscribe to:
Post Comments (Atom)
Git branch show detached HEAD
Git branch show detached HEAD 1. List your branch $ git branch * (HEAD detached at f219e03) 00 2. Run re-set hard $ git reset --hard 3. ...
-
snmpconfig command allow you to managge snmpv1/v3 agent configuration on SAN switch. Event trap level is mapped with event severity level....
-
Firmware upgrade on HPE SuperDom Flex 280 - prerequisites tasks a. Set up repo b. Upload firmware to your webserver 1. For foundation so...
-
Disabling the Telnet protocol on Brocade SAN switches By default, telnet is enabled on Brocade SAN switches. As part of security hardening o...
No comments:
Post a Comment