A "magic" group can be specified, allowing members of this group to run any setuid/setgid root executable.
Individual executable can be white-listed. Ninja uses a fine grained white-list that lets you white list executable on a group and/or user basis. This can be used to allow specific groups or individual users access to setuid/set-gid root programs, such as su and passwd.
Download ninja from - here
Untar the source, goto the ninja directory and type following command to compile and install the ninja:
makecopy the white-list file to the /etc/ninja directory
cp examples/whitelist/simple.wlist /etc/ninja/Configuration:
Add group "ninja" (note down the group id):
groupadd ninjaAdd user 'root' and all other required users to this group:
usermod -G ninja nikeshCreate the ninja log files:
usermod -G ninja root
touch /var/log/ninja.logOpen the ninja configuration file: vi /etc/ninja/default.conf and change the following settings
group=1000Here you also need to create a simple script alert (/root/bin/alert) with following entries
daemon = yes
interval = 0
logfile = /var/log/ninja.log
whitelist = /etc/ninja/simple.wlist
external_command = /root/bin/alert
echo 'Alert - Unauthorized Access to system.' | mail -s "'Alert - Unauthorized Access to system." email@example.com
Edit the whitelist file located under the /etc/ninja/simple.wlist
The first field is the full path to the executable you wish to white-list. The second field is a comma separated list of groups that should be granted access to the executable. The third field is a comma separated list of users.
<executable>:<groups>:<users>The second or third field can be left empty. Please refer to the example whitlist located in "examples/whitelist/".
Remember that it is a good idea to whitelist programs such as passwd and other regular setuid applications that users require access to.
Finally start ninja using following command:
/usr/local/bin/ninja /etc/ninja/default.confTesting Ninja:
Create a test user 'test'
Login to the system using this test user
now attempt to become 'root' user by typing command 'su - '
Here ninja will come into action and will kill the entire session and dump the information into the log ...