Bart Simons

Bart Simons


Thoughts, stories and ideas.

Bart Simons
Author

Share


Tags


.net .net core Apache C# CentOS LAMP NET Framework Pretty URLs Windows Server WireGuard WireGuard.io access log add analysis android api at the same time authentication authorization automate automation azure azurerm backup bash basics batch bootstrap build capture cheat sheet chromium chroot class cli click to close code snippet command line commands compile compiling compression containers control controller controlling convert cpu usage create credentials csv csvparser curl data dd deployment desktop detect devices disable diskpart dism distributed diy docker dom changes dotnet core drivers ease of access encryption example export file transfer files fix folders generalize getting started ghost ghost.org gui guide gunicorn gzip html html tables icewarp igd imagex import inotify install installation interactive ios iphone itunes java javascript jquery json kiosk kotlin linux live load data loading screen lock screen loopback audio lxc lxd lxml macos manage manually message messages minio mirrored mod_rewrite monitor monitoring mutationobserver mysql nexmo nginx no oobe node node.js nodejs not installing notification notifications object storage on desktop one command openssl owncloud parallels parallels tools parse perfect philips hue play port forwarding portainer.io powershell processing ps-spotify python quick raspberry pi record rip ripping rsync rtmp save save data sbapplication scraping script scripting scriptingbridge scripts security send server service sharedpreferences sms songs sonos spotify spotify api spotlight ssh stack streaming streamlink studio sudo swarm swift sync sysprep system audio systemd tables terminal tracking tutorial twilio ubiquiti ubuntu ubuntu 18.04 ui code unifi unlock unsplash source upnp uptime usb tethering wallpapers wasapi website websites webview windows windows 10 without itunes without oobe workaround xaml

Modifying sudo to run an executable after successful authentication

So I recently installed Ubuntu on my Intel NUC and one thing that was bugging me out was having to enter my account password everytime when using the sudo command. I already fixed it with the NOPASSWD option for the sudo group. This is not the best solution when it comes to security, as any executable could gain sudo access on my local system. That brought up an idea in my head, namely modifying the sudo codebase so that you get a graphical notification on your screen when someone successfully authenticates with sudo. Here's an example:

Libnotify Notification Test

The utility I used to create this message is notify-send, which comes pre-installed with Ubuntu. So what we want is this command to be launched from the C++ code base so that we get a nice message upon sudo access! Let's begin.

At first, you make sure that you have all necessary development packages installed on your system:

sudo apt install build-essential git

And make sure you have all deb-src sources uncommented in /etc/apt/sources.list. Afterwards make sure to update your package cache again with sudo apt update.

The next step is fetching the sudo source code:

apt source sudo

Good. So the next step is to modify the source code of sudo. More specifically, you need to change one single source code file of the sudoers plugin named sudoers.c which can be found in the following directory:

sudosourceroot/plugins/sudoers

Open the file in your favorite editor. Search for the function create_admin_success_flag and add the following code at the top of all found function blocks:

popen("/usr/bin/notify-send -i dialog-warning \"Sudo notification\" \"Someone just gained root access!\" --urgency=critical", "r");

Go back to the sudo source code root directory and run the usual compilation commands:

./configure && make && sudo make install

Enjoy a safer Linux desktop experience!

Bart Simons
Author

Bart Simons

View Comments