Let's see examples of sudoers file part relevant to Mapping/Discovery

Example 1 -

Adding single username for ServiceNow and allowing it to run a limited set of commands

ServiceNow ALL = NOPASSWD: /bin/cat, /bin/ls, /bin/lsof, /usr/sbin/dmidecode, /bin/netstat

Example 2 -

Creating Command Alias for group/user and applying permission to run commands to user.

## ServiceNow account permissions

Cmnd_Alias PRTG = /bin/cat, /bin/ls, /bin/lsof, /usr/sbin/dmidecode, /bin/netstat

ServiceNow ALL = NOPASSWD: PRTG

After changes made to sudoers file and then running "sudo —l" command should provide next output:

User ServiceNow may run the following commands on this host:

(ServiceNow) NOPASSWD: /bin/netstat, /bin/cat, /bin/ls, /usr/sbin/dmidecode, /bin/lsof

And please remember Never edit this file with a normal text editor! Always use the visudo command instead!!!

Because improper syntax in the /etc/sudoers file can leave you with a system where it is impossible to obtain elevated privileges, it is important to use the visudo command to edit the file.

The visudo command opens a text editor like normal, but it validates the syntax of the file upon saving.

This prevents configuration errors from blocking sudo operations, which may be your only way of obtaining root privileges.

Traditionally, visudo opens the /etc/sudoers file with the vi text editor. Ubuntu, however, has configured visudo to use the nano text editor instead.

On CentOS, you can change this value by adding the following line to your ~/.bashrc:

• export EDITOR=`which name_of_editor`

Source the file to implement the changes:

After you have configured visudo, execute the command to access the /etc/sudoers file:

Aforementioned example of the sudoers file is only for guidelines purposes only.

Customer's environment could be highly customized and permission from IT Security Department of the customer could be needed in order to make any changes to sudoers file.

If you enjoyed the article, please share it

Co-Author Anders