-
Notifications
You must be signed in to change notification settings - Fork 10
Why SeBAz runs only as ROOT
This page explains why SeBAz runs only as root
- Display version and exit
- Display explanation of control(s) and exit
- Display help and exit
- Generate report from existing CSV(s)
- When performing the actual tests
Running as root is recommended in the CIS Benchmark document
The guidance within broadly assumes that operations are being performed as the root user. Operations performed using sudo instead of the root user may produce unexpected results, or fail to make the intended changes to the system. Non-root users may not be able to access certain areas of the system, especially after remediation has been performed. It is advisable to verify root users path integrity and the integrity of any programs being run prior to execution of commands and scripts included in this benchmark.
Some of the controls are required to be tested as the root user, and not the end user. In order to continue with the execution of the program, and not halt when a sudo command is encountered, SeBAz requires that the entire tool be run as root. This means that you can run the tool in a system and be assured that the results will be waiting for you when you return! This seamless experience also comes with the bonus advantage that the resultant files are not modifiable by the user of the system!