When you install Security Validation (Linux) components using installable software, part of the install process is to add a sudoers file that includes access information and aliases. The file /opt/apps/verodin/planner/init/centos7_rpm/verodin_sudoers is imported into /etc/sudoers.d/ with directives to give the Apache user the appropriate permissions.
The following code snippet includes the commands and what they do.
Cmnd_Alias CHOWN__ROOT = /bin/chown -R * /opt/apps/ # This command establishes the appropriate permissions for the installation directory. Cmnd_Alias _HTTPD = /bin/systemctl * httpd #This provides service control over Apache. Cmnd_Alias _APACHECTL = /usr/sbin/apachectl * # This alias is for controlling web service during upgrades and restoring backups. Cmnd_Alias _SERVICE = /bin/systemctl * -* # This alias is for the Director service. Cmnd_Alias _INT_KILL = /bin/systemctl kill -s SIGUSR2 -integrations.service # This alias processes the appropriate command to restart the processes that control the integrations with external security technologies. Cmnd_Alias CHOWN_RVM = /bin/chown -R * /usr/local/rvm # This alias processes the appropriate permissions setting over the instance of RVM. Cmnd_Alias EXTRACT_RVM = /bin/tar xf rvm.tar.gz -C /usr/local/ # This alias processes the command to extract RVM to the appropriate path. Cmnd_Alias COPY_RVM = /bin/cp rvm.tar.gz /usr/local/ # This alias copies the RVM binary to the appropriate path prior to extraction. Cmnd_Alias RM_RVM = /bin/rm /usr/local/rvm.tar.gz # This alias allows for the removal of the RVM tarball. Cmnd_Alias CHOWN_HTTPD = /bin/chown -R * /etc/httpd # This alias processes the appropriate permissions setting over the instance of Apache. Cmnd_Alias POSTGRES_SU = /bin/su - postgres -c * # This alias is used during backup and restore. Cmnd_Alias _YUM = yum update --disablerepo="*" --enablerepo="" -y # This alias ensures that can now update from the system local Yum repository. Cmnd_Alias _INSTALL_PKG = /bin/yum install * # This aliasallow us to add additional dependencies to continue to provide functionality. Cmnd_Alias _UPDATE_PKG = /bin/yum update * # This aliasallow us to add additional dependencies to continue to provide functionality. Cmnd_Alias DAEMON_RELOAD = /bin/systemctl daemon-reload # This alias ensures that can reload system services if any further changes are required to Director boot-time initialization. Cmnd_Alias _REBOOT = /bin/systemctl reboot # This alias processes the appropriate command to restart the director system. Cmnd_Alias _IPTABLES = /sbin/iptables * # This alias was added in 4.4.0.0. Version prior to 4.4.0.0 will not have this by default, so Admins must update the /etc/sudoers.d/ file manually to prevent communication problems over proxies. #This alias processes the appropriate command to to allow the CNTLM proxy to run. user ALL=(ALL) NOPASSWD: CHOWN__ROOT, _HTTPD, _APACHECTL, _SERVICE, CHOWN_RVM, EXTRACT_RVM, COPY_RVM, RM_RVM, CHOWN_HTTPD, POSTGRES_SU, _YUM, _INSTALL_PKG, _UPDATE_PKG, DAEMON_RELOAD, _REBOOT, _INT_KILL, _IPTABLES # _IPTABLES was added in 4.4.0.0. Versions prior to 4.4.0.0 will not have this by default, so Admins must update the /etc/sudoers.d/ file manually to prevent communication problems over proxies.