The following table lists available sudo commands along with their purpose and whether they can accept wildcards.
| Command | Wildcards | Purpose |
|---|---|---|
/bin/chown -R <user> /opt/apps/verodin/node/node | FALSE | Upgrade Handling |
/bin/netstat -anp | grep {process name} | TRUE | Network Control |
/bin/systemctl daemon-reload | FALSE | Service Control |
/bin/systemctl disable chronyd | FALSE | NTP Control |
/bin/systemctl enable chronyd | FALSE | NTP Control |
/bin/systemctl mask nginx | FALSE | Service Control |
/bin/systemctl mask sshd | FALSE | Service Control |
/bin/systemctl mask verodin-backend | FALSE | Service Control |
/bin/systemctl mask verodin-network-monitor | FALSE | Service Control |
/bin/systemctl mask verodin-pull | FALSE | Service Control |
/bin/systemctl mask verodin-web | FALSE | Service Control |
/bin/systemctl reload nginx | FALSE | Service Control |
/bin/systemctl restart chronyd | FALSE | NTP Control |
/bin/systemctl restart nginx | FALSE | Service Control |
/bin/systemctl restart verodin-backend | FALSE | Service Control |
/bin/systemctl restart verodin-network-monitor | FALSE | Service Control |
/bin/systemctl restart verodin-pull | FALSE | Service Control |
/bin/systemctl restart verodin-web | FALSE | Service Control |
/bin/systemctl start ssh-second.service | FALSE | SSH Tunnel Control |
/bin/systemctl start sshd | FALSE | Service Control |
/bin/systemctl stop chronyd | FALSE | NTP Control |
/bin/systemctl stop nginx | FALSE | Service Control |
/bin/systemctl stop ssh-second.service | FALSE | SSH Tunnel Control |
/bin/systemctl stop sshd | FALSE | Service Control |
/bin/systemctl stop verodin-backend | FALSE | Service Control |
/bin/systemctl stop verodin-network-monitor | FALSE | Service Control |
/bin/systemctl stop verodin-pull | FALSE | Service Control |
/bin/systemctl stop verodin-web | FALSE | Service Control |
/bin/systemctl unmask nginx | FALSE | Service Control |
/bin/systemctl unmask sshd | FALSE | Service Control |
/bin/systemctl unmask verodin-backend | FALSE | Service Control |
/bin/systemctl unmask verodin-network-monitor | FALSE | Service Control |
/bin/systemctl unmask verodin-pull | FALSE | Service Control |
/bin/systemctl unmask verodin-web | FALSE | Service Control |
/opt/apps/verodin/node/ext/hans-master/hans | TRUE | ICMP Tunnel |
/opt/apps/verodin/node/ext/iodine/bin/iodine | TRUE | DNS Tunnel |
/sbin/iptables -A INPUT -i lo -p tcp --dport <port> -j ACCEPT | FALSE | open loopback port |
/sbin/iptables -A INPUT -p {proto} -m multiport --dports {portstr} -m state --state NEW,ESTABLISHED -j ACCEPT | TRUE | Firewall Control |
/sbin/iptables -A INPUT -p {protostr} --dport {portstr} -m state --state NEW,ESTABLISHED -j ACCEPT | TRUE | Firewall Control |
/sbin/iptables -A INPUT -s {ipstr}/32 -p {protostr} --dport {portstr} -m state --state NEW,ESTABLISHED -j ACCEPT | TRUE | Firewall Control |
/sbin/iptables -D INPUT -i lo -p tcp --dport <port> -j ACCEPT | FALSE | close loopback port |
/sbin/iptables -D INPUT -p {proto} -m multiport --dports {portstr} -m state --state NEW,ESTABLISHED -j ACCEPT | TRUE | Firewall Control |
/sbin/iptables -D INPUT -p {protostr} --dport {portstr} -m state --state NEW,ESTABLISHED -j ACCEPT | TRUE | Firewall Control |
/sbin/iptables -D INPUT -s {ipstr}/32 -p {protostr} --dport {portstr} -m state --state NEW,ESTABLISHED -j ACCEPT | TRUE | Firewall Control |
/sbin/iptables-restore < /opt/apps/verodin/node/node/tmp/iptables/update.txt | FALSE | Firewall Control |
/sbin/setcap CAP_NET_BIND_SERVICE=+eip /opt/apps/verodin/node/node/scripts/verodin_backend_service | FALSE | Upgrade Handling |
/usr/bin/date -s {sign} {adjust} seconds | TRUE | NTP Control |
/usr/bin/sysctl -w net.ipv4.ip_local_reserved_ports="" | FALSE | Network Control |
/usr/bin/sysctl -w net.ipv4.ip_local_reserved_ports="{ports}" | TRUE | Network Control |
/usr/bin/sysctl -w net.ipv4.tcp_orphan_retries=0 | FALSE | Action tcp orphan retry disable |
/usr/bin/sysctl -w net.ipv4.tcp_orphan_retries=1 | FALSE | Action tcp orphan retry enable |
/usr/sbin/ifdown <nic> | TRUE | Interface Control |
/usr/sbin/ifup <nic> | TRUE | Interface Control |
/usr/sbin/ip link set {nic} down | TRUE | Interface Control |
/usr/sbin/ip link set {nic} up | TRUE | Interface Control |
/usr/sbin/ntpdate <ntphost> | TRUE | NTP Control |
/usr/sbin/shutdown -r now | FALSE | Shutdown |
nmcli con reload {interface} | TRUE | Interface Route Handling |
nmcli connection modify {interface} -ipv4.routes "{destination}/{cidr} {gateway}" | TRUE | Interface Route Handling |
nmcli connection modify {interface} +ipv4.routes "{destination}/{cidr} {gateway}" | TRUE | Interface Route Handling |
nmcli connection modify {interface} ipv4.route-metric {metric} | TRUE | Interface Route Handling |
nmcli connection up {interface} | TRUE | Interface Route Handling |
timedatectl set-ntp 0 | FALSE | NTP Control |
timedatectl set-ntp 1 | FALSE | NTP Control |
touch /opt/apps/verodin/node/node/settings.json | FALSE | Actor Settings handling |