Issue
Imunify360 administrators might be concerned after finding the following command, for example, in a DirectAdmin custom script such as /usr/local/directadmin/scripts/custom/user_create_post.sh:
/usr/bin/imunify360-agent add-sudouser --user "$username"
Environment
- Imunify360
- DirectAdmin
Solution
This is expected and safe.
Cause
/usr/bin/imunify360-agent add-sudouser --user "$username" is an internal/helper command used by Imunify360 integrations.
It adds
$usernameto theimunify360-sudousersgroup, not to therootgroup.Members of the
imunify360-sudousersgroup are allowed to execute only/usr/bin/imunify360-command-wrapperwith elevated permissions:
# grep imunify /etc/sudoers
%imunify360-sudousers ALL=NOPASSWD: /usr/bin/imunify360-command-wrapper
Defaults!/usr/bin/imunify360-command-wrapper !requiretty
This is used to allow admins to communicate with the Imunify360 agent with admin-level permissions.
The historical case where DirectAdmin admin users appeared in the root group was investigated separately and was not identified as being caused by imunify360-agent add-sudouser.
Comments
0 comments
Please sign in to leave a comment.