This is regarding Qualys authenticated scans of Unix
I read a discussion saying The Qualys Unix user requires elevated privileges (sudo) to run the rm command as root “to remove temporary files created during the detection process”.
However, there is no way with sudo to restrict which files or directories are deleted (as far as I know).
We are trying to implement a policy of least privilege so I am wondering is there is anything that can be done about this -
Where are the temporary files created?
What happens if we do not grant sudo rm?
Is there an alternative option?
sudo rm is a risk; is there a reason why the software can’t create the temporary files so they are owned by the Qualys user rather than root. Or, if the temporary files are created by root, the file or directory permissions allows the non-privileged user to delete them.