<h2>Linux Elevation Control</h2>
<ol>
<li>Sudo commands allow the user to execute an action as a superuser. When a user performs this action in a Linux terminal, ThreatLocker logs it in the Unified Audit as an ‘Elevate’ Action Type.&nbsp; <img src="https://cdn.livechat-files.com/api/file/kb/file/9686855/a7a7b77981-8583330442f595c54ca8.png"> <img src="https://cdn.livechat-files.com/api/file/kb/file/9686855/906cd4ed81-080bd8f52952f1110fcb.png"></li>
<li>On a Windows machine, the ‘Elevate’ action type would signify a user gaining elevated privileges, but Linux machines do not operate the same way. Instead, if a Linux machine displays the ‘Elevate’ action type, it is to inform you through the Unified Audit that a user has run the sudo command. Additionally, it prevents the user from continuously typing the sudo password when running a sudo command.&nbsp;</li>
<li>This feature only works with file paths and does not work with hashes.&nbsp;</li>
</ol>
&nbsp;
Example Creation of a policy to elevate ls: <img height="583" width="445" alt="" src="https://cdn.livechat-files.com/api/file/kb/file/9686855/128e106d69-86bd6652ecebd2c7128f.png">
Setting up an application definition to elevate ls <img height="336" width="445" alt="" src="https://cdn.livechat-files.com/api/file/kb/file/9686855/7095acb3ba-50468fa0864d729feef8.png">
sudo -k removes any sudo cache.
Here, you can see sudo ls is ran and no password prompt is required.
<img alt="" src="https://cdn.livechat-files.com/api/file/kb/file/9686855/9853be0f49-ba66e58c561650b8c654.png">

LINUX ELEVATION CONTROL

 1. Sudo commands allow the user to execute an action as a superuser. When a user performs this action in a Linux terminal, ThreatLocker logs it in the Unified Audit as an ‘Elevate’ Action Type. 
    
    
    
 2. On a Windows machine, the ‘Elevate’ action type would signify a user gaining elevated privileges, but Linux machines do not operate the same way. Instead, if a Linux machine displays the ‘Elevate’ action type, it is to inform you through the Unified Audit that a user has run the sudo command. Additionally, it prevents the user from continuously typing the sudo password when running a sudo command. 
 3. This feature only works with file paths and does not work with hashes. 

 

Example
Creation of a policy to elevate ls:


Setting up an application definition to elevate ls


sudo -k removes any sudo cache.

Here, you can see sudo ls is ran and no password prompt is required.



Linux Elevation Control