manager sudo file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I recently because the Senior Server Architect (Server Administrator) and now support over 1500 servers and workstations and am looking for an easier way to mange privileged access.

I have a mix of RHEL, HP-UX and Solaris based devices.  We use CFenigine to manage part of configuration.  The devices are located at 40 different sites.

basic requirements:
  1. Access is manage from a central location, possible CFengine manged
  2. Sudoer file is updated at least once a day, again possible CFegine managed
  3. Sudoer file would need to be built custom for each device, a complex sudoer file is not easy to manage.
  4. Compare the existing sudo file to the proposed one to see if unauthorized changes were made.  I realize this would be had to do especially if there are authorized changes in the new file.
  5. All commands are logged.
advanced requirements, things that would be nice to have
  1. Once privileged access is granted user gets access w/o having to update the client
  2. If privileged access is revoked users will no longer have privileged access w/o having to update the client
  3. A reason for being root is asked of the user before granting "su -" access but is not logged if they user just runs a command.
  4. Limit changing root's password, even for root.

A tool like Power Broker would be great but I have don't have the budget for it.  I looked at Free IPA but it looks complex and requires a greater commitment then just privileged access control. 

Googling did not provide a possible solution but I am hoping the experts on the list will point me in the right direction or give some advice.

--
Jamie Bohr
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux