manager sudo file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I recently because the Senior Server Architect (Server Administrator) and now support over 1500 servers and workstations and am looking for an easier way to mange privileged access.

I have a mix of RHEL, HP-UX and Solaris based devices.  We use CFenigine to manage part of configuration.  The devices are located at 40 different sites.

basic requirements:
  1. Access is manage from a central location, possible CFengine manged
  2. Sudoer file is updated at least once a day, again possible CFegine managed
  3. Sudoer file would need to be built custom for each device, a complex sudoer file is not easy to manage.
  4. Compare the existing sudo file to the proposed one to see if unauthorized changes were made.  I realize this would be had to do especially if there are authorized changes in the new file.
  5. All commands are logged.
advanced requirements, things that would be nice to have
  1. Once privileged access is granted user gets access w/o having to update the client
  2. If privileged access is revoked users will no longer have privileged access w/o having to update the client
  3. A reason for being root is asked of the user before granting "su -" access but is not logged if they user just runs a command.
  4. Limit changing root's password, even for root.

A tool like Power Broker would be great but I have don't have the budget for it.  I looked at Free IPA but it looks complex and requires a greater commitment then just privileged access control. 

Googling did not provide a possible solution but I am hoping the experts on the list will point me in the right direction or give some advice.

--
Jamie Bohr
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux