- Jamie
On Sat, Mar 13, 2010 at 12:12 PM, Tom H <tomh0665@xxxxxxxxx> wrote:
> I recently because the Senior Server Architect (Server Administrator) andRather than create different /etc/sudoers for each box, can't you use
> now support over 1500 servers and workstations and am looking for an easier
> way to mange privileged access.
> I have a mix of RHEL, HP-UX and Solaris based devices. We use CFenigine to
> manage part of configuration. The devices are located at 40 different
> sites.
> basic requirements:
> Access is manage from a central location, possible CFengine manged
> Sudoer file is updated at least once a day, again possible CFegine managed
> Sudoer file would need to be built custom for each device, a complex sudoer
> file is not easy to manage.
> Compare the existing sudo file to the proposed one to see if unauthorized
> changes were made. I realize this would be had to do especially if there
> are authorized changes in the new file.
> All commands are logged.
> advanced requirements, things that would be nice to have
> Once privileged access is granted user gets access w/o having to update the
> client
> If privileged access is revoked users will no longer have privileged access
> w/o having to update the client
> A reason for being root is asked of the user before granting "su -" access
> but is not logged if they user just runs a command.
> Limit changing root's password, even for root.
a name service (with >1500 boxes you must already have one running)
and set up netgroups for users, commands, boxes, and auths?
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
--
Jamie Bohr
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines