[clug] Distributed Administration
David Tulloh
david at tulloh.id.au
Fri Sep 25 23:53:14 MDT 2009
steve jenkin wrote:
> <butchered>
> Chief security function was keeping the 'enable' passwords secret from
> the Admins - the software handled logins...
>
> Anyone know if something similar exists for Linux systems?
> - SSH to central m/c. [strong proof of identity]
> - no direct access to remote m/c's. [tool does SSH]
>
Using ssh keys will probably get you a similar result. You can also use
ldap logins with sudo to avoid anyone having to know 'the password'.
> - fine-grained access control to hosts/commands/operations
>
sudo can do this for you but you run into issues where the command has
full privileges and can run other commands. Some of the fancier SELinux
style permissions may be able to restrict this better.
> - logging of changes, with implied versioning and 'undo'
sudo can also log the actions but this suffers from the same issues as
the previous point (how useful is a log of `sudo bash`). I think
versioning and undo is normally handled by pushing /etc into fully
fledged version management system. You can also use this to make
changes and push them out to a collection of boxes.
The implementations I've seen an admin can still change /etc without
checking it in but you can easily catch this through a cron script or
the like. It would be possible to have /etc track the version system
and update itself via an automatic or manual trigger, combined with no
direct access. This would enforce logging for any change.
I'm not sure you are going to find a system like this out of the box,
everyone's needs are slightly different. It seems like the various
pieces you need to put it all together are available though.
David
More information about the linux
mailing list