On Mon, Jul 13, 2015 at 10:21 AM, Jonathan Billings billings@negate.org wrote:
Are you saying that this is an interactive process on the system? I'd suggest you make sure this isn't some sort of email ticket that stores a password or emails it.
Thanks for the reply. I'm thinking that the password would only be there to confirm. It would not be stored but would possibly leverage PAM.
You could probably use 'sudo' to handle the part of authenticating the user, and run a very limited service that queried a secure system for approval and initiated the shutdown.
sudo was a possibility.. However, I want to this specifically for folks with root access so sudo's checks won't work.
This is for two reasons: Audit requirements and as a second check for the admin. We've had a couple instances recently where the admin did work on the wrong server. Though i don't see any way to totally lock it down for someone with root access, I want to make it at least give some sort of warning.
The other tool I looked at was selinux. Combined with audit it could possibly work but not all the systems have selninux enabled.