Hello all. Thank you for reading.
I'm hoping someone can point me in the right direction here. I am looking to implement a wrapper script/utility that will prompt for a ticket number before running certain commands. I've used similar scripts in the past on systems that I didn't have admin access.
The wrapper would do something like this:
[root@vm-helios-019] shutdown -h now
*** WARNING *** You are attempting to shutdown a production server: vm-helios-019.digitalhermit.com Please enter the Change Log Ticket for shutdown CHG-FL-102122
Please confirm by entering your login password: xxxxxxxxxxxxxxxxxx
Ticket number CHG-GL-102122 for user Kwan Lowe (klowe) has been logged at Sun Feb 4, 2001 at 14:23 (2:23PM).
Ideally this would only kick in if the request is coming from an interactive session.
Thinking about it, just replacing the command with a wrapper could cause other problems.
Has anyone done anything similar?
Thanks, Kwan
On Mon, Jul 13, 2015 at 10:04:49AM -0400, Kwan Lowe wrote:
Please confirm by entering your login password: xxxxxxxxxxxxxxxxxx
Are you saying that this is an interactive process on the system? I'd suggest you make sure this isn't some sort of email ticket that stores a password or emails it.
You could probably use 'sudo' to handle the part of authenticating the user, and run a very limited service that queried a secure system for approval and initiated the shutdown.
On Mon, Jul 13, 2015 at 10:21 AM, Jonathan Billings billings@negate.org wrote:
Are you saying that this is an interactive process on the system? I'd suggest you make sure this isn't some sort of email ticket that stores a password or emails it.
Thanks for the reply. I'm thinking that the password would only be there to confirm. It would not be stored but would possibly leverage PAM.
You could probably use 'sudo' to handle the part of authenticating the user, and run a very limited service that queried a secure system for approval and initiated the shutdown.
sudo was a possibility.. However, I want to this specifically for folks with root access so sudo's checks won't work.
This is for two reasons: Audit requirements and as a second check for the admin. We've had a couple instances recently where the admin did work on the wrong server. Though i don't see any way to totally lock it down for someone with root access, I want to make it at least give some sort of warning.
The other tool I looked at was selinux. Combined with audit it could possibly work but not all the systems have selninux enabled.
Am 13.07.2015 um 16:47 schrieb Kwan Lowe kwan.lowe@gmail.com:
On Mon, Jul 13, 2015 at 10:21 AM, Jonathan Billings billings@negate.org wrote:
Are you saying that this is an interactive process on the system? I'd suggest you make sure this isn't some sort of email ticket that stores a password or emails it.
Thanks for the reply. I'm thinking that the password would only be there to confirm. It would not be stored but would possibly leverage PAM.
You could probably use 'sudo' to handle the part of authenticating the user, and run a very limited service that queried a secure system for approval and initiated the shutdown.
sudo was a possibility.. However, I want to this specifically for folks with root access so sudo's checks won't work.
This is for two reasons: Audit requirements and as a second check for the admin. We've had a couple instances recently where the admin did work on the wrong server. Though i don't see any way to totally lock it down for someone with root access, I want to make it at least give some sort of warning.
If your need is to be sure that the admin work on the right system, then I suggest to put something explicitly into /etc/motd (man motd).
If your work policy allows "folks" to work directly as root, then everything can be circumvented, saying that to suggest something totally trivial: aliases
cat /etc/profile.d/local.sh alias shutdown='/usr/local/sbin/wrapper-shutdown'
thought -- LF
-
Jonathan Billings -
Kwan Lowe -
Leon Fauster