Yes, name service (DNS) is running but not supported by my department. This infrastructure has grown into what it is now for long time. I am trying to straighten it out.
- Jamie On Sat, Mar 13, 2010 at 12:12 PM, Tom H <tomh0...@gmail.com> wrote: > > I recently because the Senior Server Architect (Server Administrator) and > > now support over 1500 servers and workstations and am looking for an > easier > > way to mange privileged access. > > > I have a mix of RHEL, HP-UX and Solaris based devices. We use CFenigine > to > > manage part of configuration. The devices are located at 40 different > > sites. > > > basic requirements: > > Access is manage from a central location, possible CFengine manged > > Sudoer file is updated at least once a day, again possible CFegine > managed > > Sudoer file would need to be built custom for each device, a complex > sudoer > > file is not easy to manage. > > Compare the existing sudo file to the proposed one to see if unauthorized > > changes were made. I realize this would be had to do especially if there > > are authorized changes in the new file. > > All commands are logged. > > > advanced requirements, things that would be nice to have > > Once privileged access is granted user gets access w/o having to update > the > > client > > If privileged access is revoked users will no longer have privileged > access > > w/o having to update the client > > A reason for being root is asked of the user before granting "su -" > access > > but is not logged if they user just runs a command. > > Limit changing root's password, even for root. > > Rather than create different /etc/sudoers for each box, can't you use > a name service (with >1500 boxes you must already have one running) > and set up netgroups for users, commands, boxes, and auths? > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > -- Jamie Bohr
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
