SUDO Controls requires:
- Korn shell
- Perl (a recent v5 will do)
- SSH client + server (on both SSH master & client hosts). SFTP must be allowed on all client hosts.
- SUDO (on client hosts)
SUDO Controls consists of:
- A set of master configuration files (aka the SUDO Controls master repository):
grants
: defines which SUDO rules should be configured where (i.e. target host)alias
: defines aliases (aka groupings) for hosts, SUDO rules or other groups. These aliases may be referenced in thegrants
file.targets
: defines the list to which SUDO Controls files should be distributed.fragments
(file) /fragments.d
(directory): can be either of- A file containing a pre-defined list of SUDO rules (cfr.
/etc/sudoers
) - A directory containing a pre-defined list of SUDO rules organized in different files (cfr.
/etc/sudoers.d
)
- A file containing a pre-defined list of SUDO rules (cfr.
- A set of management scripts:
update_sudo.pl
: script to locally update & control the SUDOsudoers.d
filesmanage_sudo.sh
: script to distribute the SUDO controls files, verify the SUDO syntax or to trigger theupdate_sudo.pl
script remotely.
- A correct working environment:
- A working SSH login for each of the client hosts. You can use SSH Controls for this purpose.
- A running SSH agent that will propagate the maintainer’s private key to each of the client hosts upon remote access/control (see also the Master to slave operations topic for more information on this).
- Pre-configured SUDO rules to allow the update of SUDO controls on each of the client hosts (chicken-and-the-egg!).
Leave a comment