SUDO Controls requires:

  • Korn shell
  • Perl (a recent v5 will do)
  • SSH client + server (on both SSH master & client hosts). SFTP must be allowed on all client hosts.
  • SUDO (on client hosts)

SUDO Controls consists of:

  • A set of master configuration files (aka the SUDO Controls master repository):
    • grants: defines which SUDO rules should be configured where (i.e. target host)
    • alias: defines aliases (aka groupings) for hosts, SUDO rules or other groups. These aliases may be referenced in the grants file.
    • targets: defines the list to which SUDO Controls files should be distributed.
    • fragments (file) / fragments.d (directory): can be either of
      • A file containing a pre-defined list of SUDO rules (cfr. /etc/sudoers)
      • A directory containing a pre-defined list of SUDO rules organized in different files (cfr. /etc/sudoers.d)
  • A set of management scripts:
    • update_sudo.pl: script to locally update & control the SUDO sudoers.d files
    • manage_sudo.sh: script to distribute the SUDO controls files, verify the SUDO syntax or to trigger the update_sudo.pl script remotely.
  • A correct working environment:
    • A working SSH login for each of the client hosts. You can use SSH Controls for this purpose.
    • A running SSH agent that will propagate the maintainer’s private key to each of the client hosts upon remote access/control (see also the Master to slave operations topic for more information on this).
    • Pre-configured SUDO rules to allow the update of SUDO controls on each of the client hosts (chicken-and-the-egg!).

Updated:

Leave a comment