On 11 November 2010 22:05, Stephen John Smoogen <[email protected]> wrote: > On Thu, Nov 11, 2010 at 09:06, Domenico Viggiani <[email protected]> wrote: >> Thus, don't think to practical reasons but help me to disable generic root >> access, with the obvious escapes in case of disaster (no network, rescue, >> etc) > 1) Root account has a generated password that is saved in an envelope > etc for emergencies. <snip> > Procedure wise the root password is locked away per system in a safe. > When it needs to be used, > a) the process is log access to the safe, > b) give the person the envelope, > c) make a new centrally managed password for that system and new envelope. > d) have person log in with that password for such reasons and then > push out new password to system.
Similar scheme at one of my old employers, only difference was that the safe was virtual, rather than physical. http://www.enterprise-password-safe.com/ The advantage of this approach is that if the building with the safe in is inaccessible (if a system went down in the dead of night and I had remote Console access, I don't think I want to drive to work just to open a physical safe, thankyou very much) you can still get the password and you can set up suitable compliance policy. The key detail we had was that our Security Team managed the virtual safe, but didn't have users to access the system ( so couldn't use the root password, even if they knew it), whereas the sysadmin team has user and sudo access, but didn't manage the safe. This seems to work and satisfied any auditor that expressed an interest. -- Sam _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
