Beruflich Dokumente
Kultur Dokumente
1 Revision History
Date
14.06.2016
Version
1.0
Description
Document to configure email notification for root login and authentication for sudo access to root
Status
Author / Editor
Velroy Noronha
Final
Velroy
Velroy Noronha
Linux Systems Administrator
velroy.noronha@wirecard.com | +971-4-3748-402
Short name
Reviewed by
14/06/2016
3 Table of Contents
1
Purpose of configuring email notification and authentication for root login ................ 3
Requirements ................................................................................................................. 4
Procedure ....................................................................................................................... 4
Timeline .......................................................................................................................... 9
6 Restore requirements
Following are the requirements to go ahead with this implementation.
a. Jira ticket for the change
b. Root access to the server
7 Procedure
1. Login to the server and sudo to root.
2. Check if direct root login has been disabled and encrypted password is put in place.
- If direct root login has not been disabled or encrypted password is not configured, raise a
new Jira ticket to disable direct root login and implement the encrypted password and assign it to the respective owner from the systems team.
Email Notification
3. Get in /root directory or confirm you are in /root directory
5. Edit the .bash_profile using the vi editor and add the following lines at the bottom of the file by
replacing the content marked in red with the respective server name, Server IP and to who all
the email notification needs to be configured. In our case email notification is configured to the
Linux systems team and Abishek from the security team.
#!/bin/bash
function findUser() {
thisPID=$$
origUser=$(whoami)
thisUser=$origUser
while [ "$thisUser" = "$origUser" ]
do
ARR=($(ps h -p$thisPID -ouser,ppid;))
thisUser="${ARR[0]}"
15/06/2016
myPPid="${ARR[1]}"
thisPID=$myPPid
done
getent passwd "$thisUser" | cut -d: -f1
}
user=$(findUser)
mail -s "Root Access on wp2rtwo03p(10.11.200.193) on `date` by $user from `who |grep $user|awk '{print $5}'|tail -1`" abishek.s@wirecard.com,wdp.linuxadmin@wirecard.com <<< "ALERT - Root Access on wp2rtwo03p(10.11.200.193) on: `date` by $user from `who |grep $user|sort k1,4|cut -d '(' -f2 |sed -e "s/)/ /g"|tr -d '\n'|awk '{print $NF}'`. The user is currently also logged in from the following hosts :- `who |grep $user|awk '{print $3"
"$4" " $5}'` "
7. Edit the /etc/sudoers file with the vi editor, find the following lines, copy the lines and comment
the lines.
Find the below lines
%grpUnixAdmins ALL=(ALL) NOPASSWD: ALL
%grpOraAdmins ALL=(ALL) NOPASSWD: DBADMIN
%grpAppAdmins ALL=(ALL) NOPASSWD: APPADMIN
lecture = always
15/06/2016
Activity
Email notification
Root authentication
Duration
10 mins
10 mins
Total Time 20 mins
9 Verification
Email notification
Open a new ssh session and sudo to root, and check the email notification in the configured email accounts.
Root Authentication
Sudo to root and check if you are prompted for password.
-----------The End-----------
15/06/2016