Release Automation

 View Only
  • 1.  How to "su" in a restricted Linux environment?

    Posted Apr 20, 2015 12:54 PM

    Client environment is having several restriction:

    1) Disabled SSH interactive login for "deployment" ID. That causes OOTB feature (set credential) and action (SSH actions) not working.

    2) Sudo not allowed

    3) Key exchange not allowed, thus user must enter password (password auto reset every hour) before each deployment start.

    4) Agent cannot be run as "deployment ID" for security purpose. It has to be "su" from allowed credential.

     

    Without RA, user needs to:

    1) Login to their "2F-authentication" ID (similar to CA PMFKEY). This is an allowed credential to "su" into deployment ID.

    2) After logined, perform "su - <deployment ID>"

    3) Key in password (retrieved from PasswordVault..ie: CyberArk)

     

    "SU" command doesnt support password as input parameter, it's now a challenge to even start performing the deployment. Tried "echo <password> | su - deployID" but in vain.

     

    Help needed.



  • 2.  Re: How to "su" in a restricted Linux environment?

    Posted Apr 20, 2015 01:11 PM

    why not setup sudo ?



  • 3.  Re: How to "su" in a restricted Linux environment?

    Posted Apr 20, 2015 01:17 PM

    Hi Steve. Unfortunately, client's security policy doesn't allow sudo to be executed by any functional ID.

     

    Note: It's a bank client; with rather stringent policy.



  • 4.  Re: How to "su" in a restricted Linux environment?

    Posted Apr 20, 2015 01:20 PM

    do they have autosys ?



  • 5.  Re: How to "su" in a restricted Linux environment?

    Posted Apr 20, 2015 01:27 PM

    Hi Steve. Nope. They don't - unfortunately.



  • 6.  Re: How to "su" in a restricted Linux environment?

    Posted Apr 20, 2015 01:31 PM

    well this will be special. because i would have said have the scheduler do it for you .

    ;-)



  • 7.  Re: How to "su" in a restricted Linux environment?

    Posted Apr 20, 2015 01:45 PM

    Did you try  to use "expect" utility?

    Jacky



  • 8.  Re: How to "su" in a restricted Linux environment?

    Posted Apr 20, 2015 01:54 PM

    my caveat in trying to do this .. how are you storing the password?

    and how will you pass it to expect etc etc..



  • 9.  Re: How to "su" in a restricted Linux environment?

    Posted Apr 21, 2015 02:43 AM

    Hi Jacky. Client doesnt have "expect" installed in their servers.



  • 10.  Re: How to "su" in a restricted Linux environment?

    Posted Apr 21, 2015 08:02 AM

    It sounds to me the client doesn't want the machines to do much.

    Time to have the SAs and infosec figure this quandary out. They have done a stellar job bricking the environment.

     

    Good Luck

     

    Steve C.