lansweeper is totally cool with windows audits. and for linux/solaris/mac audits you have to have ssh enabled and the auditing user with a password. o k a y. pubkeys would be waay better, but i digress. given the task at hand, you still need to create a user on each and every one of those boxes. and because you're cool, you have ssh and pubkey access. cool.
From a management host: # scp ~/lansweeper/skel/.* root@host:/etc/skel # ssh -l root host 'bash -s' < lansweeperscript.sh oh, and you have some special skel files, too. because you're awesome. .... #!/bin/bash # lansweeperscript mkdir /opt/lansweeper ; useradd lansweeper -g users -d /opt/lansweeper echo -e "silly\!pass\nsilly\!pass" | passwd lansweeper cp /etc/skel/.bashrc /etc/skel/.profile /opt/lansweeper/ chown -R lansweeper.users /opt/lansweeper cp /etc/sudoers /etc/sudoers.$(date +%Y%m%d%k%M) sed -i -r -e 's/Defaults\s+(.*)requiretty(.*)/\1\2/' /etc/sudoers echo 'lansweeper ALL=(ALL:ALL) ALL' >> /etc/sudoers ..... You get bonus points if you're on a standalone box that doesn't do LDAP auth, but happens to have directories mounted and the like... a. have an LDAP server and have created the user lansweeper and taken note of the uid (say 15349) . b. created a home directory on your NFS-accessible fileserver (say, a NetApp) and have exported the volume as /home. c. edited the passwd file on your NFS-accessible NetApp and have put in the username, uid & gid ; say: lansweeper::15349:100::/: d. and mount /home via fstab or something on your machine. say, you have this line: netapp:/home /home nfs rsize=8192,wsize=8192 0 0 e. you change that first command to: useradd lansweeper -u 15349 -g users -d /home/lansweeper But if you're awesome and are on an LDAP'd system, you really only need to: #!/bin/bash # lansweeperscript cp /etc/sudoers /etc/sudoers.$(date +%Y%m%d%k%M) sed -i -r -e 's/Defaults\s+(.*)requiretty(.*)/\1\2/' /etc/sudoers echo 'lansweeper ALL=(ALL:ALL) ALL' >> /etc/sudoers g. if you're totally lazy and not on a centos or redhat box you can forget the tty nonsense and issue this from your management system shell: echo 'lansweeper ALL=(ALL:ALL) ALL' | ssh root@host "cat >> /etc/sudoers" ..... NB: sometimes you'll find that there's something funny going on with sudoers and tty; that's why i've removed the requiretty line from /etc/sudoers. But a backup is always good in case we do something "wrong".
No comments:
Post a Comment