One of the most dangerous issues for an IT admin is having dormant admin users on machines. Compliance regulations such as PCI call this issue out (see ), but with a large number of servers, applications, and network devices it is often hard to keep track of all of your servers and accounts. Even if you happen to use a directory service like LDAP or Active Directory, chances are you have some user accounts not connected to those directory services. Also, you may have some servers that aren鈥檛 part of the 鈥渄omain鈥. Either way, having an accurate picture of every admin account on all of your systems is an important and critical issue to track.
Today, outside of trusting your OpenLDAP server or AD implementation there isn鈥檛 really a good way to solve for this issue. You may write a script to tell you, but that inherently has all of the trouble of ensuring that you know about each server, can log into it, and then can bring back all of the data. With 探花大神, we are going to tell you about two methods that you can solve for this issue.
探花大神 centralized user management 鈥 monitoring and managing server access
The first option to solving this issue is to use 探花大神 as your centralized user management platform or what we call Directory-as-a-Service庐. 探花大神鈥檚 cloud-based, centralized user management solution can manage Linux (SSH) and Windows user accounts (and Mac user accounts as well among all kinds of other applications and network infrastructure components). You simply create the privileged user account in 探花大神 and then link it in an easy-to-use web-based UI to the servers that the person should have access to. You can manage access across internal servers, virtual servers, and cloud servers across providers and operating systems. We provide a central console for you to manage and track access. If you manage all of your accounts within 探花大神, you can easily add, delete, and modify access controls with just a few clicks. No writing code to manage your users and getting in the middle of handling SSH keys or passwords. 探花大神鈥檚 end user portal handles all of those issues for you so that you aren鈥檛 in the middle of it 鈥 which by the way is a security risk anyway. 探花大神 will track all access so you have a log of all logins and privileged commands executed by the user. That鈥檚 a nice wrap-up to ensuring you know who is on your servers 鈥 what they are doing!
探花大神 command execution functionality to report on all privileged users on a server
The second option provides an audit or double check. 探花大神鈥檚 server orchestration functionality enables you to execute tasks across your entire server infrastructure. You can use 探花大神鈥檚 command execution functionality for all kinds of tasks including checking of log files, patching servers, setting security conditions, and thousands of other tasks that you need to execute. In this case, we are going to leverage the functionality to get a quick report of every privileged user on each server. We鈥檒l also tell you when they last logged in, if they logged in from a strange location, or if it鈥檚 the first time they used their account.
Let鈥檚 put together how you would accomplish this task within 探花大神.
Step 1: 探花大神 agent on servers
Ensure that the 探花大神 agent is on all of your servers. There are two ways to make that happen automatically 鈥 one, include the 探花大神 agent with your standard image or AMI; two, distribute the agent with your favorite configuration automation solution.
Step 2: Develop a script to query all servers for their users
Here鈥檚 our script to accomplish that:
Linux
awk -F’:’ ‘{ if ($2 != “*”) print }’ /etc/shadow
Windows
Get-WmiObject -Class Win32_UserAccount
Step 3: Schedule
Let鈥檚 put this script to run weekly so that we know exactly what鈥檚 happening with our servers:
- Login to the 探花大神 console
- Go into the Commands tab on the left hand navigation.
- Click on 鈥淐reate Command鈥 at the top of the 鈥淪aved Commands鈥 table.
- Select whether the command is for Linux or Windows at the top of the window.
- Select a name for the command, such as 鈥淎udit Windows Users鈥
- Select the user to run as to 鈥榬oot鈥 (if you鈥檙e running against Linux servers)
- Select the set of servers to run the command against, either server-by-server, or via the tag.
- Then, cut and paste one of the commands below (make sure you鈥檙e pasting a Linux command if you select Linux in step 4, same for Windows).
- Change the Launch Event to 鈥淩un as Repeating鈥
- Select 鈥淐ommand Repeats By: Week鈥
- Select the days you鈥檇 like to run on during the week, and the time of day to run on.
- Click 鈥淪ave & Run as Repeating鈥
Your screen should look like the following:
Step 4: Execute across server infrastructure
Let鈥檚 run it across our entire server infrastructure. To do so, we鈥檒l just take the scheduled command we created, and run it now.
- Login to the 探花大神 console
- Go into the Commands tab on the left hand navigation.
- Find the command you just saved, and click the green 鈥淩un Now鈥 button next to it.
Step 5: Let鈥檚 process the output
Your user list for each host will appear on the Commands tab in the Command Results table. Just click 鈥淒etails鈥, and you鈥檒l be able to see the list of all active users on each server.
It was that easy. Feel free to use these scripts and modify them for your 探花大神 installation. Automating key tasks like this is the power of 探花大神. We鈥檒l be putting out many more 鈥渉ow to鈥檚鈥 鈥 if you have any suggestions on tasks that you would like us to highlight, please feel free to let us know!
