FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 01-23-2009, 03:30 PM
Ross Walker
 
Default OT: Managing change control in servers, LDAP, firewalls and switches question

On Fri, Jan 23, 2009 at 10:32 AM, Erick Perez <eaperezh@gmail.com> wrote:
> Hi, being an off-topic questions with so many vendors involved I had
> no definitive place to go to ask but here. So maybe some of the list
> members have ideas in mind.
>
> Currently we manage several switches,firewalls and MS LDAP and Centos
> OpenLDAP installations.
> We are looking for a "man in the middle" or "framework" to manage
> change on our network devices and LDAP-based servers.
> So far, using Quest ActiveRoles/Intrust has filled the part of LDAP,
> where administrators log into ActiveRoles/Intrust system, generate
> changes (delete OU, users, change passwords, etc) then the request has
> to be approved by a staff member in Activeroles/intrust. When the
> approval is sent to the system, the ActiveRoles/Intrust (and not the
> sysadmin) logs into the LDAP systems and perform the changes. This has
> proven useful in tracking changes (who did what, when, who approved
> it).
> We are looking into a similar solution (Quest Software does not have
> that for devices) to perform change and control on the routers,
> switches and firewalls.
>
> Maybe someone can also point me to a mailing list where i can ask the
> same question?

Most people do change management through trust, but verify, where change
requests are submitted, approved, then an administrator implements by hand,
and then replies that it was done successfully or not and what the failure was.
Then at some point, these changes are verified by someone else and confirmed
to been in place.

You could try to automate the verification process by using IDS software to log
all the environment changes, then match those up with change requests. Any
that happen without a change request were unauthorized and need to be rolled
back.

This way you get 2 birds with 1 stone, change management verification and
intrusion detection. Couple that with a good backup/restore strategy and you
should have the major bases covered.

-Ross
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 11:50 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org