Personal Blog of Emre Yaşar » RBAC http://www.yasars.com A bit technical, a bit lifestyle.. Tue, 27 Apr 2010 19:55:21 +0000 http://wordpress.org/?v=2.8.4 en hourly 1 BoKS – Getting -sorry- Answer After -suexec- Attempt http://www.yasars.com/index.php/2009/10/20/boks_getting_sorry_answer_after_suexec_attempt/ http://www.yasars.com/index.php/2009/10/20/boks_getting_sorry_answer_after_suexec_attempt/#comments Tue, 20 Oct 2009 20:30:17 +0000 Admin - Emre Yasar http://www.yasars.com/?p=289 AccessControl1Web

If you are getting “Sorry” response after trying suexec, /etc/hosts file must be first place you are looking.

emreyasar@testserver:~> /opt/boksm/bin/suexec cat /etc/shadow

Sorry

Let’s look at /etc/hosts file..

emreyasar@testserver:~> cat /etc/hosts

127.0.0.1       localhost

192.168.1.20   testserver.ford.com.tr

10.10.100.2     testserver.ford.com.tr testserver


The IP address of BoKS Master server is 192.168.1.20

As you see there are 2 interfaces on the server. One of them (10.10.100.2) is on private (interlink, iscsi, etc..) network.

As you know, usually,  there are at least  3 columns at /etc/hosts file

IP_ADDRESS      CANONICAL_HOST_NAME         ALIASES

Here is the key:

If you set an alias ,which is as BoKS host database, to a private (non-reachable from BoKS Master server) interface, you won’t achieve to make suexec or other BoKS related operation on that server.

Conclusion:

Set hostname alias to an interface which is reachable from BoKS Master server at /etc/hosts file.

True /etc/hosts file must be like this:

emreyasar@testserver:~> cat /etc/hosts

127.0.0.1       localhost

192.168.1.20   testserver.ford.com.tr     testserver

10.10.100.2     testserver.ford.com.tr

]]> http://www.yasars.com/index.php/2009/10/20/boks_getting_sorry_answer_after_suexec_attempt/feed/ 0 BoKS – Access Control for Servers Knowledgebase http://www.yasars.com/index.php/2009/10/20/boks-access-control-for-servers-knowledgebase/ http://www.yasars.com/index.php/2009/10/20/boks-access-control-for-servers-knowledgebase/#comments Tue, 20 Oct 2009 20:11:10 +0000 Admin - Emre Yasar http://www.yasars.com/?p=284 accesscontrol3

This topic will be dedicated just for  BoKS Server Manager application issues and experiences.

BoKS is an access control and auditing tool for especially Linux/Unix servers and also for Windows servers and applications and desktops.

If you want to apply “separation of duties” rudiment for system administrators on Linux/Unix servers you have to supply a role based acces control (RBAC) mechanism on servers.

And you have to consider RBAC especially on S-Ox servers.

Traditional ‘sudo’ mechanism is not enough for supplying RBAC.

So you have to prefer a 3rd party application for this purpose.

There is not many alternative products about supplying RBAC and auditing on Linux/Unix servers at the market.

Some of them are: eTrust Access Control (CA), Power Broker (beyondtrust – Formerly Known As Symark), BoKS Server Manager (FoxT)

We use BoKS in our company and I will be sharing some features, some issues and their solutions, some helpful commands, etc.

Briefly, you may find any interesting thing about BoKS here.

OK. It’s enough the story part. Let’s be a bit technical..

The first topic about BoKS is here..

]]> http://www.yasars.com/index.php/2009/10/20/boks-access-control-for-servers-knowledgebase/feed/ 0