Critical Systems Access Control: OS and DB

Project Description

The request was initiated by Ryno Hugo

Situation/Problem/Opportunity (WHAT):

 A)     To mitigate security risks on all servers as identified by auditors.

 

Documents

Project Progress

35%

Project Timing

  • Start
    Jul 01 2019
  • End
    Apr 30 2020

07/01/2019 04/30/2020

90%

Overall Project Completion

  • 20%
  • 60%

35%

  • 40%
  • 80%

1. Decide Ldap vs Keys Complete 100% Tasks 1 / 1

100%
Description

1 of 1 completedTasks

  • Make decision

2. TEST Complete 0% Tasks 0 / 0

0%
Description

3. Prod - Critical systems Complete 40% Tasks 0 / 1

40%
Description

We will do KFS first

4. Complete Linux Env rollout with Ansible Complete 0% Tasks 0 / 1

0%
Description

Project Discussion 6 Responses to Critical Systems Access Control: OS and DB

  1. We will pick up where we left of last year on 2 March

    February 24, 2020 at 8:31 am
    RIAAN MARX
  2. We are planning to give this also 1st Priority in 2020. We need to implement new policy on all Linux Svrs as well as finalize new policy for Windows Servers in terms of OS and SQL. This will get crucial attention as we start off in 2020.

    January 22, 2020 at 3:11 pm
    RIAAN MARX
  3. We plan to do ldap integration but this required development and we will do this at later stage also via ansible.

    September 11, 2019 at 1:27 pm
    RIAAN MARX
  4. We have an Ansible script that creates local users for all system team members. They are then allowed to sudo. Root access is disabled – as the root password chnaged and made unknown during the Ansible play. No one can log on as root. All system owners log in with a user friendly name: for example “riaanm” and the password generated is not displayed in any script or play – only the created hash is used. rootsh used with sudo makes root access possible with all commands then entered logged with the rootsh utility.

    September 11, 2019 at 1:27 pm
    RIAAN MARX
  5. We are in process to develop ansible play with ldap access control to replace root access.

    September 10, 2019 at 8:54 am
    RIAAN MARX
  6. 23 July 2019: Project request was approved

    July 23, 2019 at 10:26 am
    YVETTE LABUSCHAGNE

Leave a Reply