Re: shutdown user and accountability

2001-11-29 Thread Gerhard Schneider 

On Wed, 2001-11-28 at 01:51, Olaf Meeuwissen wrote:
 Dear .debs,
 
 I'm maintaining a (small-time) group server for our department.  In
 order to satisfy company policy requirements I need to provide a way
 to shutdown the server in case of emergencies.  Our network admin was
 kind enough to give me two alternatives:
 
   1) provide an on-screen shutdown button

Could be made rather easy by using a mouse and the special features of
gpm.
   Special commands are toggled by triple-clicking  the  left
   and  right button -- an unlikely event during normal mouse
   usage. The easiest way to triple-click is pressing one  of
   the  buttons  and triple-click the other one. When special
   processing is toggled, a message appears  on  the  console
   (and  the  speaker beeps twice, if you have a speaker); if
   the user releases all the buttons and presses one of  them
   again  within three seconds, then the special command corĀ­
   responding to the button is executed.

   The default special commands are:

   left button
  Reboot the system by signalling the init process

   middle button (if any)
  Execute `/sbin/shutdown -h now'

   right button
  Execute `/sbin/shutdown -r now'

   2) provide a shutdown user account (and document its usage)
 
 I didn't like either approach because they lack accountability: after
 a shutdown I can't tell *who* did it.
 BTW, the server has no screen for buttons, so 1) is not an option to
 begin with.  You have to ssh in to do anything (exploit one of inetd,
 exim, samba or apache in some way may be an alternative ;-).
 
 I came up with a 'sudo /sbin/halt' for department members (and others
 on an as needed basis), but that was no good.  Everyone has to be able
 to shut it down.  I racked my brains but didn't come up with anything
 that provides accountability.  Anyone any suggestions?

If it's too hard to log the user, who made the shutdown, maybe it would
be enough to use sshd or netfilter to log the workstation which was
used.
 
 Right now, I'm stuck with 2) and writing the password on the machine
 (or similar) *or* stay with what I have now and take my chances with
 people flicking the power switch.
 BTW, the server is not in a physically secure location, so I run the
 power switch thingy risk anyway.
 
 Suggestions, discussions of pros and cons welcome,
 -- 
 Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
 GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
 LPIC-2   -- I hack, therefore I am -- BOFH
 
 
 -- 
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
 
 
 





--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: shutdown user and accountability

2001-11-29 Thread Gerhard Schneider 
On Wed, 2001-11-28 at 01:51, Olaf Meeuwissen wrote:
 Dear .debs,
 
 I'm maintaining a (small-time) group server for our department.  In
 order to satisfy company policy requirements I need to provide a way
 to shutdown the server in case of emergencies.  Our network admin was
 kind enough to give me two alternatives:
 
   1) provide an on-screen shutdown button

Could be made rather easy by using a mouse and the special features of
gpm.
   Special commands are toggled by triple-clicking  the  left
   and  right button -- an unlikely event during normal mouse
   usage. The easiest way to triple-click is pressing one  of
   the  buttons  and triple-click the other one. When special
   processing is toggled, a message appears  on  the  console
   (and  the  speaker beeps twice, if you have a speaker); if
   the user releases all the buttons and presses one of  them
   again  within three seconds, then the special command corĀ­
   responding to the button is executed.

   The default special commands are:

   left button
  Reboot the system by signalling the init process

   middle button (if any)
  Execute `/sbin/shutdown -h now'

   right button
  Execute `/sbin/shutdown -r now'

   2) provide a shutdown user account (and document its usage)
 
 I didn't like either approach because they lack accountability: after
 a shutdown I can't tell *who* did it.
 BTW, the server has no screen for buttons, so 1) is not an option to
 begin with.  You have to ssh in to do anything (exploit one of inetd,
 exim, samba or apache in some way may be an alternative ;-).
 
 I came up with a 'sudo /sbin/halt' for department members (and others
 on an as needed basis), but that was no good.  Everyone has to be able
 to shut it down.  I racked my brains but didn't come up with anything
 that provides accountability.  Anyone any suggestions?

If it's too hard to log the user, who made the shutdown, maybe it would
be enough to use sshd or netfilter to log the workstation which was
used.
 
 Right now, I'm stuck with 2) and writing the password on the machine
 (or similar) *or* stay with what I have now and take my chances with
 people flicking the power switch.
 BTW, the server is not in a physically secure location, so I run the
 power switch thingy risk anyway.
 
 Suggestions, discussions of pros and cons welcome,
 -- 
 Olaf Meeuwissen   Epson Kowa Corporation, Research and Development
 GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
 LPIC-2   -- I hack, therefore I am -- BOFH
 
 
 -- 
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]