What methods/programs do folks use or recommend for a large mixed environment?

We have a mix of OS's from HPUX, Tru-64 (ya still), AIX, and Linux flavors. I'm looking at ~300 nodes to manage and would like a means to securely, but effectively manage these hosts.

Right now, we're using an expect script w/ a ksh wrapper that will run commands w/ a su -c root, but that requires you to stick user and root password in plain text files which isn't choice, even if temporary.

Root login isn't permitted via SSH of course, as that's a SOX violation.

Just looking for some direction or recommendations of what other folks are using when faced w/ this task.

Thanks for any advice you can offer!

SOX, uggh! best describes it.

We have the following for jobs that are repeated periodically:
a job in root cron on each remote node that runs once per (U pick it) minute interval. It reads a command file. The file format is something like this:
The file lives in a protected sftp only folder. The 1 refers to #1 in a list of commands known to the cron script.

The cron script decodes the one, adds the arguments. It then goes thru submitting (at now) each job request in the file. The command file is then zeroed. The cron job keeps a log of when & what was submitted.

The 'control panel' is on a single box. It's job is to build the command request files and scp them to the remote box(es) using the protected account. It keeps track of pending requests so that an unprocessed request file on a remote node does not get overwritten.
There is also an 'adhoc' request screen.

In practice the command file sent to remote boxes is encrypted. On a per remote box basis. And there are validation fields as well. This is to prevent spoofing.
We have 400+ Linux servers, 20+ HP-UX boxes and some oddballs.

it's really great here so much to learn....nice post thanks....



demande carte de
credit - Carte de credit, credit en ligne.
La notation des maison de credit rejaillit sur le client !