How to configure SUDO account on UNIX and Linux servers

Document ID : KB000047114
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction:

When using the CA Network Discovery Gateway (CA NDG) Softagent to discover UNIX and Linux servers, CA NDG attempts to establish an SSH connection to the UNIX and Linux hosts using the set of credentials provided in the credential vault. Depending how your UNIX/Linux security is configured, it is possible that some commands issued by the CA NDG Softagent cannot be authorized for the non-root user, resulting in less data being discovered for the server.

1. Use the sudo command to allow a non-root user to issue discovery-related commands under the root authority without having to supply root user credentials.

2. Define a path for the userid that is associated with the sudo user that includes all the locations for the commands that NDG needs to run and utilities that NDG discovery uses

 

Instructions:  

1. Configure /etc/sudoers file to use sudo to authorize non-root users

Create the following content for the sudo user to issue all CA NDG Softagent commands using sudo without prompting for root credentials:

Cmnd_Alias  SHELL       =   /usr/bin/zsh, /usr/bin/bash, /bin/sh

Cmnd_Alias  USERCMD1    =   /bin/uname, /bin/echo, /bin/cat, /bin/rm

Cmnd_Alias  USERCMD2    =   /bin/domainname, /bin/chmod, /bin/hostname, /tmp/ToUTF8

Cmnd_Alias  USERCMD3    =   /bin/netstat, /bin/df, /bin/ps, /bin/rpm

Cmnd_Alias  USERCMD4    =   /bin/ls, /sbin/ifconfig -a, /sbin/ip

Cmnd_Alias  USERCMD5    =   /sbin/mii-tool, /sbin/chkconfig, /sbin/sfdisk, /usr/sbin/dmidecode

Cmnd_Alias  USERCMD6    =   /usr/bin/cdrecord, /opt/xensource/bin/xe, /bin/lshmc

Cmnd_Alias  USERCMD7    =   /sbin/fdisk, /dev/null, /bin/grep, /usr/bin/cut, /usr/bin/awk

Cmnd_Alias  USERCMD8    =   /dev/mem, /bin/bash, /usr/bin/sudo

ndguser ALL=NOPASSWD: SHELL, PKGMAN, FIREWALL, USERCMD1, USERCMD2, USERCMD3, USERCMD4, USERCMD5, USERCMD6, USERCMD7, USERCMD8

 

2. Comment the line 'Defaults Requiretty' in SUDOERS file

    #Defaults Requiretty

 

3. Define the path for the sudo user

Edit the shell configuration file for your UNIX or Linux system's shell (typically, .bashrc in the user's $HOME directory), and add the following lines to the user's PATH definition:

All SUDO user accounts should have the .bashrc file configured as below.

PATH=$PATH:/bin:/sbin:/usr/sbin:/opt/xensource/bin

export PATH