So I'm looking at running the BIND scripts on our primary DNS server but I'm running into a couple of security questions that have me stymied - Have folks come up with workarounds for it?
First, root access through ssh is disabled; users can log in as themselves and either sudo or su to get root access. Obviously in the script rndc isn't normally even usable by non-root users, but it's going to be tough to change this policy.
Second, assuming we can log in as root our bind implementation uses a rndc key for authorization, so I'd have to import that into the script as well. Not too bad if we do have root access, but another headache.
I'm curious to hear how other people are running the monitor.
I've worked with a handful of customers to set this up but none have been as security conscious as you. Some customers do need to modify the script to allow it to SU to root but as a general rule we recommend changing the permissions of the file to allow non-root users to execute the command. You will need to alter the script slightly to pass your mdc key properly regardless of which route you take.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.