Browse code
update readme
Greg Wiley authored on 28/04/2017 00:18:56Showing 1 changed files
| ... | ... |
@@ -7,9 +7,30 @@ At **CJ Engineering**, we will be implementing Dual Control on our production bo |
| 7 | 7 |
|
| 8 | 8 |
Dual Control is an open source project licensed under the [GNU General Public License](https://github.com/cjdev/dual-control/blob/master/COPYING). As it stands, Dual Control is written only for machines running Linux. However, we graciously welcome contributions, particularly those related to portability to other operating systems. |
| 9 | 9 |
|
| 10 |
-## For ZFR |
|
| 11 |
-* setup a native project |
|
| 12 |
- * for Linux (docker, virtualbox) |
|
| 13 |
-* installer |
|
| 14 |
-* CI + CD |
|
| 15 |
-* Logging |
|
| 10 |
+## Status |
|
| 11 |
+This is in active development. The current version uses a permanent token. The final version will |
|
| 12 |
+use a time-based OTP. |
|
| 13 |
+ |
|
| 14 |
+## Install |
|
| 15 |
+- Obtain and install the RPM |
|
| 16 |
+ - build yourself using the code in /cjdev/dual-control-rpm |
|
| 17 |
+ - get it from a developer |
|
| 18 |
+- Edit the `/etc/pam.d/sudo` (CentOS 7) |
|
| 19 |
+ - replace the existing auth lines with |
|
| 20 |
+``` |
|
| 21 |
+auth required pam_env.so |
|
| 22 |
+auth sufficient pam_unix.so nullok try_first_pass |
|
| 23 |
+auth requisite pam_succeed_if.so uid >= 1000 quiet_success |
|
| 24 |
+auth required pam_deny.so |
|
| 25 |
+``` |
|
| 26 |
+ |
|
| 27 |
+## Add a dual control token |
|
| 28 |
+- in the authorizer's account home, put the token characters in `.dual_control` |
|
| 29 |
+ |
|
| 30 |
+## Use |
|
| 31 |
+- log in with a test user that has `sudo` ability (not the vagrant account it is too |
|
| 32 |
+powerful) |
|
| 33 |
+- type `sudo bash` |
|
| 34 |
+- enter your password |
|
| 35 |
+- enter dual control token, authorizer's username + ':' + authorizer's token |
|
| 36 |
+ |