CentOS - Jul 2015 - Wrapper script for shutdown, passwd, etc. commands

Hello all. Thank you for reading.

I'm hoping someone can point me in the right direction here. I am looking
to implement a wrapper script/utility that will prompt for a ticket number
before running certain commands. I've used similar scripts in the past on
systems that I didn't have admin access.

The wrapper would do something like this:


  [root at vm-helios-019]  shutdown -h now

   *** WARNING ***
   You are attempting to shutdown a production server:
vm-helios-019.digitalhermit.com
   Please enter the Change Log Ticket  for shutdown   CHG-FL-102122

   Please confirm by entering your login password: xxxxxxxxxxxxxxxxxx

   Ticket number CHG-GL-102122 for user Kwan Lowe (klowe) has been logged
at
    Sun Feb 4, 2001 at 14:23 (2:23PM).

Ideally this would only kick in if the request is coming from an
interactive session.

Thinking about it, just replacing the command with a wrapper could cause
other problems.

Has anyone done anything similar?

Thanks,
Kwan

On Mon, Jul 13, 2015 at 10:04:49AM -0400, Kwan Lowe
wrote:
>    Please confirm by entering your login password: xxxxxxxxxxxxxxxxxx
Are you saying that this is an interactive process on the system?  I'd
suggest you make sure this isn't some sort of email ticket that stores
a password or emails it.

You could probably use 'sudo' to handle the part of authenticating the
user, and run a very limited service that queried a secure system for
approval and initiated the shutdown.

-- 
Jonathan Billings <billings at negate.org>

On Mon, Jul 13, 2015 at 10:21 AM, Jonathan Billings <billings at
negate.org>
wrote:
> Are you saying that this is an interactive process on the system?  I'd
> suggest you make sure this isn't some sort of email ticket that stores
> a password or emails it.
>
Thanks for the reply.  I'm thinking that the password would only be there
to confirm. It would not be stored but would possibly leverage PAM.

> You could probably use 'sudo' to handle the part of authenticating
the
> user, and run a very limited service that queried a secure system for
> approval and initiated the shutdown.
>
sudo was a possibility.. However, I want to this specifically for folks
with root access so sudo's checks won't work.

This is for two reasons:  Audit requirements and as a second check for the
admin. We've had a couple instances recently where the admin did work on
the wrong server. Though i don't see any way to totally lock it down for
someone with root access, I want to make it at least give some sort of
warning.

The other tool I looked at was selinux. Combined with audit it could
possibly work but not all the systems have selninux enabled.