Today I would like to present a module recently introduced in NetEye. The implementation has been promoted by a customer with the requirement to delegate repeated administrative task to dedicated operating and helpdesk departments.
The ActionLaunchpad aims to provide to Non-Priviledged administators tasks they can Run on remote operating systems satisfying these requirements:
– Agents do not need to login direcly on the remote console ( RDP, SSH, … )
– Agents do not have to use and know administrative accounts
– The task Agents can perform are assignable through various Roles
– The Task can be run on multiple systems with one click
– The Commands to be run dont have to be digited each time ( time saving )
The mayor benefit from making use of the ActionLaunchpad might be obtainable for organizations with structured procedures and hierarchies. An example might be a department of Unix or Microsoft Systems administrators authorizing in this way a helpdesk to perform dedicated task on their systems – also with very limited and specifiable administrative delegations.
The ActionLaunchpad
With the administrative section the administrator is able to configure Commands. Natively the Launchpad makes also use of NRPE to run checks on the remote system. In addition there can be implemented local scripts that contain again logic to perform tasks towards remote sides. With that strategy there are quite unlimited possibilities to implement commands.
Example for running a local command:
When making use of NRPE for remote command execution a litte preparation is required. Within the remote agent the command acceptor has to be enabled. This is done on Linux within the standard path /etc/nagios/nrpe.cfg. The default command command call is “launchpad_action”.
Therefore we would define a command definition like this with the possibility to run arbitrary commands.
command[launchpad_action]=$ARG1$
An example configuration for calling the system uptime:
The definition dialog for this Command:
Note that NRPE commands are executed on the remote side with the permissions ( and limits ) of the agent. Normally the permission level does not allow administrative task and therefore it is required to define permission escalations. This is done in the best way by defining SUDO grants. Now a command can be called directly with the “SUDO” prefix or by defining the specific user “su” prefix in the command.
This module has been also integrated into the NetEye Web App, so the Service Desk can access the Action Launchpad through mobile pohones (iPhone or Android) or via tablet (iPad, Android tablets).
If you would like to get additional details on the new features released, you can download the NetEye release notes from this link! 🙂
.