1194493 – [RFE]Best practice change password of root schedule 90 days and have option to input the password or random it

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1194493 - [RFE]Best practice change password of root schedule 90 days and have option to input the password or random it

Summary: [RFE]Best practice change password of root schedule 90 days and have option t...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Remote Execution
Sub Component:
Version:	6.1.0
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	Unspecified
Assignee:	Katello Bug Bin
QA Contact:	Stephen Benjamin
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	260381 1052273
TreeView+	depends on / blocked

Reported:	2015-02-20 00:29 UTC by Mario Gamboa
Modified:	2019-09-26 17:38 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-07-27 09:13:39 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:1501	0	normal	SHIPPED_LIVE	Red Hat Satellite 6.2 Capsule and Server	2016-07-27 12:28:58 UTC

Description Mario Gamboa 2015-02-20 00:29:08 UTC

Description of problem:
To archive the PCI DSS we need to schedule the change of the password of the user root each 90 days at this moment we doing via script but would be great if in satellite 6 we can send the change of password via host collections as task and also that the task can give us the option to input a new password for all the servers or make random password for the server in case of random password have the ability to send back from the server a email specify in this task and also get the notification in openscan for the next release of Satellite 6 this must be 1 of the good feature to get the standard in pci dss.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
No option to change root password scheduled in host collections or send this kind of task

Expected results:
Have some option to change the password or automatic assing new password to the server via schedule task.

Additional info:

Comment 1 RHEL Program Management 2015-02-20 00:59:45 UTC

Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

Comment 3 Mike McCune 2015-02-20 16:08:15 UTC

This would be well served if our remote management had the ability to arbitrarily execute scripts against the managed hosts.

You can do this currently with Satellite 5 and we need this in Satellite 6.

Comment 4 Mario Gamboa 2015-02-23 04:06:07 UTC

yes that's correct we can do this at the moment on Satellite 5 but to move forwared to Satellite 6 we need this feature also , thank you mike for you comment

Comment 6 Marek Hulan 2016-02-16 14:25:41 UTC

With remote execution plugin one can define job template with optional user input for specifying a password and second one for specifying email address to which the result should be sent. The template would generate random password (on target host) or use the one specified through input (would be saved in clear text in DB though).

Comment 8 Mario Gamboa 2016-02-28 08:27:10 UTC

That's correct marek with remote-execute command i can send a echo with the ecrypted password for change the root and schedule every 90 day that resolve the issue but redhat is taking so much time to deliver this plugin that is already in katello and now our company is using that instead of satellite because the time of response for a simple solution that is already in your open source take some much time almost a year that's ridiculous, and we know redhat doesn't care of the customer because always is the same history with you products , opensource quick response and quick fix redhat only is quick fix and response when is a security bug but after that any new feature already in opensource taking you 1 or 2 years to have it at that time for the company is no compensate the current cost of license with the current customer service we get 

i don't blame you but is the true i would like someone from the top make a change and deliver to the customer the expectations that we are paying because you product is no free at all 

This issue we already fixed , move in to katello instead to use satellite for more that 1 year is funny you write until now because i know you are planing release 6.2 together with 1.11 foreman

Comment 9 Marek Hulan 2016-03-02 09:38:14 UTC

I'm sorry you feel it this way. All I can say is that me and all other folks working on remote execution plugin are Red Hatters so therefore I'd say Red Hat came with the open source solution thus I think Red Hat cares about the customer.

It's true that the plugin exists for a while, the first instalable version 0.0.1 was released on 14 Aug 2015 ~ 7 months ago. And I'm very happy that Red Hat stabilizes it first because, frankly, first versions of remote execution were simply not production ready.

Thanks for the feedback about the release frequency, maybe we can consider making releases more often.

Comment 10 Stephen Benjamin 2016-03-24 19:09:12 UTC

Verified.

This will work with remote execution, you need only provide your script to Satellite and schedule it on the time basis you want (e.g. every 90 days).  As you can write the script in any language, you can generate the password randomly if you wish.

Additionally, remote execution jobs can take inputs, so you can also make the job take an input for the new root password.

Thanks for the RFE.

Comment 13 errata-xmlrpc 2016-07-27 09:13:39 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1501

Note You need to log in before you can comment on or make changes to this bug.