Remote Linux Admin Consultant - Best Practice [closed]

root

We are engaging a consultant in India as our Linux Administrator. We don't know him well and he requires Root access to all our servers to do his job (including a security audit).

What is the best practice for enabling a remote consultant for such work such that we are protected against any malignant activities?

Thanks in advance.


Solution 1:

Don't. Also, you're in as much danger of ineptitude as malice from what I've seen of the typical way companies handle this.

I'd like to say, there's probably great system administrators out there in India, but the way many companies do things is terrible.

If you're going through a body shop, you're also likely seeing a pretty big cut go to them, and many of them are unlikely to have properly vetted their employees. I've talked to three, one of whom I worked for and none of them have done any technical interviews.

So, if you must hire someone remotely, for god's sake, interview him yourself and make sure he knows his work. System administration is far too important to hand over to someone blindly

Now that I've handled the "ineptitude" part of it,

Administration is a pretty broad phrase. And someone with root access can do anything. Now, personally I think creating an account for the admin, and giving him the ability to elevate himself through sudo is a better idea (which your config management system should handle if you have many servers). That said, even that relies on a certain amount of trust. There's so many stories out there of the sheer damage a disgruntled sysadmin can do. Change all your passwords? Sure you could get in eventually, but its not trivial, and it would probably cost more than you're saving.

So, consider a local. If not, consider someone you have vetted yourself and have directly hired.

Solution 2:

As has been mentioned, don't do this.

The only way you'll be able to protect yourself is by doing something like this:

  1. Insist that the consultant use a configuration management system of your choosing.
  2. The consultant will write configuration management manifests for the actions you need completed.
  3. The consultant will test the manifests on a test system.
  4. When ready, the consultant will commit the configuration to a code repository.
  5. All changes are reviewed by either a member of your staff or another consultant that has absolutely no relation to the first, and has no way of contacting them.
  6. Once the changes are signed off, they are applied to the server by you or a member of your staff. The original consultant should not have access to any of your systems.

As should be clear, this is a very clumsy and inefficient process, but if you insist on accepting work from a non-trusted individual, this is one way to handle things.

As I recommended, though, you're much better off hiring a known, trusted individual.

Related

What's The Worst Server Configuration/Setup That You Have Ever 'Inherited' [closed]
Why higher await time for DM multipath device than underlying device?
How do I delete this orphaned Active Directory computer object (preferably with PowerShell)?
How can I run the Ubuntu EC2 AMI images locally?
Implementing dry-run in bash scripts
After Windows 7 SP1 IIS errors with "Invalid application path"
Capturing output of remote process from sysinternal's psexec
How do I configure nginx to accept gzip requests?
How to generate gpg key without user interaction?
Nginx: root path relative to conf file
PostgreSQL ERROR: no more connections allowed
Run nginx as a non-root user