Remote Linux Admin Consultant - Best Practice [closed]

We are engaging a consultant in India as our Linux Administrator. We don't know him well and he requires Root access to all our servers to do his job (including a security audit).

What is the best practice for enabling a remote consultant for such work such that we are protected against any malignant activities?

Thanks in advance.


Solution 1:

Don't. Also, you're in as much danger of ineptitude as malice from what I've seen of the typical way companies handle this.

I'd like to say, there's probably great system administrators out there in India, but the way many companies do things is terrible.

If you're going through a body shop, you're also likely seeing a pretty big cut go to them, and many of them are unlikely to have properly vetted their employees. I've talked to three, one of whom I worked for and none of them have done any technical interviews.

So, if you must hire someone remotely, for god's sake, interview him yourself and make sure he knows his work. System administration is far too important to hand over to someone blindly

Now that I've handled the "ineptitude" part of it,

Administration is a pretty broad phrase. And someone with root access can do anything. Now, personally I think creating an account for the admin, and giving him the ability to elevate himself through sudo is a better idea (which your config management system should handle if you have many servers). That said, even that relies on a certain amount of trust. There's so many stories out there of the sheer damage a disgruntled sysadmin can do. Change all your passwords? Sure you could get in eventually, but its not trivial, and it would probably cost more than you're saving.

So, consider a local. If not, consider someone you have vetted yourself and have directly hired.

Solution 2:

As has been mentioned, don't do this.

The only way you'll be able to protect yourself is by doing something like this:

  1. Insist that the consultant use a configuration management system of your choosing.
  2. The consultant will write configuration management manifests for the actions you need completed.
  3. The consultant will test the manifests on a test system.
  4. When ready, the consultant will commit the configuration to a code repository.
  5. All changes are reviewed by either a member of your staff or another consultant that has absolutely no relation to the first, and has no way of contacting them.
  6. Once the changes are signed off, they are applied to the server by you or a member of your staff. The original consultant should not have access to any of your systems.

As should be clear, this is a very clumsy and inefficient process, but if you insist on accepting work from a non-trusted individual, this is one way to handle things.

As I recommended, though, you're much better off hiring a known, trusted individual.