One of the features introduced in the 4.15 NetEye release is the Command Orchestrator. The aim of this newly introduced feature module is to allow limited-access NetEye users to execute predefined commands on hosts, without needing full access to the targeted device. Within the Command Orchestrator, the NetEye administrator defines which commands can be executed, by which NetEye users, and on which hosts.
A scenario where Command Orchestrator can be of great help to a company is when an IT operations team, in order to reduce the MTTR (mean-time-to-repair), needs to delegate a set of recurrent operations on their systems to a group like a support team, but without giving them privileged access to the machines. With the Command Orchestrator, the NetEye admin can configure the commands needed to perform these recurrent operations, and the support team can then execute these commands through the Command Orchestrator as well.
Currently the Command Orchestrator allows for 3 types of commands: Local, Remote and Weblink.
For the execution of the Local and Remote command types, the Command Orchestrator relies on the Execute Command Icinga2 API. This API was recently developed by the NetEye R&D team in collaboration with the Icinga2 developers.
Allowing limited NetEye users to execute commands on remote hosts is a very powerful feature, which could however have potentially raised security concerns if it was not well designed.
For this reason, the following user restrictions were introduced by design in the Command Orchestrator in order to avoid allowing them to perform unwanted actions:
In order to allow for easier management of commands in the Command Orchestrator, we also decided to give the NetEye admin the possibility to create groups of commands, with groups recursively containing other groups, so to form a tree structure where the leaves are the commands. Again, with the goal of keeping configurations simple, users’ permissions are configured directly on command groups, so that redundant and error-prone configurations can be avoided.