The present invention relates to managing information technology (IT) systems, and more particularly to validating commands that perform destructive actions and other critical IT system activities.
In response to a system administrator issuing a shutdown or reboot command in an IT system in a UNIX® environment, the IT system initiates a corresponding system shutdown or system reboot. If the IT system includes live applications or databases, the system terminates processes associated with the live applications or databases. If there are any database transactions happening at the time of the shutdown or reboot, corruption of data in the database may occur. Thus, if the shutdown or reboot command was unknowingly invoked due to human error, critical business functionalities are lost. In known IT system environments, there is no mechanism to control commands that are knowingly or unknowingly issued by a privileged (i.e., root) user which perform a system shutdown, system reboot, or other critical system activity. UNIX® is a registered trademark of X/Open Company, Ltd. located in Berkshire, United Kingdom.
Role based access control (RBAC) is a known model that controls access to operating systems and software. Within the RBAC model, access is granted based on the roles individual users have in the organization that uses the system. For example, with RBAC, a user administrator can add, change, or delete users without having access to more powerful commands a system administrator can execute and without having access to files a system administrator can access. RBAC solves the problem that may UNIX® systems have where “root” is used to gain complete access in order to do the simplest administrative tasks, which do not require super user access. Financial licensing applies to RBAC and is costly. Additional training is required to support RBAC. In the UNIX® market, it is difficult to find resources with knowledge of RBAC. Furthermore, an RBAC root user can still initiate a shutdown or other disruptive commands without any other stringent control being applied to the commands.
Another known access control system for UNIX® systems is eTrust® Access Control, which protects the information assets of computer centers by checking whether users who request services from the host operating system are authorized to access those services. eTrust® Access Control can be configured to prohibit invoking certain commands, but a root user can stop the eTrust service and then invoke the previously prohibited commands. Furthermore, the commands may be executed from the system console even if the eTrust® Access Control service is running.