The repository aims at reproduces the SSH and sudo authorization setup. However, instead of spinning up docker containers to execute the ssh and sudo instructions, it performs the sudo authorization on a linux setup running as the pipeline agent on Github workflows.
- Open Policy Agent
- An understanding of Linux & Linux PAM
- Github workflows
The solution consists of two services: client and a server. The server is located at the URL: http://opa-auth-server.herokuapp.com/ and is running an opa server with the sudo policy.
Whenever an opa configured system runs a sudo command, the OPA PAM Client connects to the OPA Server for authorization. The successful execution of the sudo command in the client depends upon the outcome of the policy evaluation.
All steps and configuration to reproduce the OPA PAM Setup on the Github pipeline can be found here. Explanations of each step can be found in the comments.
-
Local Setup (Ubuntu-20.04)
-
Pipeline setup (Ubuntu-20.04) HERE
Please checkout the repository that spins up the remote authentication server here.
The setup is a POC only and contains several security loopholes. Please do not use it for production.