Installing the client on remote servers

Best practices for remote installation

Installing cased on Remote Servers

The cased command-line program can be installed to remote servers (such as
bastion hosts) both on the system-level or in containers.

Let's walk through an example of setting up the program on a bastion host in order to
guard psql.

If you have multiple ssh user accounts, which is generally a better practice,
you can simply run cased configure <user-token> for each user.

If you have a shared ssh account, you should create a single Cased user for
that account. For example, you may want to use a Cased account like
[email protected] if all your users use the same ssh account to access the host.
Approval requests and audit entries will be associated with that username.

In both cases, for easy automation we recommend the use of a short script, suitable
for your particular setup, that runs cased configure when you provision instances or containers.

Here is a simple, complete example using yum (this example also installs python3, a requirement, as well as psql itself):

sudo yum install -y git python3 && \
sudo mkdir -p /usr/local/lib/python3.7/site-packages/ && \
sudo yum install -y postgresql-libs-9.2.24-1.amzn2.0.1.x86_64 postgresql-9.2.24-1.amzn2.0.1.x86_64 && \
sudo /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/cased/guard-install/HEAD/install.sh)" && \
cased configure $TOKEN && \\
eval "$(cased-init -)"

where $TOKEN is the token for that user. Additionally, as with a local install,
you'll want to make sure that this line:

eval "$(cased-init -)"

is added to each user's .bashrc or similar file.

Questions? Contact us.
FAQ


Did this page help you?