I'm currently working on a project in my internship at an organisation, and it is honestly a bit of challenge, so I hope you guys can help me out.
Background:
The organisation I'm working in has a production environment of 120+ servers, mostly Redhat and a few Windows machines, managed with Puppet. The Windows machines are basically just loadbalancers, so they are outside the scope of this project. As it is now, everyone logs in with the root account, which should be self-explanatory why that's a huge problem for various reasons.
So, the goal of my project is setup an authentication and log system that uses the existing Active Directory user accounts, to grant users access to the production environment. I've chosen to do this with realmd/sssd. My plan is to setup two servers to handle authentication and logs, and let the rest of the servers authenticate against those, and send logs to them.
Question 1:
As already mentioned, I want to setup two servers to handle authentication, and my question is; how do I configure the rest of the servers to authenticate against those? For example; if someone SSH into a machine, that machine should contact the auth servers for authentication, and if they doesn't have the credentials stored in the cache, the auth servers should authenticate against the Active Directory.
Question 2:
What are the best practices and software to monitor logs? I want to log login attempts, succesful logins and the commands users are executing.
Question 3:
I want to manage what the users can do in the environment, what commands they can execute and resources they can access. What are the best practices for this?
I know it's a lot of questions, and I hope I've explained myself clearly, english is not my primary language. I'm working completely alone on this, and my manager/coworkers are not really of any help. I feel a bit lost at this point, so I would really appreciate any inputs.