SwiftOnSecurityWe have this system at work where you have to manually read and type out the estimated number of impacted systems before it lets you issue a command.
Ultimate pucker factor when it starts hitting tens of thousands, then you go back and rethink this deployment strategy a bit.
Rob Russell@SwiftOnSecurity At 3 different global banks, I've written a /usr/local/bin/sudo script as a wrapper for /usr/bin/sudo
It would take an incident or change number as justification, validate that incidents were open and matched the prod status of the machine, validate that changes were approved and the current time was within the window.
It updated the tickets with $USER did a sudo on $MACHINE at $TIME and stuff.
If you just type "emergency" it let you right in and also paged your boss.