Full Disclosure mailing list archives
RE: Removing FIred admins
From: "James Patterson Wicks" <pwicks () oxygen com>
Date: Fri, 13 Feb 2004 08:06:57 -0500
Only the senior administrator and the CTO have the root password to the Unix systems. The senior admin does not "own" and servers, but is the manager for all of the other admins. Could he get mad and make changes to the interpreter, but the server "owner" would notice this and check the changes against the change management log. Any unusual events would be sent to the CTO. Like you said, there is no magic button to press and instantly remove an admin's influence from an enterprise. BUT if you have a good process in place that leverages existing technologies, you can do a good job of protecting your enterprise. Admins leave companies all the time, but enterprises continue to operate without a problem. If all else fails, make sure that the company lawyer is in the office when you fire the admin. A good threat can go a long way. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Volker Tanger Sent: Friday, February 13, 2004 2:51 AM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Removing FIred admins Hi!
We are working on something called "The Button", which is nothing but small script that activates a series of scripts that change all root, local and domain administrator passwords on our Unix and Windows servers when run.
The ex-admin had ROOT access to "his" servers, right? So he can change ANYTHING, right? Including the script, e.g. like NOT changing passwords or adding secret admin-level accounts, right? You said "script", so it uses BASH, PERL or something. ROOT can change anything, right? So he could have changed the BASH, PERL interpreter or something, right? There is no technical solution to a social problem - well, except in this case maybe reformatting the disks and reinstalling from scratch and clean media. Sorry Volker Tanger ITK-Security _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster () oxygen com and destroy all electronic and paper copies of this e-mail. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Removing FIred admins, (continued)
- Re: Removing FIred admins gadgeteer (Feb 12)
- RE: Re: Removing FIred admins Steve Wray (Feb 13)
- RE: Re: Removing FIred admins Michal Zalewski (Feb 13)
- RE: Re: Removing FIred admins Steve Wray (Feb 13)
- Re: Re: Removing FIred admins Valdis . Kletnieks (Feb 13)
- Re: Re: Removing FIred admins Benjamin Schweizer (Feb 14)
- RE: Re: Removing FIred admins Steve Wray (Feb 14)
- PC/DRM Turing-completness (Re: Removing FIred admins) Martin Mačok (Feb 14)
- Re: Removing FIred admins gadgeteer (Feb 12)
- Re: Re: Removing FIred admins Valdis . Kletnieks (Feb 13)
- Re: Removing FIred admins Gerhard den Hollander (Feb 13)
- RE: [inbox] RE: Removing Fired admins Curt Purdy (Feb 13)