Full Disclosure mailing list archives
Re: Removing FIred admins
From: Gerhard den Hollander <gerhard () fugro-jason com>
Date: Fri, 13 Feb 2004 15:38:07 +0100
* James Patterson Wicks <pwicks () oxygen com> (Fri, Feb 13, 2004 at 08:06:57AM -0500)
Only the senior administrator and the CTO have the root password to the Unix systems. The senior admin does not "own" and servers, but is the manager for all of the other admins. Could he get mad and make changes to the interpreter, but the server "owner" would notice this and check the changes against the change management log. Any unusual events would be sent to the CTO.
So, what would happen if the senior admin ``forgets'' to install the kenrel patch (the one that gives root access if exploited) on one of the not-so-often used linux servers ? And how do you check that the patch being applied is indeed the patch he sais it is ? And not the minor vulnerability patch, that also includes a hacked xload ? or .... As you say
Like you said, there is no magic button to press and instantly remove an admin's influence from an enterprise. BUT if you have a good process in place that leverages existing technologies, you can do a good job of protecting your enterprise. Admins leave companies all the time, but enterprises continue to operate without a problem.
Yes, but not so much out of technical barriers (because if your admin is good, he can bypass them, and if he isn;t you wouldn't have made him senior ;) ) as well out of social or legal barriers.
If all else fails, make sure that the company lawyer is in the office when you fire the admin. A good threat can go a long way.
We are working on something called "The Button", which is nothing but small script that activates a series of scripts that change all root, local and domain administrator passwords on our Unix and Windows servers when run.
And changes all user passwords, and all webserver accounts and all ftp accounts and all email passwords I assume ? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Re: Removing FIred admins, (continued)
- RE: Re: Removing FIred admins Steve Wray (Feb 13)
- RE: Re: Removing FIred admins Michal Zalewski (Feb 13)
- RE: Re: Removing FIred admins Steve Wray (Feb 13)
- Re: Re: Removing FIred admins Valdis . Kletnieks (Feb 13)
- Re: Re: Removing FIred admins Benjamin Schweizer (Feb 14)
- RE: Re: Removing FIred admins Steve Wray (Feb 14)
- PC/DRM Turing-completness (Re: Removing FIred admins) Martin Mačok (Feb 14)
- Re: Re: Removing FIred admins Valdis . Kletnieks (Feb 13)
- Re: Removing FIred admins Gerhard den Hollander (Feb 13)
- RE: [inbox] RE: Removing Fired admins Curt Purdy (Feb 13)