| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: volker.tanger at detewe.de (Volker Tanger) Subject: Removing FIred admins Greetings! On Thu, 12 Feb 2004 23:14:28 -0500 Cael Abal <lists2@...you.com> wrote: > Michael T. Harding wrote: > | Anybody know of a checklist or guide to removing access across the > | entire organization for a "retired" admin? > | Mixed environment including Linux, Unix, Windows, Cisco, Nortel > > Wow. Nightmare. If I get the wording right, the admin and company did not part in good terms? Then it really has potential for a real nightmare - especially if the admin had the time AND MOOD to prepare for that. If he did not have the mood to take revenge, your main problem could be that he simply did not care to tell you the passwords, so you can't log in. Bad thing if you don't have config backups... If he's likely to take revenge, act. Fast. The more time he had to prepare, the worse it can become - especiall if he planted a time bomb, that'll affect you in a year or so when e.g. the old, clean backups are long overwritten. If you have to assume being compromised, re-install and re-configure all your systems starting from scratch and clean media (boot from CD, partition harddisc, format HD, install base system, ...) - and start with your most (business) critical systems. Have this done by an admin you trust. Bye Volker Tanger ITK-Security
Powered by blists - more mailing lists