lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <D89E9C009C6E5B4381DCBE89CA703CEE02EF9CF0@MI8NYCMAIL04.Mi8.com>
From: pwicks at oxygen.com (James Patterson Wicks)
Subject: Removing FIred admins

Only the senior administrator and the CTO have the root password to the
Unix systems.  The senior admin does not "own" and servers, but is the
manager for all of the other admins.  Could he get mad and make changes
to the interpreter, but the server "owner" would notice this and check
the changes against the change management log.  Any unusual events would
be sent to the CTO.

Like you said, there is no magic button to press and instantly remove an
admin's influence from an enterprise.  BUT if you have a good process in
place that leverages existing technologies, you can do a good job of
protecting your enterprise.  Admins leave companies all the time, but
enterprises continue to operate without a problem.

If all else fails, make sure that the company lawyer is in the office
when you fire the admin.  A good threat can go a long way.

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Volker
Tanger
Sent: Friday, February 13, 2004 2:51 AM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Removing FIred admins

Hi!

> We are working on something called "The Button", which is nothing but 
> small script that activates a series of scripts that change all root, 
> local and domain administrator passwords on our Unix and Windows 
> servers when run.

The ex-admin had ROOT access to "his" servers, right? So he can change
ANYTHING, right? Including the script, e.g. like NOT changing passwords
or adding secret admin-level accounts, right?

You said "script", so it uses BASH, PERL or something. ROOT can change
anything, right? So he could have changed the BASH, PERL interpreter or
something, right?

There is no technical solution to a social problem - well, except in
this case maybe reformatting the disks and reinstalling from scratch and
clean media.

Sorry

Volker Tanger
ITK-Security

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


This e-mail is the property of Oxygen Media, LLC.  It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster@...gen.com and destroy all electronic and paper copies of this e-mail.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ