[clug] Detecting malicious former employees

Robert Edwards bob at cs.anu.edu.au
Mon Sep 11 05:43:20 GMT 2006

Take them out of all the sudoers lists on all machines. If they
re-appear in any of them, take them to court and sue 'em (you did
get them to sign a document stating that they wouldn't attempt to
gain access to the machines?).


Bob Edwards.

John Fletcher wrote:
> Hi guys,
> I'm looking for some advice about precautions to take when a potentially
> malicious and highly priviliged (previously had root pw) employee leaves an
> organisation.  Can anyone give me some advice about precautions to take and
> especially where to look to detect possible attempts to gain access or
> engage in malicious activity?
> In this particular case we're talking about linux firewall, PPTPD,
> mailservers, and various other bits and pieces.  Most work done from remote
> locations, not onsite.
> Thanks,
> Fletch.

More information about the linux mailing list