[clug] Detecting malicious former employees
Robert Edwards
bob at cs.anu.edu.au
Mon Sep 11 05:43:20 GMT 2006
Take them out of all the sudoers lists on all machines. If they
re-appear in any of them, take them to court and sue 'em (you did
get them to sign a document stating that they wouldn't attempt to
gain access to the machines?).
Cheers,
Bob Edwards.
John Fletcher wrote:
> Hi guys,
>
> I'm looking for some advice about precautions to take when a potentially
> malicious and highly priviliged (previously had root pw) employee leaves an
> organisation. Can anyone give me some advice about precautions to take and
> especially where to look to detect possible attempts to gain access or
> engage in malicious activity?
>
> In this particular case we're talking about linux firewall, PPTPD,
> mailservers, and various other bits and pieces. Most work done from remote
> locations, not onsite.
>
> Thanks,
> Fletch.
More information about the linux
mailing list