[clug] Detecting malicious former employees
Tomasz Ciolek
tmc at vandradlabs.com.au
Mon Sep 11 05:49:46 GMT 2006
All that, and change all the root passwords on servers and admin
password on routersand run chkrootkit utility.
Tomasz
On Mon, Sep 11, 2006 at 03:43:20PM +1000, Robert Edwards wrote:
>
> Take them out of all the sudoers lists on all machines. If they
> re-appear in any of them, take them to court and sue 'em (you did
> get them to sign a document stating that they wouldn't attempt to
> gain access to the machines?).
>
> Cheers,
>
> Bob Edwards.
>
> John Fletcher wrote:
> >Hi guys,
> >
> >I'm looking for some advice about precautions to take when a potentially
> >malicious and highly priviliged (previously had root pw) employee leaves an
> >organisation. Can anyone give me some advice about precautions to take and
> >especially where to look to detect possible attempts to gain access or
> >engage in malicious activity?
> >
> >In this particular case we're talking about linux firewall, PPTPD,
> >mailservers, and various other bits and pieces. Most work done from remote
> >locations, not onsite.
> >
> >Thanks,
> >Fletch.
>
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
--
Tomasz M. Ciolek
*******************************************************************************
tmc at vandradlabs dot com dot au
*******************************************************************************
GPG Key ID: 0x41C4C2F0
GPG Key Fingerprint: 3883 B308 8256 2246 D3ED A1FF 3A1D 0EAD 41C4 C2F0
Key available on good key-servers
*******************************************************************************
More information about the linux
mailing list